(stripe.com)

341 points shedside | 1 comments | 03 Jun 19 11:19 UTC | HN request time: 0.382s | source

Show context

eeke ◴[03 Jun 19 11:34 UTC] No.20082108[source]▶

>>20082032 (OP) #

I’m the PM on Chargeback Protection. Startups told us they don’t want to deal with the hassle and unpredictability of chargebacks; that’s why we built this. Happy to answer any questions you have.

replies(8): >>20082116 #>>20082234 #>>20082270 #>>20082924 #>>20084674 #>>20085299 #>>20086493 #>>20087040 #

hedora ◴[03 Jun 19 13:39 UTC] No.20082924[source]▶

>>20082108 #

As an end user, how can I tell the modal dialog is actually my bank?

It looks trivial for the vendor to man in the middle attack.

I’d take my business elsewhere if presented with a UI from some random e-commerce site asking for extra personal information.

replies(1): >>20083301 #

HatchedLake721 ◴[03 Jun 19 14:18 UTC] No.20083301[source]▶

>>20082924 #

3D secure payments in Europe have been a standard for years - being presented with additional verification steps for online purchases.

Attacker cannot know who you bank with. Plus, most of the time the confirmation screens are something like confirming 2nd/Xth characters of your password/date of birth.

replies(3): >>20084088 #>>20084274 #>>20084387 #

1. plttn ◴[03 Jun 19 15:21 UTC] No.20084088[source]▶

>>20083301 #

> confirming 2nd/Xth characters

That is somehow significantly less reassuring than not having 3D Secure payments in the first place.

↑

Stripe Chargeback Protection