Topic: A Little Nervous about non-secure Credit Card Info request
Like the title, I don't like to blindly give out my credit card and CVV without any security certificate available. Will you be adding PayPal as a payment option?
You are not logged in. Please login or register.
chumbysphere forum → General Discussion → A Little Nervous about non-secure Credit Card Info request
Like the title, I don't like to blindly give out my credit card and CVV without any security certificate available. Will you be adding PayPal as a payment option?
Like the title, I don't like to blindly give out my credit card and CVV without any security certificate available. Will you be adding PayPal as a payment option?
Duane says that the Stripe thing is an iframe (actually SSL, but the page isn't), and that your credit card information is stored by Stripe, and not Chumby themselves.
as someone who's got their fingers inthe back-end servers, i can verify, there's no financial info *at all* anywhere on any of the chumby servers.
all we get is a token from stripe that verifys that someone has paid, no cc, or money info at all...
and I like it like that.. much less responsibility and worry!
also, you *can* hit the chumby page via ssl...
as someone who's got their fingers inthe back-end servers, i can verify, there's no financial info *at all* anywhere on any of the chumby servers.
That's nice, but who are you? And can you prove it?
The point of an SSL certificate is that a trusted third party says that you are who you say you are. I completely believe that you are handling no credit card information. I believe that the POST is probably done using SSL. I'm even reasonably sure that Stripe has passed all their PCI audits and is totally safe to do business with.
I know that security on the web is AFU, and what we're asking you for is silly, when you really think about it... but consumers have been trained to look for the little lock symbol, to look for the green bar, etc, and right now you don't have that.
Fix that.
Especially since, as you say, the ssl version of the web site actually works anyway. Toss in the redirect and make us leave you alone.
I'm not really sure how I can prove a negative. or what you'd consider that I could offer as proof of who I am.
if you want to see the lock, you can use htttp for now.
personally, I'd like to see a little lock when I hand my credit card to the waitress at the restaurant.
as to stripe and pci... you got me curious, so I googled this up: https://stripe.com/help/security
It probably does make sense to have an SSL cert and have the subscription page go via https. We know this makes zero difference to the actual security of the site, but it'll prevent people who are used to looking for the lock from getting scared. And, to be honest, encouraging people to look for the lock is a good thing (even if you can get a cert for free...)
personally, I'd like to see a little lock when I hand my credit card to the waitress at the restaurant.
This is one of the advantages of "chip'n'pin"; the waitress never gets your card!
The reason the whole site isn't https is that many of the chumby apps will malfunction when previewed.
I am working on making the subscription page https to alleviate the concerns.
diamaunt wrote:personally, I'd like to see a little lock when I hand my credit card to the waitress at the restaurant.
This is one of the advantages of "chip'n'pin"; the waitress never gets your card!
I've seen videos from 'over the pond' about sneaky shit they can do to rip you off even with chip'n'pin (which, I agree, is a much better technology than the ancient stuff we have here.)
@Duane - yeah, only the sub page needs it. Nothing else is really that sensitive; 'nice to have' but not 'critical'.
@diamaunt - CnP isn't unbeatable, but it's massively better than the US system!
@diamaunt - CnP isn't unbeatable, but it's massively better than the US system!
I agree 100%
I registered my Chumby 1 in March 2011 and haven't turned it off since. Just was using it as a digital clock on my kitchen counter. Looking forward to installing new apps and use it again as I did before it went dark. I just have the problem with giving out my CC info at the moment. I had a real bad time with unauthorized use in the past and now I am very cautious.
The next release of the server will make the subscription pages SSL.
Like the title, I don't like to blindly give out my credit card and CVV without any security certificate available.
The updated web page has been deployed, when you click over to the subscription section, you'll be taken to a ssl page, for your comfort.
the payment will still be done in a secure iframe to stripe, but the chumby page behind it will show ssl.
chumbysphere forum → General Discussion → A Little Nervous about non-secure Credit Card Info request
Powered by PunBB, supported by Informer Technologies, Inc.