Are online payments such a big unsolved problem?
It takes me all of 10 seconds to type my CC number and associated security codes. Sites that I use a lot tend to allow subsequent purchases without re-entering them anyway.
If everyone's facebook account has CC details attached and a 1 click "pay now" button you are only 1 XSS vulnerability from fraud on an unprecedented scale.
Credit cards suck for many reasons other than just convenience of use. Credit card companies are big cartels with hefty fees to retailers, slow and unpredictable turnaround between when a payment is made, and when it gets to retailers bank, and infrastructure that's not well suited for micro payments, or peer to peer payments.
>Credit card companies are big cartels with hefty fees to retailers, slow and unpredictable turnaround between when a payment is made, and when it gets to retailers bank, and infrastructure that's not well suited for micro payments, or peer to peer payments.
The consumer doesn't give two flying fucks about any of this. This is a very important point.
And as a someone selling something by credit card all over the world (stopped counting at 50 countries about 12 years ago) I also don't give two ff's about any of this.
Sure occasionally we get hit with a chargeback ($30 plus the charge amount) and sure we are powerless and they just added some arbitrary $7 month fee. But without this entire system I wouldn't be in business. I also operated a retail business years ago and accepted credit cards. It was a tremendous improvement over having to extend credit to a business owner and then collecting. The fees were well worth the trouble saved.
At least in the US, every major credit card has rules against minimum transactions. Reporting a minimum transaction requirement will cause the CC company to investigate the retailer and possibly punish them.
Many small businesses still do it, of course. What keeps people from reporting them is a mixture of not knowing the regulations and wanting the small business to stay afloat. But regardless, minimum payments actually are put in place by the business.
"Ever had to buy stuff you didn't want to meet a minimum spend on cards?"
True story here. Years ago in a retail business we had a $10 minimum for credit card purchases. A customer came in and bought something for like .50c. So the counter person did the charge for $10 and refunded them $9.50 in cash.
1. I don't have any pressing need to buy a product at such a low price point, and don't see any need to do this in the future.
2. My credit card works wonderfully, and if a retailer pisses me off, I'll phone them and it'll be reversed no questions asked.
3. Again, I (and most other consumers) already have a solution to buying something online that is almost perfect from my perspective. I have three of them in my wallet sitting with me at this very moment (actually, my wallet is a bit of a problem you could look into, especially in the summer).
I don't need paypal. I don't need pretend currency. I don't trust you to get anywhere near my actual bank account. I have several security options with my credit cards that I'm comfortable with.
I personally don't really care that it costs you x amount to take my credit card as a retailer. I've already factored in all your business costs into my evaluation of the price of your product. I also don't care that your employee demanded a raise last week, you need to buy a new computer or that rent is going up. These are your problems.
Again, do you understand that as a consumer, I view my credit cards as almost the ideal product to conduct business on the internet? You're trying to fix a problem that I just don't have by providing me with a solution that I just don't need.
2. 100 keypresses per transaction[1] != 'ideal solution'
There's plenty of room for disruption in this market still. No-one's asking you to become one of those disruptors and we won't be taking away your credit card. You can keep it. Just like all those people who prefer cash to credit cards can keep their cash.
[1] Card number, SSN, expiration date, address, address line 2, City, County, Postcode. Maybe emailaddress, telephone number. Roughly 100 key presses to enter that lot
It depends if we are talking about FB simply providing a service for taking payments similar to google checkout (using existing Cards) or whether you suggest that they try to replace card altogether.
In order to do that FB would be looking at setting up massive infrastructure and essentially having a "banking division" that would get bogged down in regulations and bureaucracy.
my point is, credit cards suck, and there is plenty of space for alternatives. There is a race in peer to peer and micro-payment space, and currently paypal is the leader, but it is far from perfect. I'm not a big fan of FB, but i think this article is on point, and they are well suited to enter this space. Being able to validate identity (thanks to all the information), and having a brand and cash to back it up. As for the new division, infrastructure, and bureaucracy, it would boil down to how well they can execute.
They would most likely still have to deal with the credit card cartel in one way or another. Simply putting a nice payment front end up doesn't make VISA suck any less.
Another advantage of credit cards is the credit part and it would seem a big stretch for FB to get into the lending game.
I think how well they can execute is only one part of the puzzle, since they are going to have to deal with the governments of multiple jurisdictions and big financial institutions and will basically be at their mercy.
My VISA (chip + PIN) works without any problems for online purchases. Some sites even transfer me to my bank's payment gateway that sends me an SMS with a number in order to be able to pay.
I don't have a credit card. I know a lot of people who does but rarely uses them, debit cards feel more secure than credit cards against theft/fraud (and I'm not really sure if they are, I don't think so).
You usually can use a Maestro card online. I think at one point they rolled 2 different cards into the Maestro name which included one for younger people which is supposed not to work online (which would disallow FB payments as well).
In europe certainly most people would seem to have a debit card. Besides I'm assuming at the backend the FB system would require you to enter a debit/credit card.
It would seem very unwise for FB to begin taking down everyone's bank account number as in the case of fraud with a card you can simply cancel the card and get a new number.
In Brazil, I do not know a single debit card that will allow international purchases, or that will be allowed in Paypal (even though Paypal has a local presence).
Almost every time I use my ccard I get redirected to my bank's website where I have to login. This involves entering two fixed digits (long and tough to remember) and a third token using using a little calculator like device which they supplied me, for which I also need my bank card and its pincode. Once I've passed this step I have to generate another one time token using this little device.
If I want to use my ccard online, away from home I need to have all kinds of codes remembered or written down, my normal bank card and this little device.
Using my ccard online has become quite the pain in the ass.
I don't want to waste those 10 seconds which feel like eternity trying to fill all the fields. That's why amazons "1 click" checkout button is so successful. Make me, the user, do as less work as possible.
It's frustrating how the Google Toolbar solved this problem perfectly 10 years ago, then stopped working consistently.
I should never have to type in a password, credit card number, or address if I don't want to... yet nobody except a few proprietary browser plugin vendors treats this as a problem worth solving.
Opera supports this out of the box since 2003 (according to the version history). It's not perfect in my opinion, but I'd say it's not because the web is broken.
One problem, though, is that banks and merchants tend to flag the credit-card field as "Never autocomplete, even if the user has explicitly requested otherwise."
Any tool that actually solves the problem, at least from my perspective, is going to have to give me the option to ignore whatever security conventions are built into the standard(s).
I think it is reasonable to demand not to autocomplete on the server side. Do they really demand not to autocomplete on the client side? In x-autocompletetype case, all CC information stays in the browser, only thing server does is to mark "this is CC field".
It may be different for people who have to remember many credit card numbers.
For example I know my personal CC number off my head but not any of the cards I use for business.
Whenever I shop on a site that has the option of typing in my credit card details vs pressing a "Pay with PayPal" button, I always go for the latter, since I'm lazy. Looking at the stats from my job, I'm definitely not alone.
That's kind of my point, Paypal , Google and Amazon all offer quick solutions to online payments. I'm not sure there is really a need for one more.
What might make more sense would be for FB to allow linking a paypal account with a FB account which could then allow users to login to Paypal via FB.
This would mean they could use paypal's more mature backend and let them deal with the messy stuff, while facebook could still potentially get all the fun of spying on your purchases.
If everyone's facebook account has CC details attached and a 1 click "pay now" button you are only 1 XSS vulnerability from fraud on an unprecedented scale.