[HCoop-Discuss] Improved Portal Payment Page Preview (Including Stripe!)

Clinton Ebadi clinton at unknownlamer.org
Sat Mar 29 00:36:47 EDT 2014 

Nathan Kennedy <ntk at hcoop.net> writes:

> I voiced my bitcoin complaints on -discuss before w.r.t. coinbase.
>
> My opinion is unchanged; I won't ragequit if we start accepting bitcoin, 
> but I would strongly urge that:
> 1. Any payments are settled in USD so HCoop isn't subject to Bitcoin 
> commodity risk (I haven't read through, I assume that's the case).

Yes, if we ever accept Bitcoin through a payment processor, it will only
be immediately settled in USD. It looks problematic to accept Bitcoin
directly and exchange it later with the recent ruling that you have to
do capital gains magic between the buy/sell price in Real Currency (tm).

> 2. I didn't say this before, but I don't really have a huge problem with 
> previously authenticated users (via credit card) topping up their 
> accounts in bitcoin if that floats their boat. We already know who they 
> are as well as we ever have.  But I would strongly urge that the initial 
> payment be required to be made by credit card.  Or that we have some 
> other minimally meaningful method of verifying identity if someone signs 
> up with bitcoin, which to me sounds like a huge hassle.  Does stripe do 
> this? Their bitcoin page seems to have no information.

Right for new members we're requiring either:

 * A verified Paypal account (a bank says you're who you say you are)
 * A confirmed shipping address (matches the CC# information)

The shipping address is the weaker of the two, obviously. Assuming that
is actually strong enough for our purposes (I think so) then accepting
Stripe from new members right now is safe.

I am not sure any more what Google Checkout required... and we have
accepted that for a very long time.

I do have *some* concerns about us only relying on verified shipping
addresses: it appears that for various prepaid/gift credit cards, you
can register it with an arbitrary name/address which will then pass
verification (!). It's unclear to me how easy it would be to use fake
information, and if we've quietly been accepting them.

At least for Paypal it appears we're OK: the address for a card not
added to the account (where they debit two transactions and ask you to
confirm) will show up as Unconfirmed. 

For Stripe... https://stripe.com/us/help/faq#verify-address I am not so
sure. It kind of looks like a prepaid/gift card could be used and would
pass address/zip verification. 

When they roll out Bitcoin... we just won't opt-in to accepting payments
From new members originating as bitcoin. And then perhaps discuss
accepting it at all, etc.

So, regarding the new portal in general, I think we're just about ready
to start accepting Stripe from current members. I just need to add a few
admin features (accepting/rejecting an uncaptured payment, rejecting a
captured payment) before committing to the new database relations.

I *am* going to implement Stripe as an option for joining... we can put
their checkout widget onto the post-email-confirmation page and
authorize/log the payment with seven days to claim/reject.

However, since it's unclear whether or not we can detect prepaid/gift
cards I am going to leave it disabled. I am going to dig further, and in
the worst case buy a $10 or $20 visa gift card to experiment with.

p.s. it looks like it's good we didn't use Braintree as our alternative
     processor: Paypal just bought them! And they have the same issues
     with identity verfication that Stripe does :(

> On 03/27/2014 06:35 PM, Clinton Ebadi wrote:
>> granito <granito at hcoop.net> writes:
>>
>>> On 2014-03-22 04:06, Clinton Ebadi wrote:
>>>> I've added Stripe support (currently in test mode, you
>>>> can/are-encouraged-to try out the payment experience using one of the
>>>> cards listed at https://stripe.com/docs/testing#cards and any fake
>>>> address). I also improved the Paypal experience a bit.
>>>> ...
>>> Well hello there Stripe! https://stripe.com/bitcoin. Awesomeness will
>>> ensue :D
>>>
>>> Sebastian.
>> This might complicate things a bit: for Stripe to work, we're relying on
>> them charging a credit card which has a valid Name/Address associated
>> with it (no gift cards etc.) and using that as weak identity
>> verification.
>>
>> I know ntk and bpt both had opinions on the matter, so ... discuss.


-- 
Leebert: You don't listen to music.
Leebert: You listen to the audio equivalent of /dev/urandom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 212 bytes
Desc: not available
Url : http://lists.hcoop.net/pipermail/hcoop-discuss/attachments/20140329/493827d7/attachment-0001.pgp

More information about the HCoop-Discuss mailing list