| ▲ | dylan604 5 days ago |
| you act like it's impossible to get payment credentials that have nothing to do with the user |
|
| ▲ | atomicnumber3 5 days ago | parent | next [-] |
| no, but it is _tremendously_ more difficult than email or even ID scans (unless you're doing actual verification, which is both more expensive and complicated than just charging a nominal fee or even just attaching a Card object to a stripe customer). Just getting to stand on top of an extremely robust existing system (payments) gets you so much adjacent help in keeping bad actors out, or at least getting it down to a human-team manageable level. It can be the difference between a viable business and not. |
| |
| ▲ | makeitdouble 5 days ago | parent [-] | | › extremely robust existing system (payments) It is not, indeed. The first part is its goal: identity is secondary, the main purpose is money. It means a customer can put a fake name and address as long as the money part is considered OK. Most PSPs won't check the cardholder name (it can be used for fuzzy scoring, but exact match is a fool's errand). Address is usually only required for physical goods and won't be checked otherwise. And 3DSecure will shift the blame enough that the PSP won't need to care that much about the details. The second part is the whole mess that comes with payments. You'll become a card testing pot in no time, and you'll be dealing with all the fuss just to check identities, you'll soon be rising the token payment to a significant amount to cover the costs, and before you realize it half your business has shifted into payment handling. | | |
| ▲ | MisterSandman 4 days ago | parent [-] | | Payment systems are significantly more robust than taking a picture of an ID to prove you’re you. |
|
|
|
| ▲ | WarOnPrivacy 5 days ago | parent | prev [-] |
| > you act like it's impossible to get payment credentials that have nothing to do with the user This is incorrect. The parent acts like it isn't trivial to obtain payment methods that aren't linked to the payer. It seems like a reasonable possibility. |
| |
| ▲ | dylan604 5 days ago | parent [-] | | > It seems like a reasonable possibility. For whom? For people willing to be an asshole on the internet? For people willing to stalk other people online? This sounds exactly like the group of people that would look for ways of paying for something in ways not linked to them, even if that means "borrowing" someone else's identity |
|
