Can't think of anything more concrete, but from a design perspective I'm simply in love with all of Stripe's products. Their design language is really clear, modern, and neat. Take a look at one of their landing pages for example: https://stripe.com/connect
I'm really sorry to hear this. I work at Stripe, and we try our best to help businesses prevent and fight back against disputes (https://stripe.com/docs/disputes). Frankly, disputes suck and are a tough part of running any business, and you're basically right: this system that's run by the card networks often favors the cardholder. Although they don't really have an appeal process, I'd love to take a second look at this payment if you could email me at
(I'm the author of the post.)
Sorry you had trouble with us. We are legitimately restricted in the businesses we can support for credit card processing. We try to be as open and accessible as possible, and we continually work with our banking partners and the card networks to push forward the set of businesses we can support.
This is true not just for new technologies and business models but also for issues like free speech (https://www.eff.org/deeplinks/2012/11/payment-provider-stripe-upholds-free-speech-reactivates-nifty-archives) and DMCA takedowns (https://stripe.com/blog/towards-transparency).
We're not perfect, and we do have fundamental restrictions on what we can do. We want to know of any cases where we've fallen short, and while I can't promise we can change anything tomorrow, I can promise that we'll be constantly working to help support the next wave of awesome things being built on the web.
This. And it has to be used through a payment processor like Stripe, Chase Bank, or Authorize.net. Here's what Stripe says
> Credit card details are not stored on the device or by Apple,
LoL. Be careful. If you ordered a new credit card then banks are now sharing the updated credit card numbers with merchants to avoid losing transaction revenue.
Stripe actually published this information but most merchant accounts are updating vendor cards privately via the card/customer token and not telling the merchants.
From Stripe:
We’ve rolled out support for handling new cards nicely. Now, when you save a customer with Stripe, their card will continue to work even if the physical card gets replaced by the bank. Stripe works directly with card networks so that your customers can continue using your service without interruption.
I know this from work, and we use Stripe to charge our customers. They have something for subscriptions called Smarter Saved Cards, which catches expired cards and gets their updated info to keep charging em. I would assume something like that is happening here.
Edit: Link
Hijacking your comment to post this info. Patreon uses Stripe for their credit card processing. I have dealt with Stripe before for some high volume clients. Their base price model is 2.9% + $0.30. So, first of all, Patreon is tacking on an extra $0.05 per transaction.
Second, is no chance that Patreon pays that high a fee. With their volume, they almost certainly have "Interchange Plus" pricing. That means they get charged exactly what Visa/MasterCard/etc charge for the transaction, plus a small amount to the actual processor. Here are some real interchange rates.
So Patreon is paying maybe 2% + $0.1 per transaction but they bump it higher because nobody understands how the credit card industry works. They're attempting to line their pockets with more money.
This is how it works
1) You never put any info in to the http ("insecure") part of the website, notice how you can't even log in or sign up on greekgodx.network
2) All the things you click on are stored as info in a cookie locally, not sent out to a server or anything, so when you click to add something to cart nobody around you can see what's in your cart because the info is stored in a cookie which needs to be decoded by the server to make sense (and has no important information anyway)
3) When you change pages the cookie is read and decoded, and then which items you have in your cart are listed on the side
4) When you click checkout it will do the same thing except take you to bigcartel's checkout page which actually has HTTPS and is secure because that's what takes in your delivery address and email.
5) Bigcartel uses stripe or paypal to handle payments which is very secure and you have nothing to worry about see : https://stripe.com
Even bigcartel will not see your payment information because the form you submit with your information in it should never touch them and should be handled entirely by stripe or paypal. Ever wondered why when you checkout with paypal it opens a new window popup and you log in there? Exactly, because the website does not actually ever get your info, all they see is that the person with your email has made the payment.
fucking normies
The industry standard for credit card processors these days is 2.9% + $0.30. Patreon is charging five cents more per transaction.
In addition, there is no chance that Patreon pays that high a fee. With their volume, they almost certainly have "Interchange Plus" pricing. That means they get charged exactly what Visa/MasterCard/etc charge for the transaction, plus a small amount to the actual processor. Here are some real interchange rates.
So Patreon is paying maybe 2% + $0.1 per transaction but they bump it higher because nobody understands how the credit card industry works. They're attempting to line their pockets with more money.
Yup, that's one way. We found single word domains actually transfer ownership pretty frequently; do.com for example was owned by squarespace, salesforce, microsoft, and a few others all within the conceivable lifespan of an ssl certificate. Salesforce had a valid cert while squarespace owned the domain. Stripe.com was another example, the previous owner still had a valid cert for a short while.
The second way to exploit this, the easier way, is the DoS way. CA's must revoke certs for domains that the owner didn't renew, within 24 hours of them being made aware. So pick a company, enum all their domains, and find one of their certs still being used, that's shared with a non-registered domain, and then you can potentially pull the rug from under them and revoke their prod cert within 24 hours.
Gets more interesting with CDN's, that often intentionally throw dozens or hundreds of customers on the same certificate. You can basically DoS the CDN, either by intentionally loading domains into their platform about to expire, or just by looking for existing domains about to expire.
Thank you for the feedback.
I'm planning on open sourcing it but I want to clean up the code and document it properly. There are also a few more features I'd like to add before doing a proper release. I was thinking maybe March timeframe.
I use Stripe for payments. It looks like they are testing accepting bitcoin. https://stripe.com/bitcoin
Hopefully I can accept that in the future.
Very disappointed. I like to support multiple creators with small pledges, including Jim. This is now very expensive to do on patreon.
The payment processing fee is quite a bollocks argument. The charge they are doing is roughly what payment providers charge for a single transaction, so if you support 10 creators they take home 90% of this new fee.
/u/Jimquisition will you consider an alternative to Patreon?
> I'm not sure that the fact that a small platform I've never heard of (stripe) is a huge danger.
Passing this off because you've never heard of Stripe or assume they are small (because you've never heard of them?) is like ignoring shenanigans in other industries because you've never heard of Ingram or C&S Wholesale or any number of non-public facing, business to business gatekeepers.
And when you look at the businesses that use Stripe to handle their payment backend, you see a lot of big names. Target, Lyft, DocuSign, NPR, Girl Scouts, Habitat for Humanity, Shopify, Facebook, Squarespace, Kickstarter, Slack.
Doesn't sound small to me.
TL;DR below
Researcher Ian Carroll filed the necessary paperwork to incorporate a business called Stripe Inc. He then used the legal entity to apply for an EV certificate to authenticate the Web page https://stripe.ian.sh/. When viewed in the address bar, the page looks eerily similar to https://stripe.com/, the online payments service that also authenticates itself using an EV certificate issued to Stripe Inc.
This is an issue especially in Safari [See Here] but this can be easily changed as one of the users pointed out in the comments
Safari Preferences, Advanced tab, toggle the "Show full website address" checkbox.
>To enable Bitcoin in Stripe Checkout, simply add the data-bitcoin="true" option when constructing your checkout form, as follows:
<form action="/create_payment" method="POST">
<script src="https://checkout.stripe.com/checkout.js" class="stripe-button" data-key=pk_test_6pRNASCoBOKtIshFeQd4XMUh data-image="/square-image.png" data-name="Demo Site" data-description="2 widgets ($20.00)" data-amount="2000" data-currency="usd" data-bitcoin="true" >
</script>
</form>
>If you are already a Checkout user, this is the only code change you need to make to accept Bitcoin!
From: https://stripe.com/docs/guides/bitcoin
Edit: Bold within code snippets isn't working, but the bitcoin mention is near the end of the code
I'm not sure what you mean about Stripe only accepting US payments, but Stripe will accept payments in over 135 currencies. The list of countries that they allow for merchants is smaller, currently 25 countries.
In my experience it was selling a product that had a 4+ week lead time that concerned PayPal. Apparently it is in violation of credit card merchant agreements to charge a card for a product that isn't in the process of shipping. Conventional credit card processors let you authorize a hold and then charge the card once the product ships, but PayPal doesn't have that functionality IIRC.
A lot of what PayPal gets grief for is actually rooted in credit card agreements. I do think PayPal's customer service could be a lot better, though. On the other hand, managing a chargeback is easier with PayPal than Stripe since PayPal lets you communicate with the customer and upload supporting evidence.
EDIT: All payment processors have rules about this sort of thing, btw: https://stripe.com/blog/why-some-businesses-arent-allowed
Stripe handles businesses of all sizes for all sorts of purposes. They have plugins for most major CMS and websites, and even have Checkout which provides the entire frontend workflow. Plus, most of what you need for a non-enteprise business is barely more expensive than the CC fees, and more feature rich than paying PayPal for their myriad account upgrades.
I use this successfully for a small business and it handles thousands of dollars without a single issue. Honestly, the only reason I feel to still use PayPal is ignorance of the competition or sticking to habit, and neither makes me particularly trusting of a company. I'm sure even a medium sized company would be fine with the standard tier, although depending on the number of sales you perform, the additional support with the Enterprise tier might be necessary.
Major companies like Steam, Stripe, Expedia stopped accepting Bitcoin BTC.
In general, it was because Bitcoin BTC had high & unpredictable fees, slow confirmation times, significant failure rates, and there was a cost to train staff on how to deal with BTC payment problems & questions.
u/iconic_icon Since you are a U.S. citizen (and your global income is subject to taxation no matter where you live), I would strongly suggest creating a pass-through LLC. You can use something like <strong>Stripe Atlas</strong>, to do it.
As a U.S. citizen living abroad, you qualify for the Foreign Earned Income Exclusion (FEIE), which allows you to exempt up to 105,900 of your income per year (as of 2019) from being taxed.
With a LLC, there's no corporate/business tax. Everything is passed to you tax-free. Moreover, you could set up a Solo 401(k) account. You are allowed to contribute up to 56,000 per year (as of 2019) to it. You can defer most of your taxes using a Solo 401(k).
The standard deduction for 2019 is 12,200. You get to subtract this as well. The remaining amount subject to U.S. federal taxes is exactly 900. The tax rate at this bracket it 10%.
Thus, you'd pay a total 90 dollars in taxes, on your income of 175k.
A MiM attack could change the HTML/JS and capture the card details before data is sent to Stripe's servers.
Even Stripe says you NEED to use https/ssl. https://stripe.com/help/ssl
Do I need to use SSL/TLS on my payment pages?
>Yes, for a couple of reasons:
> It's more secure. In particular, it significantly reduces your risk of being exposed to a man-in-the-middle attack.
Edit. The site is loading content from various third party domains that could gain access to this card details (malicious or not).
After reading your github page, I still have no idea how or why to use your package. I see a lot of fancy terms explaining an overly complex architecture with no instructions on how to actually use it. As a senior engineer whose job is to get things done, I'd have to nope right out of there.
Let's say I wanted to get data from stripe. I could take a look at their api page and know exactly how to use it - they give examples right there on the page, easy!
Or if I wanted to make a standard curl request and scrape a regular page, I could just look into guzzle and boom, there's an 10 line snippet on the frontpage that I could just copy/paste.
But yours? No idea how to use it, or why. Instead I see a detailed guide on how to write my own provider, which I guess is nice ??? but don't care for in the slightest.
TLDR; less technical mumbo jumbo and more practical instructions/explanations
Did you try to request for a new virtual card? Getting a new card number and CVV may solve your issue. If you are using a physical card, try getting a new/replacement card.
Usually, these online merchants (Netflix, Spotify, etc.) uses the same payment gateway. They're likely using Stripe. Once one merchant reports your card as "fraud" or detects unusual activity, it will be labeled as "high risk". Stripe will take note of that and will block the same card whenever it is used on other merchants. It's a security feature Stipe implements that work well for both the merchant and customer.
Until you get a replacement card, try other payment methods. One of which I can recommend is the GrabPay Virtual MasterCard. I like it and you can earn points which you can enjoy for various things such as GrabFood voucher, Lazada voucher, etc.
I was leaning toward Bloomberg all week, but thinking about it more that TaxJar <> Ackman <> Stripe connection is just too strong. How tf did he know that right before they did the acquisition? That timing can't be just a coincidence...
It's possible they got into NDA mid-late Nov after the "can't believe they outbid PSTH" tweet. Stripe spent 6 months hiring like crazy with Ackman's help: Mike Carney, Christa Davies - then couple acquisitions Taxjar now Bouncer (https://stripe.com/newsroom/news)
The Bouncer acquisition might've been the last piece of the puzzle
Stripe Atlas (https://stripe.com/atlas) does everything for you including incorporation, filing for an EIN, initial board docs, stock purchase agreements, invention assignment, for $500 which is pretty fucking awesome. Recommend highly!
Good question actually.
Firstly, the site is SSL secure, you can see the padlock in the browser bar when browsing. This means all your data is encrypted and safe. Secondly, payments take place through the Stripe payment gateway (https://stripe.com), which means we don't actually see your payment details, it's all done through Stripe, a service we actually pay a charge for with every sale.
Customs : We're sending a gift box, so technically marking the gift box is correct. Also, the value of the items is far below the limit for gifts, but if the price was somehow over by a penny or two (which is hugely unlikely) I'd sleep well at night knowing I'd saved my customer from paying double in customs fees for the sake of a cent. It would be a different story if I sent a $100 dollar item and marked it as $50 obviously.
Hey guys, this is Saikat from Stripe. Ross Boucher and I wrote the Javascript referred to here. I'd be happy to address any questions/concerns.
To address the OP, there is not a whole lot going on client-side in the Javascript bindings. The way it works is:
Basically, the only difference here between using stripe.js and not stripe.js is that, when using stripe.js, the form POSTs to us first instead of you (we aren't doing any sort of client-side encryption or anything like that). This has the benefit of both removing most of the PCI burden from you (you don't need to do anything more than fill out the account application we give you) as well as keeping you from having to think through the security implications of having credit cards hit your server (e.g. making sure your logs are scrubbed of card numbers, making sure you aren't ever storing CVCs on disk, making sure you don't accidentally email out all your card numbers onto your mailing list, etc. =). You still need to serve your form over SSL though (as is the case with any checkout page that is accepting credit cards in order to both avoid man-in-the-middle attacks and to give your customers a warm fuzzy feeling).
Hope that answers some of the questions. I'll be lurking here, so comment away.
(Edit: also feel free to come talk to us in our campfire (https://stripe.com/campfire). At least one of us is around pretty much all the time)
For what it's worth, we use https://stripe.com for the payment processing. They're one of the largest processors currently and your card goes straight there, we never see it.
Stripe I believe recently added support for the new payment API standard (which I believe Google pay, Apple pay, etc. all use) - I can look into support for that.
The company we really need to add Bitcoin Cash support is Stripe. They are the THE go to group for online payment processing on websites, which is one of the core use cases for electronic cash. https://stripe.com/ They support BTC today, but I'm sure the high fees are reducing the usefulness of that payment method. So they should be open to Bitcoin Cash and its low fees as an additional option.
It is Stripe. Linda Rottenberg is a common connection.
Linda Rottenberg - Director, Pershing Square SPARC Holdings, Ltd.
Linda Rottenberg - Advisory Board Member, Stripe
Source:
Actually, there’s nothing wrong with decimal per se, but if you use integers, then the unit of the currency would be cents. So you wouldn’t store 1.99, but 199. This is how for example Stripe works, you can see it at work in their API: https://stripe.com/docs/api/balance/balance_object. I think the idea behind it is that you don’t need sub cent precision in financial applications and if you store a price as an integer in cents it’s much simpler.
Stellar's situation isn't exactly like Bitcoins (more on that below), but I don't believe Stellar is a security.
These are Chairman Clayton's exact words (or close to them): >"Let me turn to what is a security. A token, a digital asset, where I give you my money and you go off and make a venture... and in return for me giving you my money, you say 'you know what, i'm going to give you a return, or you can get a return in the secondary market by selling it to someone'".
Most important fact in this analysis, Stellar doesn't sell the xlm it's holding. But to be thorough, what makes Stellar's situation slightly unlike Bitcoin is that it did receive a loan from Stripe in return for 2B xlm. Technically loans can be considered securities, if the note resembles a security. However, it doesn't appear that Stripe ever intended to 'get a return' from the loan. As Stripe stated in their blog post when the loan was first announced: "We're going to auction a majority of our stellars to other interested companies, with any net profits being returned to the Stellar Foundation". It seems that it was truly a loan for seed funding.
Do not store credit card numbers yourself!
In order to do this properly you need to be PCI compliant, which is a long, expensive, and overly complicated process.
Instead you should use a payment processor that will allow you to vault credit card numbers with them, and then charge those customers via a token they give you.
Two of the easiest companies to work with are Stripe and Braintree.
Disclaimer: I'm a developer at Braintree
Businesses could incentivize customers to pay with Nano by offering a small discount. Payments processors take around 3% + $0.25 cents per transaction. You also have to deal with the risk of chargebacks which you get hit with a $15 fee and you lose the money from the transaction.
Customers crave easy of use and a better user experience when paying. Apple / Google have solved one of my biggest UX hatreds of Fiat money which is the fact I have to carry cash or a credit card with me at all times. Eventually there will be a day where all we carry is our phone. I don't think we are at the point yet where it is easier to use Nano then it is to use Apple Pay but I know we are going to get there. In addition there is a trend that is happening in the cryptocurrency space which is custodianship. Custodianship is the idea that the average user is too stupid to handle their own money so they need a bank to handle their money. I personally disagree with this idea but if this takes off, which it will, these custodians will offer the same type of rewards that your Visa, Mastercard, or American Express offer.
The fewer assumptions you have to make, the less room for error there is. This assumption is not true in their feed.
From my experience, you want to keep type conversion to a minimum. Data that goes from a numeric type (int / float / etc) then... converted to a string... then back to numeric type... creates points of failure.
Companies like Stripe denominate in cents instead of dollars ( https://stripe.com/docs/api#charge_object ). You can't put the decimal point in the wrong place. Remember Office Space? "I always mess up some mundane detail...."
>Customer: "What? I have to re add my card myself? It's the same card but expired can't you just update the expiry date?"
To be fair, the better card tokenization services support exactly this without reentering everything. They even partner directly with card issuers to update expiration automatically when possible.
PayPal is the worst possible payment solution for small business. I’m not surprised they did nothing to help you recover your funds, but I am sorry you had to go through that.
I use Square, but that’s because I run a brick-and-mortar business. If your work is all online or digital, you’re better off going with Stripe. Stripe is built to be a payment service for online businesses.
Stripe is integrated into lots of different eCommerce website builders, so if you use Shopify or WooCommerce (for example), then connecting your Stripe account to your website will be fairly straightforward.
F12 is your friend.
​
And for a non-snarky answer; they're using CSS transformations that are driven by JS. You could probably code the keyframes by hand but it'd be a real pain. The JS is all in this file if you're interested in digging into it. https://stripe.com/assets/compiled/js/issuing-7a33508d57f61713b738.min.js
The card is just a div with a hidden overflow. The text within is moved up and down within that frame while the whole thing is rotated. It's a cool effect for sure.
before you retards flood this thread like last time, yes I know they are calling an https endpoint that stripe provides, however, this doesn’t prevent MiM attacks. All it takes is one of those shitty website interactions you see in the console to have malicious code and grab your credit card info. Stripe’s own page says not to use HTTP.
~~In case you still don’t get it, it is literally sending a rest call in plaintext through however many hops are between your computer and stripes endpoint~~ this isn't exactly correct
'authority: api.stripe.com' key=pk_live_S0TXwEgW2Trl3FWR08HI3Gas&payment_user_agent=stripe.js%2F9dc17ab&card[name]=Feed+Nana&card[number]=4539645508327461&card[exp_month]=02&card[exp_year]=2022&card[cvc]=815&card[address_zip]=10020' --compressed
Stripe’s own documentation tells you to do it. https://stripe.com/docs/security
> “Payment pages must make use of a modern version of TLS (e.g., TLS 1.2) “
Not only that but also as a business using a third party, even if you don’t store credit card info you need to be pci compliant anyway, just a less stringent version
>“All Stripe users must validate their PCI compliance annually. Most users can do this with a Self-Assessment Questionnaire (SAQ) provided by the PCI Security Standards Council. The type of SAQ depends on how you integrated Stripe and which of the methods below you use to collect card data.”
I’ll be sure to notify stripe of this issue.
https://support.stripe.com/contact/login
Stunning work compound media CTO.
Skip the libraries, and integrate directly via Braintree. This will give you credit cards and PayPal. We did something similar with PayPal’s REST API at edX: https://github.com/edx/ecommerce/blob/master/ecommerce/extensions/payment/processors/paypal.py . The Stripe integration is more akin to what you’d do with Braintree: https://github.com/edx/ecommerce/blob/master/ecommerce/extensions/payment/processors/stripe.py
Also, unless you absolutely need PayPal (wallet), Stripe is also a good processor: https://stripe.com/
No. When a Credit Card expires the user gets an identical card number, but a new expiry date (Required for authorization) and a new CVV/CVC (Also required for authorization), when this occurs, any services that use said card are invalidated. Most other information on the card (Start date, Name) isn't required for authorization and can be altered to your choice per site (Which I personally do, I rarely provide my real name).
Anyway, the whole credit card system is broken as fuck, there's no way (currently in the UK, I know some banks in America to provide this functionality) to create monetary limits per service or to have a unique CC per site. I hate the fact that the same number I trust to Amazon is also used to pay "lolrandomsite.biz", and it's also the same number that Amazon requires to recover my forgotten password.
And what really gets on my nerves is fucking sites like Stripe. Fuck Stripe. They think it's okay to let the site submit the CC details to them? So that it goes from you, to the site, to stripe? Fuck no. Why should I trust the site? I trust you, the payment processor, not "lolrandomsite.biz". Stripe needs to disable their on-site applet (Which can be manipulated via javascript on the host site) and their site payment API (Where the site provides the CC information) and force the fact that users must be redirected to https://stripe.com for the payment, then redirected back afterwards, either do that, or at-least make it a requirement for sites using Stripe, so that a user can chose to either give Stripe the information or Stripe&The site.
You can actually get started now with Stripe. https://stripe.com/docs/guides/bitcoin_beta
If you use Stripe Checkout, it's a fairly easy integration, though probably not as nice as Coinbase.
Not a bad idea to wait until it gets out of beta, though, I recall a few rough spots.
I hear your frustration about Microsoft, but I am honestly not sure why they are all being directed towards us, a small team trying to offer a better productivity suite for students, creatives, developers, and remote teams like ourselves.
Thanks again for your comment, hope this addresses some of your concerns!
Why Stellar (XLM)?
Most transacted crypto making it the "people's currency" https://coinstats.network/
Stellar is an Official Chain for USDC (the world's largest stable coin) https://www.circle.com/blog/usdc-for-stellar-coming-to-circle
Stripe (multibillion dollar, global payment proceesor) invested in and partnered with Stellar https://stripe.com/blog/stellar
Don't ignore the writings on the wall and don't be fooled by market price fluctuations.
In the long run, value and utility outweigh hype and promotion. XLM is extreme value in the long run.
It's not in a tweet itself, it's in the article that the tweet /u/CoinMeh posted links to: https://stripe.com/blog/ending-bitcoin-support
> Despite this, we remain very optimistic about cryptocurrencies overall. There are a lot of efforts that we view as promising and that we can certainly imagine enabling support for in the future. We’re interested in what’s happening with Lightning and other proposals to enable faster payments. OmiseGO is an ambitious and clever proposal; more broadly, Ethereum continues to spawn many high-potential projects.
I don't think anyone has mentioned it yet, but Stripe recently came out with a very nuts-and-bolts guide.
https://stripe.com/blog/atlas-guide
It's written by Patrick McKenzie, who is an OG for starting internet businesses. Here's his site, he has a ton of blog posts that could help you out.
Really cool page too https://stripe.com/bitcoin
They are the biggest online payment processor in the world. They are used by Shopify, Instacart, Facebook, Twitter, Kickstarter.. and more importantly, almost every startup in the valley.
lurking in here but we haven't had any UW co-ops yet :( (I'm working on fixing that). To answer your questions
1) Our intern interview process is much like our process for full-times, which is described in detail here.
2) We treat our interns just like we do our full times. Same responsibilities and ownership. To give a sense of numbers we had 3 interns last summer but we don't have a hard limit.
If you're interested feel free to apply at on our jobs page or ping me at
JSON:API calls it "Inclusion of related resources".
Stripe's API supports what they call "expanding objects", where you can pass '?expand=computer' and instead of {"computer": 1234}
you will get back {"computer": {"id": 1234, "name": "..." } }
.
I tend to call it "including" if it's adding the object to the response and "expanding" if it's replacing an ID.
You can read more about the Bitcoin functionality here: https://stripe.com/bitcoin
In terms of what we're doing with Bitcoins (for more information see http://www.grooveshark.com/terms), we're converting them directly to USD, currently.
We don't take paypal - it doesn't work with how we manage payments (not charging until after the campaign is closed).
If you're worried about security, we use Stripe - you can read more about their security here: https://stripe.com/help/security
For easier reading: Navigating PCIDSS
Also, if this does fall under PCIDSS, you're making more work for yourself than its probably worth. Consider outsourcing any payment handling to a third party service like stripe
https://stripe.com/docs/webhooks/best-practices#event-ordering
> Your endpoint should not expect delivery of these events in this order and should handle this accordingly. You can also use the API to fetch any missing objects (e.g., you can fetch the invoice, charge, and subscription objects using the information from invoice.paid if you happen to receive this event first).
With Stripe, they'll encrypt+tokenize payment details, giving you a unique id for those payment credentials. That way you can store info in the most limited fashion in your db and still be PCI compliant. You can even store CVC/CCVs & pull them back later.
https://stripe.com/docs/payments/save-during-payment#web-recollect-cvc
Chargebacks also usually incur a large fee on the vendor. So in addition to the lost revenue from your purchase, they have an additional amount they need to pay to the payment processor.
Where I work, we ban people from our events if they do a bogus chargeback until they pay the amount + fee.
Yeah or Stripe was a seed investor in Stellar, owning Hundreds of Millions of dollars worth of the #7 crypto (2% of the total supply) https://stripe.com/blog/stellar - while not actively promoting it or favouring it.
They're CLEARLY letting the market play out before strategically entering
"enemy of crypto"
I think the merchants used a terminal that accepted bitcoins but, in the end, used a payment gateway that converted that to USD.
Services like https://stripe.com/bitcoin do exactly that. As a merchant, you accept bitcoin but use an exchange to get a USD credit. As soon as those exchanges fail, say during an economic crisis, they'll stop accepting BTC.
My recommendation would be Stripe Connect https://stripe.com/connect
Stripe in general is great to work with. Connect makes it basically as simple as each charge having a sender and receiver. The handle mostly all of the middle ground. Fees are charged per transaction so you'd have to find some way to monetise it i guess.
If you've got more questions after you look through the above link then let me know.
Well, you should have some fun with this one then, since you won't actually be making any money from him. Wave payment are processed by Stripe, and you are subject to their chargeback rules, meaning you won't get to actually keep any purported payments. https://stripe.com/us/terms#section_c
Mention to him that you are happy to work with him, but you have learned that it is risky to send money to third parties on behalf of someone you just met, so you won't be doing that aspect of it, and see what he says.
I'm the same way with many of the sketchier bundle sites but I think for Humble you're probably safe. They use Stripe to process their payments (if you look at the html for the credit card form it shows it) and for that they use the Stripe checkout library.
So the way this Stripe checkout library works is that the input fields do not have a name attribute on them so they're not sent to the server so you're credit card information is never actually sent to Humble Bundle. What happens instead is it's sent to Stripe via javascript over ssl and a token is returned which is then submitted with the payment request. On the backend they fetch the charge record from the token that's sent and they're able to process the transaction on it. Stripe is level 1 PCI compliant so you're very safe there. https://stripe.com/help/security https://support.stripe.com/questions/do-i-need-to-be-pci-compliant-what-do-i-have-to-do
The only areas you really would need to be concerned about related to their processing would be if either:
But the last object could happen anywhere and it's unlikely to happen.
I think that would cover the main concerns from their credit card form at least.
It looks like the types of businesses that they process transactions for are the exact same businesses that Stripe prohibits on their own platform: https://stripe.com/restricted-businesses
What does this mean? Paysafe found a good niche? Or they’re too high risk to be worth dealing with?
the video is robin's and my favorite! the bold and ambitious, the nostalgic yet launching into the future, ... it builds contracts to the rest of the web page that are highly technical and specific.
well, we are now designing a new video or visual asset that are more illustrative – like this, or that, or what's not. how about a $5k community competition for best design?
Seeing this comment, I did a little research. I had no clue Stripe provided seed funding to Stellar!
Stripe dumped Bitcoin because the transaction fees were high. Stellar would be a natural alternative, ESPECIALLY with USDC coming in Q1 and the high yield USDC business acounts.
The agreement was that if/when they sold any, all profit would go back to the SDF,
Edit: Source: Stripe Blog Post - July 31, 2014
“A couple of months ago, Stripe contributed $3M to help get the project going. In return, we received 2% of the stellars. However, the project is not run by Stripe. We just believe that a system with properties like Stellar's should exist in the world, and we heartily encourage anyone interested to participate in its development. We're going to auction a majority of our stellars to other interested companies, with any net profits being returned to the Stellar Foundation”
You could ask for their Stripe api keys and pay them that way, or Stripe Connect looks promising (I think that's what Lyft uses, not sure though).
Funny this should come up. Just read this post from the Stripe blog the other day. I think you'll be pretty stoked on the info - it has exactly what you're asking for, code snippets and all!
100% Stripe. Having switched to it from Paypal myself recently, I'm completely sold on the platform. Their dashboard is easy to use, their API is extensive and integration was a breeze. They have code examples for almost all languages. For example, using their PHP code example and library, I was able to replace our Paypal implementation with a working Stripe replacement in 2 hours.
Previously, they didn't support European payment options like Bancontact so we couldn't it them, but now they do and it's a blessing.
The publishable key is meant to be used in code that may be public (such as JS, Android app, etc), so they can't be "compromised" in the sense that something bad may happen.
Publishable keys only allow you to create tokens, which are used instead of holding sensitive card information. Even if you created a token and tried to use it, the stripe API would disallow requests without the proper secret token on the server.
All in good time. But it's definitely XLM.
It's the only project that Stripe is in bed with (largest online payment processor on the planet) - and they're now starting to hire crypto engineers.
https://stripe.com/jobs/listing/staff-engineer-crypto/3495406
Stellar will absolutely explode if it starts being used by Stripe.
I don't think we really disagree. The problem is, we don't always get to define what a "breaking change" is. It's good to do what, say, Stripe does (https://stripe.com/docs/upgrades#what-changes-does-stripe-consider-to-be-backwards-compatible) and document it, but API consumers are really fickle. Fickle enough that it's frequently worth keeping old versions of API code around forever.
I do, though, disagree about how much up front work people need to put into APIs. It varies by product, obviously, but APIs are just like anything else — you probably don't know what it needs to do when you build it from scratch. And given the choice between a ton of up front architecture and being able to make it do what users are asking for, I'd go with "I can keep building this" almost every time. It's really important to treat these things as living code AND make sure you're not breaking early users without them realizing it.
Stripe (for major credit cards) charges 2.9% + $0.30 per charge (Stripe's beta Bitcoin pricing is undisclosed): https://stripe.com/us/pricing
BitPay charges $30 a month per domain, for zero transaction costs: https://bitpay.com/pricing
Coinbase charges a 1% fee to exchange bitcoins into standard currency, only after $1million in sales: https://coinbase.com/docs/merchant_tools/pricing
It seems hard to find a definite source for major credit card transaction costs, but most sources claim 2-4% + some membership fee based on the number of monthly transactions.
Granted, cost analysis is more complex than this because most payment processors provide individual deals for large customers.
It uses my technique of rendering a ton of particle using ThreeJS’s Points. All other effects are done in shaders!
I like Stripe's approach here. They accept a user-generated string in the <code>Idempotency-Key</code> header which can be used with any POST api request. It caches the full http response and will return it again given the same idempotency key.
Beautiful. My all-time favorite is still their payments page, though. I giggled like a child when I realized that the "editor" on the right in the "DEVELOPER-CENTRIC" section is actually interactive and not just an image/gif.
Whatever you choose, understand that it takes years to become proficient in webdev, so take things one step at a time.
It sounds like you enjoy writing CSS. I noticed you didn't mention SCSS, so I would recommend learning that.
If you want something to aspire towards, check out stripe.com.
Not trying to be rude here, but I would recommend waiting until you're more experienced before handling people's sensitive information and money.
Edit: You may want to look at Stripe. https://stripe.com/docs/stripe-js My understanding is that Stripe.js allows transactions to go straight from the user's browser to Stripe, so it doesn't have to go through your servers. That eliminates the need for PCI compliance (https://en.m.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard).
This topic is too broad to fully answer here, especially without knowing anything about your dev stack. But from what I remember of PayPal, you can either have a Buy Now button that redirects to the payment page for the product (actual page navigation, not AJAX), or you can issue yourself an API auth token in PayPal that you can use to send the payment info via AJAX to their web service.
I would do option one since it is easier and has less security implications.
Within the config for the Buy Now button, there are options to have the PayPal server send an HTTP request to your server with the transaction info. You'll need to set up a web service to handle the request and process it accordingly. You'll need to look at the PayPal docs for info on what the HTTP request payload contains and how the data is structured.
The config also has a return URL for where to send the customer after the transaction is complete.
Keep negotiating until you're happy with the contract. This needs to be a win/win for both sides.
Have you seen Stripe's "Founder's Guide for Equity"? https://stripe.com/atlas/guides/equity - written by Patrick "Charge More" McKenzie.
Not totally true - I run a service that uses stripe and several that use authorize.net. I can see full information from recurring members billings with the exception of their full credit card number.
If you're a developer it's easy to retrieve customer information: https://stripe.com/docs/api#retrieve_customer
Looks like it's a canvas and they animate it with some JS here: https://stripe.com/assets/relay/hero-b8a085697fcd7d92e0c5e6dccb1194d7.js
If you de-uglify it, it looks like it finds the bounds of where the icons are and then animates a random SVG shape (e.g. https://stripe.com/img/relay/products/triangle-solid-red.svg) from the center towards each icon.
For the hexagons, it looks like it's drawing the hexagons in the JS and moving the dot along the border (a random vertex).
The background gradient is just a CSS radial gradient.
There are a lot of problems with handling payment processing yourself. It's dangerous to you and your customers. Stripe is a really great service for taking credit card payments (very developer friendly API), and you can use Paypal for all the rest.
Edit: The advice above is if you're set on not taking the Facebook route.
This is usually something your Payment Gateway should be able to handle, so it sounds like you might want to change providers... I would not recormend going through PCI yourself, it will be much easier to switch providers to someone who can handle it for you. You don't mention who/what this "3rd party API" is?
Again, we do not collect cards, it is processed directly with Stripe. Learn more: https://stripe.com/docs/security - we simply integrate with Stripe API for payment.
You are welcome to contact us at www.taskade.com/contact with your Taskade username and we can help with a free personal upgrade. The coupon code is for a full workspace upgrade, meaning anyone that joins your workspace will also benefit, especially if you are a team.
As mentioned above, to properly apply the free coupon upgrades, it is tied to the stripe.com payment system, the coupon does apply full discount and you will not be charged. Nor do we store any credit card information ourselves, it is entirely in Stripe.
Sorry for the inconvenience, don't hesitate to contact us directly. Thank you!
Bill really called it on Stripe being able to easily integrate tax handling into their platform:
Edit: I know this is the TaxJar acquisition, but holy cow was that a fast integration.
Not sure how Fiverr does it, but if you use Stripe, they have a `Connected Accounts` feature where you are the platform but payments go directly to Stripe accounts registered with your platform. If you decide to take commission or fees, it is automatically sent to your own Stripe business account.
Connected Accounts can also be managed by your backend, ie someone registers for your platform without a stripe account will get a stripe account created for them, and they will simply have to connect their own bank account to get payouts.
See https://stripe.com/connect for details. I haven't used Stripe Connect for a while so I can't remember how it all works, but this way there is no tax implications for the payments facilitated through your platform, as far as I remember.
The problem is that Bitpay doesn't want the value of your Bitcoin in USD to fluctuate too much because they're guaranteeing the merchant a certain amount of dollars. So they set the fee so that your tx will be included in the next block or so to avoid not being able to pay the merchants if the value of BTC drops too much. Right now it looks like you need to be paying about 40 sats/byte to get your transaction included in the next block or two.
​
Then Bitpay charges you another fee on top of that for them to sweep your incoming UTXO along with other payments they've received off to an exchange for them to swap it to USD. So you essentially pay double the fees because they want to be able to do these within a certain amount of time to avoid fluctuation in the price of BTC.
​
But honestly, there aren't really that many other payment processors for Bitcoin anymore. Stripe shut down their competing service when the fees went super high during the last bubble. The only other processor that will process BTC into USD for merchants was Coinbase but they no longer offer automatic conversion to USD either because of the fluctuation of the price. Instead you receive whatever BTC you receive from the customer and then you move it over yourself to Coinbase to sell. They used to allow automatic conversion to USD like Bitpay did but basically gave up on doing that because of the same reasons.
​
So for merchants who want to accept BTC but get a guaranteed amount of USD, Bitpay is the only real option. That's why you see merchants accepting Bitpay even though customers get hit with all these fees.
>The Authors content is irrelevent to payment proccessing
HARD PASS for me. I've worked for/with/in the sexual content providing industries on and off since 1995. You don't know what you are doing.
Stripe doesn't pay for porn: https://stripe.com/us/restricted-businesses
>Adult content and services Pornography and other obscene materials (including literature, imagery and other media) depicting nudity or explicitly sexual acts; sites offering any sexually-related services such as prostitution, escorts, pay-per view, adult live chat features; sexually oriented items (e.g., adult toys); adult video stores and sexually oriented massage parlors; gentleman’s clubs, topless bars, and strip clubs; sexually oriented dating service
Good luck, and I honestly mean that kindly. There is a market gap for the service that you offer, but the payment issue is what is keeping other established members of the sex industry from filling those areas. You need to go on AVN and XBIZ, look at what they are saying, and use their workarounds.
We use https://stripe.com for the payment processing. They're one of the largest processors currently and your card goes straight there, we never see it - they just send us a confirmation that the payment went through.
For clarification, we never receive your card information.
If you pay with a card, you will be prompted to enter your card information into a payment dialog; this information is sent to our credit card processor, Stripe, who give us a token we can use to charge that card.
Stripe makes it impossible for us to ever see your full card details; we couldn't if we wanted to.
You could improve this site a lot from a usability standpoint. First and foremost, the site is not responsive and is painful to use on mobile. My advice would be to look into responsive web design best practices using css media queries and implement them into your site. Other than that, the site looks pretty dated visually and the auto scrolling text and banner is unnecessary. Check out examples of modern websites like stripe and try to understand what makes them a pleasure to use both visually and user experience wise. Best of luck!
why would you do it the way you're proposing? why wouldn't you use Stripe Connect - it's literally designed to do exactly what you're describing with a lot less transferring between accounts and a lot more charging/depositing directly to accounts.
Then they should move to a different card-processing company. Stripe costs 2.9% + $0.30 (and when you're dealing with transactions in the thousands, the thirty cents is negligable), which is 7.1% less than the fees they're paying the other company.
Well, in the US you will need to have a big bankroll for required capital holdings and a small team of lawyers to navigate each state's licensing requirements along with federal licensing requirements.
There be dragons, that's for sure.
Example of state license requirement to become a money transmitter: http://www.ct.gov/dob/cwp/view.asp?a=2232&q=297846
Money Services Business (MSB) Registration:
http://www.fincen.gov/financial_institutions/msb/msb.registration.html
Or you can pay the fees for a business that makes an api available that's already gone through all of this trouble like Stripe.
Where in the world are you where $100 is a lot of money to start a business?
You aren't prohibited from directly competing with yourself, set up a Stripe account and sell your game through your own website/blog/whatever. You could even offer the early buyers discounts/perks to build buzz and increase your chances of getting the greenlight on Steam.
I'm on mobile so can't inspect the site but this is how I would do it.
Create a single div for the popup and have a delay on mouse exit before you close it or alternatively have a div surrounding all your items and if the mouse doesn't leave that div then don't close the popup so navigating to the other items will appear smooth. When you hover another item check to see if the popup is already open/visible and if so then change the position of the arrow and then transition the div size (take a look at this for help regarding resize animation) and then change the popup contents and then do a basic CSS animation for the slide effect. The "3d" effect on open is most likely just a CSS transform animation.
I also recommend checking out stripes engineering blog as they have some good posts on there like this one in particular.
This library is more or less a thin SDK wrapper around their rest api. The create method you’re calling makes a POST to the API endpoint below, using the object you pass in as the request parameters
Here ya go: https://stripe.com/jobs/listing/finance-and-operations-auditor/2580376
"Research and stay current on applicable regulatory requirements and (e.g., FFIEC, PCAOB guidance, SEC, etc.), emerging trends and best practice"
"Sound understanding of GAAP, COSO, Sarbanes Oxley Act, and PCAOB Rules"
It wasn't - https://stripe.com/blog/globe - do you know if there is a farm where they are growing these people? Amazing that you were able to dig up an exact clone of a terrible idea. Microsoft will be on this soon, YC funding gaas startups by the hundreds...innovation feels good.
It's possible, but much more difficult than you'd imagine at first blush, mainly due to the legal questions involved with collecting money that is later distributed, which has differing legal requirements by State let alone by Country. You'd be better off starting with a Lawyer than here.
That said, Stripe has attempted to make it a bit easier to navigate with their Connect system... So I suppose you could take a look at that, though know that the only Laravel specific implementation was abandoned, so you would be building out the services yourself.