Nathan Kennedy <[email protected]> writes: > I voiced my bitcoin complaints on -discuss before w.r.t. coinbase. > > My opinion is unchanged; I won't ragequit if we start accepting bitcoin, > but I would strongly urge that: > 1. Any payments are settled in USD so HCoop isn't subject to Bitcoin > commodity risk (I haven't read through, I assume that's the case).
Yes, if we ever accept Bitcoin through a payment processor, it will only be immediately settled in USD. It looks problematic to accept Bitcoin directly and exchange it later with the recent ruling that you have to do capital gains magic between the buy/sell price in Real Currency (tm). > 2. I didn't say this before, but I don't really have a huge problem with > previously authenticated users (via credit card) topping up their > accounts in bitcoin if that floats their boat. We already know who they > are as well as we ever have. But I would strongly urge that the initial > payment be required to be made by credit card. Or that we have some > other minimally meaningful method of verifying identity if someone signs > up with bitcoin, which to me sounds like a huge hassle. Does stripe do > this? Their bitcoin page seems to have no information. Right for new members we're requiring either: * A verified Paypal account (a bank says you're who you say you are) * A confirmed shipping address (matches the CC# information) The shipping address is the weaker of the two, obviously. Assuming that is actually strong enough for our purposes (I think so) then accepting Stripe from new members right now is safe. I am not sure any more what Google Checkout required... and we have accepted that for a very long time. I do have *some* concerns about us only relying on verified shipping addresses: it appears that for various prepaid/gift credit cards, you can register it with an arbitrary name/address which will then pass verification (!). It's unclear to me how easy it would be to use fake information, and if we've quietly been accepting them. At least for Paypal it appears we're OK: the address for a card not added to the account (where they debit two transactions and ask you to confirm) will show up as Unconfirmed. For Stripe... https://stripe.com/us/help/faq#verify-address I am not so sure. It kind of looks like a prepaid/gift card could be used and would pass address/zip verification. When they roll out Bitcoin... we just won't opt-in to accepting payments From new members originating as bitcoin. And then perhaps discuss accepting it at all, etc. So, regarding the new portal in general, I think we're just about ready to start accepting Stripe from current members. I just need to add a few admin features (accepting/rejecting an uncaptured payment, rejecting a captured payment) before committing to the new database relations. I *am* going to implement Stripe as an option for joining... we can put their checkout widget onto the post-email-confirmation page and authorize/log the payment with seven days to claim/reject. However, since it's unclear whether or not we can detect prepaid/gift cards I am going to leave it disabled. I am going to dig further, and in the worst case buy a $10 or $20 visa gift card to experiment with. p.s. it looks like it's good we didn't use Braintree as our alternative processor: Paypal just bought them! And they have the same issues with identity verfication that Stripe does :( > On 03/27/2014 06:35 PM, Clinton Ebadi wrote: >> granito <[email protected]> writes: >> >>> On 2014-03-22 04:06, Clinton Ebadi wrote: >>>> I've added Stripe support (currently in test mode, you >>>> can/are-encouraged-to try out the payment experience using one of the >>>> cards listed at https://stripe.com/docs/testing#cards and any fake >>>> address). I also improved the Paypal experience a bit. >>>> ... >>> Well hello there Stripe! https://stripe.com/bitcoin. Awesomeness will >>> ensue :D >>> >>> Sebastian. >> This might complicate things a bit: for Stripe to work, we're relying on >> them charging a credit card which has a valid Name/Address associated >> with it (no gift cards etc.) and using that as weak identity >> verification. >> >> I know ntk and bpt both had opinions on the matter, so ... discuss. -- Leebert: You don't listen to music. Leebert: You listen to the audio equivalent of /dev/urandom
pgpEvDkZEJfGk.pgp
Description: PGP signature
_______________________________________________ HCoop-Discuss mailing list [email protected] https://lists.hcoop.net/listinfo/hcoop-discuss
