Admin Notice Update 12 Feb 20 - PayPal payments blackout 8 Dec thru 11 Feb - Now reinstated.

Discussion in 'Announcements' started by Richard, Jan 20, 2020.

  1. Richard

    Richard Maintenance Dept Administrator

    Joined:
    Mar 14, 1995
    Messages:
    12,934
    Likes Received:
    11,462
    Location:
    Newcastle
    -------------------------------
    UPDATE 12 FEB
    Subscriptions via PayPal now reactivated.

    We still have 170 odd active subscribers via PayPal who were not affected by the recent PayPal blackout. In order for those subscriptions to continue automatically renewing each year it has been necessary to reactivate PayPal. Customers come first.

    --------------------------------------


    UPDATE: 6 Feb 2020

    - Full access to our PayPal account was reinstated a few days ago.
    - Existing subscribers using PayPal, not effected by this issue and whose annual payment is due after 1 Feb, 2020 will continue as per usual until subscription is canceled or cc details on file with PayPal expire
    - Subscribers using PayPal whose annual payment fell due between 8 Dec 2019 & 31 January 2020 had their subscription automatically cancelled by PayPal and either lapsed or chose to renew via Stripe (Approximately 60 accounts were affected)
    - Even whilst our PayPal account has been reinstated, we will continue to no longer offer PayPal as a payment method for new, expired or automatically canceled subscriptions for the foreseeable future.




    ------------------------------------------
    January 20, 2020
    (Original Post)
    ------------------------------------------

    TL;DR
    KEY POINTS


    - PayPal is no longer accepted for subscription payments.

    - Automatic subscription payments via PayPal have been falling due now have been cancelled by PayPal (you may have received an email indicating such direct from PayPal)

    - All new and renewing Subscription payments are now solely via Stripe (The #1 Credit Card Payment Gateway)

    - Existing PayPal subscribers need only renew via Stripe when your current Gold or Silver subscription expires and not before.

    - But how do I know if I have expired?
    If your Avatar shows a Gold or Silver banner. YOU HAVE NOT YET EXPIRED. View the date your subscription will expire.

    - ONLY IF your subscription has completely expired then renew here.

    - Direct Bank Deposits will NOT be offered as a subscription payment method.

    - Questions still?
    Ask below (but take the time to read the long version first please)

    -------------------------------------------

    What has happened

    Back in December, PayPal unceremoniously froze our account with no prior warning. PayPal is now subject to new compliance by the Australian Government designed to clamp down on money laundering and tax evasion. Whilst this is a perfectly welcome and understood initiative - the way PayPal has implemented the new identity compliance requirements has been somewhat heavy handed and poorly communicated. Anyway - what can you do? It is what it is.

    Due to the age of our business account with PayPal (first opened 18 years ago :eek:), we were unable to supply and update 'proof-of-identity' documents via the dashboard, instead we needed to follow a manual review process - this has still not been resolved. The manual process is proving to be a complete PIA. In the meantime, our account has remained frozen.

    In the interim, all customer subscriptions got automatically cancelled by PayPal as they fell due with no recourse - many of you will have already received such email.

    The PayPal cancellation notice you have received does not necessarily mean your forum account on ski.com.au has expired. What the PayPal notification means is that your forum subscription will not automatically make payment when it falls due.

    This has been a significant inconvenience to both Ski.com.au and those of you who subscribed via PayPal - this course of action by PayPal has been the catalyst for us to decide to no longer offer PayPal.

    If we have to go through the process of inconveniently re-subscribing our existing customers then it may as well be with a payment service we feel more confident in providing. That service is Stripe.​

    For ski.com.au, PayPal has become technically too difficult to deal with and it has been superseded for ease and convenience of credit card payment by Stripe. PayPal's legacy role as an escrow payment service is not required for simple subscription payments and presents unnecessary technically overhead. Very few other subscription services offer PayPal and certainly none of the mainstream consumer services such as Spotify or Netflix offer PayPal as a payment option.

    If your ski.com.au subscription is with PayPal and/or you have received a cancellation notice from PayPal of your subscription - we advise that no action is required until your Gold or Silver account status actually expires.

    ----------------------------------------

    Direct Bank Deposits - will not be offered

    Some folk have requested payment via direct deposit - in all cases because they "don't know what stripe is".

    Chances are 99.99 percent of you have already used Stripe and don't know it. Stripe power the CC payments for most of the big consumer facing online services such as Netflix, Spotify, Uber, AirBnB, Booking.com & many others. They are *very* safe. Learn more here.

    If it was just one or two people wanting to make a direct deposit, I could make exception. However, the direct deposit method is not automated and requires both manual reconciliation of our bank account and manual update of your forum account. Names don't match, it's difficult to tell which payment would map to which forum account, you would have to wait anywhere from a few hours to several days for payments to be activated. yada yada yada - it would be a nightmare. Nothing about it is automated (especially the renewals) so it's just not happening. If you are not comfortable with credit card payment via Stripe then I'm sorry but I can't help you.

    --------------------------
    ABOUT STRIPE

    Stripe is a Credit Card payment gateway.

    Stripe is the safest online payment gateway available. Your details are never passed to us. Only a payment token. What this means is that this site can not be targeted or hacked for your CC details because we hold none - this is why it is so safe for both you and ski.com.au.

    You may never have heard of Stripe but chances are you have transacted via Stripe before. Stripe provides the payment services for Spotify, Uber, Booking.com, The Guardian, Lyft, Yelp, Amazon and even Google, it is used by thousands of business large and small across the globe.

    Don't get confused by it's name. It's called Stripe here because we are too small an operation to get the service un-branded. So the button has to say 'Stripe'.

    ---------------------------

    THANK YOU

    Thank you everyone for your patience and understanding as we muddle through this most inconvenient PayPal clusterf*** and transition to Stripe for our subscriptions. This is just another hurdle in the long line of phat hassles the Internet throws at us small flotsam and jetsam players.

    --------------------------


    Still confused??? Ask below


    --------------------------
     
    #1 Richard, Jan 20, 2020
    Last edited: Feb 6, 2020
  2. 'H' Jones

    'H' Jones One of Us Ski Pass: Gold

    Joined:
    Jun 24, 2008
    Messages:
    4,014
    Likes Received:
    209
    thank you for the very detailed info :cheers:
     
    fennekeg, Sadie, Chaeron and 2 others like this.
  3. POW_hungry

    POW_hungry Part of the Furniture Moderator Ski Pass: Gold

    Joined:
    May 28, 2000
    Messages:
    18,694
    Likes Received:
    23,670
    Location:
    Eastern Burbs of Sydney
    PayPal is also an over-priced payment type.
    It shall die a slow death IMO.
     
    Any, M_G, qwill and 5 others like this.
  4. Richard

    Richard Maintenance Dept Administrator

    Joined:
    Mar 14, 1995
    Messages:
    12,934
    Likes Received:
    11,462
    Location:
    Newcastle
    Yep, that's a whole conversation of it's own. For me PayPal is just another example of how quickly a code base can become a massive monolithic tech stack that collapses in on itself like a black hole. They missed the boat probably eight years ago to rebuild fresh and now it's all but too late. They could have been Stripe - they certainly could have competed with Stripe but they are out of the race now imho.

    It's a reminder that the pain to ground-up rebuild a tech stack is worth it long run - which even though it does not happen quickly enough, it does at least happen here at Ski.com.au. Our next iteration will be the fourth time we have rebuilt this site and about the 6th time we have rebuilt the forums.
     
    hipo, fennekeg, WarrandyteWX and 9 others like this.
  5. Legs Akimbo

    Legs Akimbo Grumblebum Ski Pass: Gold

    Joined:
    Jan 17, 2014
    Messages:
    31,523
    Likes Received:
    26,619
    Location:
    Coastal suburban boonies.
    My subscription expires in September. By then I will have forgotten all this. Will I be reminded, or do I have to practise swearing?
     
    Chaeron and Hyst like this.
  6. Marty_McSly

    Marty_McSly What a plonker. Ski Pass: Gold

    Joined:
    Jul 12, 2011
    Messages:
    8,434
    Likes Received:
    8,869
    Location:
    Hunter Valley Whine Country, NSW
    That's a bummer. From the user-facing side, Paypal has been awesome for as long as I've been using it. Not sure exactly how long but it could be about 15 years or so. Basically as long as I've been an eBay member.

    I really hate giving my CC number over the internet, over and over again, even though I conceptually understand encryption, and would actively seek to deal only with sites that accepted Paypal.

    Thanks for the background info on Stripe. That's been helpful in the decision between maintaining paid membership or reverting to a non-subscription account and winding back my activity.
     
  7. currawong

    currawong Old but not so Crusty Ski Pass: Gold

    Joined:
    Sep 17, 2003
    Messages:
    32,236
    Likes Received:
    16,065
    Location:
    Kiewa Valley
    for a consumer buying goods, PayPal's guarantee is very good though.
     
  8. Richard

    Richard Maintenance Dept Administrator

    Joined:
    Mar 14, 1995
    Messages:
    12,934
    Likes Received:
    11,462
    Location:
    Newcastle
    nope,

    You will expire, and when you get to renew you will only have one option to make CC payment - and by then, should you remember, you will wonder what the fuss was about.

    ATM, folk are getting emails from PayPal saying their automatic payment subscription is cancelled. It reads like your account here has been cancelled, but that is not the case. So there is confusion. Compounded if it happens to coincide with your account here actually expiring - which for many during this month it actually did (due to this being the period back in 2017 when we started the compulsory upgrades at 1000 posts).
     
    Chaeron and POW_hungry like this.
  9. Richard

    Richard Maintenance Dept Administrator

    Joined:
    Mar 14, 1995
    Messages:
    12,934
    Likes Received:
    11,462
    Location:
    Newcastle
    Again, not relevant here, and also... you get me. Whom you can actually talk to and whom can actually resolve issues - always in your favor.
     
    Normo, Tanuki, TC and 5 others like this.
  10. Jellybeans

    Jellybeans Walking on a cloud Ski Pass: Gold

    Joined:
    Aug 24, 2015
    Messages:
    9,025
    Likes Received:
    11,305
    Location:
    Box Hill, Vic.
    It seems PayPal is good when you are dealing with an unknown quantity, eBay seller, etc.

    And Stripe/others when dealing with a known quantity, like here, or Spotify, Netflix, etc.
    They do argue that they can “catch” fraudsters, but guarantees are better than promises.
     
    Chaeron and currawong like this.
  11. Richard

    Richard Maintenance Dept Administrator

    Joined:
    Mar 14, 1995
    Messages:
    12,934
    Likes Received:
    11,462
    Location:
    Newcastle
    Yep. This is what PayPal was built for and it's still what they do best - individual to individual transactions where trust is low and the parties require escrow-like safety.
     
  12. currawong

    currawong Old but not so Crusty Ski Pass: Gold

    Joined:
    Sep 17, 2003
    Messages:
    32,236
    Likes Received:
    16,065
    Location:
    Kiewa Valley
    no argument. that's why my comment was about goods. happy to deal with reputable providers, especially for repeat business.
     
    Chaeron and Richard like this.
  13. Hyst

    Hyst Enjoyer Ski Pass: Gold

    Joined:
    Nov 23, 2014
    Messages:
    1,945
    Likes Received:
    1,320
    Location:
    Copenhagen
    Will there not be any reminder the following years (plural) ?
    Each year we have to remember our selfs, when to pay?
     
  14. Richard

    Richard Maintenance Dept Administrator

    Joined:
    Mar 14, 1995
    Messages:
    12,934
    Likes Received:
    11,462
    Location:
    Newcastle
    Payment via Stripe are still automatic subscriptions* - like PayPal so long as your CC is valid the payments happen automatically. Plus from my side it does a better job of notifying folk when a CC is about to expire.

    * Not an automatic subscription if you choose the Gold / 1 year @ $36 - or the Silver / 4 Months @ $6.05
     
    Chaeron and POW_hungry like this.
  15. Hyst

    Hyst Enjoyer Ski Pass: Gold

    Joined:
    Nov 23, 2014
    Messages:
    1,945
    Likes Received:
    1,320
    Location:
    Copenhagen
  16. TOFF

    TOFF Im kind of a big deal Ski Pass: Gold

    Joined:
    Aug 10, 2004
    Messages:
    44,419
    Likes Received:
    18,762
    Location:
    Somewhere between right and wrong
    Can I pay with bitcoin or has ski.com.au considered establishing their own crypto currency?
     
    M_G, cold wombat, Alleve and 3 others like this.
  17. Hyst

    Hyst Enjoyer Ski Pass: Gold

    Joined:
    Nov 23, 2014
    Messages:
    1,945
    Likes Received:
    1,320
    Location:
    Copenhagen
    Those Royalties!:eek:
     
  18. qwill

    qwill Part of the Furniture Ski Pass: Gold

    Joined:
    Jun 18, 2010
    Messages:
    15,955
    Likes Received:
    6,458
    Location:
    queensland
    Good move, Stripe are great operators.











    *conflict of interest declaration - They are a trusted business partner
     
  19. TC

    TC Pool Room Ski Pass: Gold

    Joined:
    Dec 7, 1999
    Messages:
    73,416
    Likes Received:
    8,932
    Location:
    Gulmarg Resort Kashmir
    i have an automatic subscription....i assume nothing will change
     
  20. Donzah

    Donzah Old n' Crusty Ski Pass: Gold

    Joined:
    Aug 3, 2017
    Messages:
    33,402
    Likes Received:
    29,300
    Location:
    woonona
    **** PayPal
     
  21. CarveMan

    CarveMan Pool Room Ski Pass: Gold

    Joined:
    May 12, 2000
    Messages:
    76,649
    Likes Received:
    42,075
    Location:
    Les Hautes Montagnes
    I wish I could **** them off but Paypal users still represent a very decent proportion of our online sales.
     
  22. Richard

    Richard Maintenance Dept Administrator

    Joined:
    Mar 14, 1995
    Messages:
    12,934
    Likes Received:
    11,462
    Location:
    Newcastle
    Any currency from you is a better arrangement than current. You still owe me beers afaik for helping you out of the house past the missus in ‘those tartan pants’
     
    Ian D, Chaeron, cold wombat and 4 others like this.
  23. CarveMan

    CarveMan Pool Room Ski Pass: Gold

    Joined:
    May 12, 2000
    Messages:
    76,649
    Likes Received:
    42,075
    Location:
    Les Hautes Montagnes
    Were they hers?
     
    Ian D, Chaeron, cold wombat and 2 others like this.
  24. teckel

    teckel Pool Room Ski Pass: Gold

    Joined:
    Oct 16, 2004
    Messages:
    43,204
    Likes Received:
    11,292
    Location:
    Narbethong, Vic
    Was that TOFF? I thought it was Astro!
     
    TC likes this.
  25. TOFF

    TOFF Im kind of a big deal Ski Pass: Gold

    Joined:
    Aug 10, 2004
    Messages:
    44,419
    Likes Received:
    18,762
    Location:
    Somewhere between right and wrong
    We are even as I had to bring you your pants the following morning that you left at my house. True story.
     
    Ian D, Chaeron, currawong and 3 others like this.
  26. XTREMO

    XTREMO Old n' Crusty Ski Pass: Gold

    Joined:
    Jul 9, 2000
    Messages:
    24,351
    Likes Received:
    4,767
    Location:
    Sydney/London/Berlin
    Stripe are fantastic. Been using them for about 5 years. A joy to deal with. A joy to use. Their merchant dashboard and their overall UX is my gold standard when it comes to SAAS products. So good.

    I'm not quite clear on this answer to Legs'. I'm in same boat. Will expire in Sept.

    Will a reminder be emailed to me, asking me to renew and hyperlinking to a Stripe checkout page?

    Or is it possible that my account will simply lapse until such time as I log in and realise that I'm no longer a gold member, and go to my account subs page to enact the renewal?
     
    Chaeron and currawong like this.
  27. Richard

    Richard Maintenance Dept Administrator

    Joined:
    Mar 14, 1995
    Messages:
    12,934
    Likes Received:
    11,462
    Location:
    Newcastle
    Yes. Emails are sent. XF2 has this built in.

    If this happens - it's hard to miss, a great big notice (that you can not dismiss) appears at the top of all Apres threads.
     
    currawong, XTREMO and TC like this.
  28. TC

    TC Pool Room Ski Pass: Gold

    Joined:
    Dec 7, 1999
    Messages:
    73,416
    Likes Received:
    8,932
    Location:
    Gulmarg Resort Kashmir
    Do I need to set up a stripe account
    I hadn't heard of stripe until this thread
     
  29. Marty_McSly

    Marty_McSly What a plonker. Ski Pass: Gold

    Joined:
    Jul 12, 2011
    Messages:
    8,434
    Likes Received:
    8,869
    Location:
    Hunter Valley Whine Country, NSW
    Doonkscoin?
     
    cold wombat likes this.
  30. chriscross

    chriscross One of Us Ski Pass: Gold

    Joined:
    Jul 1, 2005
    Messages:
    1,765
    Likes Received:
    518
    Location:
    Beaconsfield,Victoria
    So if Paypal was not involved in my re-subscription, how then did Stripe know my credit card number? Certain I did not enter it, the payment just went straight through.
     
    currawong likes this.
  31. Richard

    Richard Maintenance Dept Administrator

    Joined:
    Mar 14, 1995
    Messages:
    12,934
    Likes Received:
    11,462
    Location:
    Newcastle
    Because they got you on file from somewhere else, and you ticked (did not un-tick) a box that said, 'keep my cc details on file' - or similar phrasing. My experience of this was buying from a ecomm site hosted with Shopify (like Aussieskier.com) - next time I was on a different shopify store all my details were pre-filled.

    No. It's not like PayPal, you don't go and create an account as a first step to later use it.
     
    Chaeron likes this.
  32. XTREMO

    XTREMO Old n' Crusty Ski Pass: Gold

    Joined:
    Jul 9, 2000
    Messages:
    24,351
    Likes Received:
    4,767
    Location:
    Sydney/London/Berlin
    If you buy stuff or pay for stuff online, you've probably already used it without realising. Its just a gateway that processes the payments seamlessly. As a consumer, all you see is a nicely designed box to enter your CC details and hit a submit button.
     
    Ted Harper, TC and Telemark Phat like this.
  33. Marty_McSly

    Marty_McSly What a plonker. Ski Pass: Gold

    Joined:
    Jul 12, 2011
    Messages:
    8,434
    Likes Received:
    8,869
    Location:
    Hunter Valley Whine Country, NSW
    Presumably with a green key in the status bar to indicate a secure site that is safe according to Google?
     
  34. XTREMO

    XTREMO Old n' Crusty Ski Pass: Gold

    Joined:
    Jul 9, 2000
    Messages:
    24,351
    Likes Received:
    4,767
    Location:
    Sydney/London/Berlin
    Not sure about current situation, but in the past it was possible to install Stripe functionality on a website that didn't qualify for green padlock SSL status. Ie. your assertion above couldn't be taken for granted. Perhaps Stripe have tightened things up so as to only allow use on SSL compliant sites. I seem to remember that when I configured it on one of our Wordpress ecommerce sites, there was a bit of messing around to ensure that SSL was working, but I can't remember whether Stripe functionality was dependant on it, or whether it was just recommended/advised/preferable...

    From an ecommerce site owner's perspective, its obviously much better if the site has the green padlock, to provide consumers with confidence.
     
    Richard likes this.
  35. Richard

    Richard Maintenance Dept Administrator

    Joined:
    Mar 14, 1995
    Messages:
    12,934
    Likes Received:
    11,462
    Location:
    Newcastle
    The simple implementation runs as a javascript modal - an inline window. Which has always been secure even if the hosting site was insecure. Stripe, like any decent gateway, has always run on secure domain.

    The average consumer can't see that the inline element is secure regardless of whether the host site is secure or insecure (unless you know how to view and read web page source code)

    Modern browsers have gone all nazi on insecure domains and will not allow assets (like javascript) from a third party insecure domain to load. (It's why many of the old linked images in these forums fail. They are hosted on insecure sites) So a modal on a secure site can not be anything other than secure else it won't load at all - either way, the implementation of Stripe has always been very secure.
     
  36. cold wombat

    cold wombat Twitter Contributer Social Media Mod Ski Pass: Gold

    Joined:
    Jun 4, 2008
    Messages:
    49,614
    Likes Received:
    18,862
    Location:
    Perth
    From this consumers pov, it's obviously not better.

    ;)

    That's not a comment on Stripe btw: it's a comment on not being able to see at a glance who is actually handling my cc details.


    If I enter my cc details, I want to know it is *not* the site handling them in their own half baked woefully inadequate payment gateway system. I want to know clearly it is a secure, trusted service provider and my cc details never touch the merchants system. The same would go for a site like this. As much as I have enormous respect for Ian & Richard's technical skills, I wouldn't want to touch a payment gateway they had custom built. That is not their speciality. Every merchant that might hold my cc details is a security risk I want to avoid. The fewer the better.
     
  37. hipo

    hipo One of Us Ski Pass: Gold

    Joined:
    Jun 23, 2011
    Messages:
    2,893
    Likes Received:
    4,543
    Location:
    Here & there
    My concern with stripe and similar gateways is they force people to enter cc details each time.
    Can see skimming fraudsters and man in the middle bugs rubbing their grubby hands with delight looking for every opportunity to exploit any loop hole. ( even if the transaction is https)
    Not entering cc details is the major advantage of PP along with the sms authorisation pin.
    If a site didn' t offer PP and asked for CC details, I would just move on and look for another provider
    Guess I need more info about the front end from the payee side to be convinced.
     
    skifree and Marty_McSly like this.
  38. currawong

    currawong Old but not so Crusty Ski Pass: Gold

    Joined:
    Sep 17, 2003
    Messages:
    32,236
    Likes Received:
    16,065
    Location:
    Kiewa Valley
    from what @Richard said above, or seems that you can opt for stripe to keep your cc and use it across any sellers that use stripe.

    I must have ticked that box without realising that it applied more broadly that the seller I was paying at time. also takes away the ability to choose which card. swings and roundabouts I guess
     
    skifree likes this.
  39. hipo

    hipo One of Us Ski Pass: Gold

    Joined:
    Jun 23, 2011
    Messages:
    2,893
    Likes Received:
    4,543
    Location:
    Here & there
    Do they provide a 2 factor authentication on each transaction?
     
    cold wombat likes this.
  40. Red_switch

    Red_switch Old n' Crusty Ski Pass: 30 Day

    Joined:
    Jun 5, 2006
    Messages:
    24,816
    Likes Received:
    10,025
    Location:
    Dunedin, NZ
    Hey, @Richard , my bank has blocked a couple of stripe payments lately...
     
  41. currawong

    currawong Old but not so Crusty Ski Pass: Gold

    Joined:
    Sep 17, 2003
    Messages:
    32,236
    Likes Received:
    16,065
    Location:
    Kiewa Valley
    not that i recall, but i then i wasn't aware that i was using stripe

    my ski.com.au renewal went through automatically, so no authentication of any sort required - like a recurring paypal (or cc or eft) transaction
     
  42. Richard

    Richard Maintenance Dept Administrator

    Joined:
    Mar 14, 1995
    Messages:
    12,934
    Likes Received:
    11,462
    Location:
    Newcastle
    Yeah, but that's your default stance. Always contrary.

    Who knows, perhaps you were on a VPN, perhaps the merchants ran their own fraud rules.

    Right now. PayPal is frozen, they are being uncooperative (not the call centre, which have been great, the people behind the call centre who just keep the account locked and treat me like a mushroom)

    So even if I wanted to I can't offer PayPal atm. PayPal is also auto-cancelling all the subscriptions whilst I can do nothing but sit on my hands. Those subscriptions are precious to this site. This is an act of destruction with no right of reply. What a bunch of ****tards.

    This freezing of our account is not about fraud or illegal activity - it's because they did not have 100points of id on all the directors of Leisurenet - and their lame-ass system would not allow me to update via the dashboard - because 'old account' FMD!

    So I'm burnt and done with them.

    Plus, as I have mentioned before, every single payment issue these last five or six years since we introduced a $33 product, has been with PayPal. I've not had one single payment snafu with Stripe yet. The ratio is probably about 70:30 PayPal:Stripe so there's been less volume with Stripe - but there's been enough volume to show it is superior.

    Here's another view point, saying what I been saying, but differently.

    https://memberful.com/blog/stripe-vs-paypal/
     
    skifree and cold wombat like this.
  43. Red_switch

    Red_switch Old n' Crusty Ski Pass: 30 Day

    Joined:
    Jun 5, 2006
    Messages:
    24,816
    Likes Received:
    10,025
    Location:
    Dunedin, NZ
    When I called the bank they rattled on about stripe keeping their disputes resolution team busy, but I agree that ultimately it's the vendor, rather than stripe themselves most likely. Are the barriers to implementing stripe lower than other payment processors?

    My bank also blocks payments made via US .gov websites. Pretty awesome when you're trying to sort out your esta.

    I also agree with @cold wombat that I like to see transparency in terms of who the payment processor actually is.
     
  44. Richard

    Richard Maintenance Dept Administrator

    Joined:
    Mar 14, 1995
    Messages:
    12,934
    Likes Received:
    11,462
    Location:
    Newcastle
    The only people grizzling about Stripe are the techs and tech-inclined with enough knowledge to be ideological and/or religious. I've provided all the detail I can about Stripe. I got no more detail to provide.

    For me, as a seller of a product, it rocks and I have no concerns about it's security and I have no problems or customer service snafu's to deal with.
     
  45. Richard

    Richard Maintenance Dept Administrator

    Joined:
    Mar 14, 1995
    Messages:
    12,934
    Likes Received:
    11,462
    Location:
    Newcastle
    Despite the proof of concepts that get reported about in security news, there is near zero evidence that black hats in the wild actually captures CC data over 2048 bit https with skimming or MiM attacks, one CC detail at a time - it's waaaaaaaaaay to hard for way too little result.

    Much easier to attack insecure backends and haul in the motherload of CC details. That's how 99.999999999% of cc details are groked. eComm sites that think they are capable of implementing a PCI compliant gateway themselves are always the one who get hacked and the breech is always via the backend.

    Usually these are operations that are big enough to afford the expense but do not have a natively tech culture - eg Woolworths (not saying Woolies has been hacked just that that's the kind of business profile that invariably gets owned by the hackers - Woolies may even use Stripe for all I know).

    Smart businesses recognise it's no small thing and so partner with the likes of Stripe or Fastspring, or Raintree or EWay or such. Netflix could easily afford to do their own gateway and they have the engineers. But they don't. They use Stripe because it's waaaay harder than it looks to keep the backend secure and to monitor fraud.

    The real problem is with the CC vendors, Visa & MC specifically who have a lot to answer to for the mess that is CC security. At it's core CC transactions are 1960's tech. Consumers passing CC numbers to merchants and requiring merchants to store the CC number on file, every time it's used - is effing madness. All one needs is a number, a name and an expiry date and that's enough detail to authorise a transaction. Crazy. The introduction of the CVS number was barely even token security. But this is a whole other line of discussion that has no connection with our PayPal dilemma.
     
  46. hipo

    hipo One of Us Ski Pass: Gold

    Joined:
    Jun 23, 2011
    Messages:
    2,893
    Likes Received:
    4,543
    Location:
    Here & there
    Hi @Richard.
    I appreciate the difficult position you were forced into by Paypal and remain patient and tolerant while you decide on a way forward that suits your business model.
    i also appreciate you have provided as much information and transparancy as possible.

    I have searched extensively on information regarding Stripe and can find numerous positive responses on the benefits, ease of operation and reduction of overheads for the merchant.
    However, I can find little information on the operation of Stripe from the payee's side.

    Hence the questions on here and other sources to understand how Stripe works.
    Seeking this information is certainly no negative reflection on yourself or your valued business.

    it is purely a reflection of the seriousness and precautions I take before handing my credit card details (or any financial transacion) to any entity.
    Cheers
     
  47. Richard

    Richard Maintenance Dept Administrator

    Joined:
    Mar 14, 1995
    Messages:
    12,934
    Likes Received:
    11,462
    Location:
    Newcastle
    Perfectly valid concerns.

    I have been googling the payee controls/management side myself and how exactly it is that Stripe authenticates a returning customer with pre-filled data (confusion/suspicion here almost always seems to emanate from the way Stripe works within the Shopify ecosystem).

    Creating an account at the Stripe website is entirely about intending to use Stripe as a gateway for your business (whatever that may be) and not as a consumer. Stripe is is not PayPal. It is not intended for consumer to consumer transactions where everyone is both a recipient and sender of monies. (which is why I suspect it has become subject to these extended new compliance requirements - PayPal is effectively a financial institution for transactions not unlike a bank)

    If you bought something on say DavidJones.com.au and used their gateway (whatever that may be) there is no gateway dashboard for you to manage that transaction - the place to manage your transaction relationship with David Jones is within the DJ's website. Where you can add, update or remove your credit card from their records. Your card is 'on file' with David Jones.

    Similarly with Ski, you manage your subscription on this site - the difference being that you only have two controls - create subscription & cancel subscription. Your card is not 'on file' with this site, it's 'on file' with Stripe.

    --------
    Edit - added more 10 min later.
    --------

    So the consumer flow issue here, which is exactly the same issue as it has been with PayPal, is that I can not provide a means to update your CC when it expires every third year and so subscriptions just lapse until CC details are updated.

    Almost every snafu with subs has been this issue with PayPal, the expiry of CC. It's always PayPal where I end up dealing with the consumer - because they make payment again and payment fails and they assume it's a problem with Ski.com.au - but the issue is an old CC on file with PayPal. I get a PM, I look at my forum transaction records - I see that paypal transaction was rejected (not failed per se) - I advise that they need to update their CC in PayPal. Customer exclaims it's so long since they used PayPal they have forgotten their password, I obviously can't help them with that, customer fights with the process to update PayPal (because their dashboard totally sucked for a loooong time).

    And I haven't even begun to describe the API/Token calls that screw up with PayPal when folk cancel their subscription via the PayPal dashboard instead of via their profile on these forums. There's a small minority of folk who chose the $33 subscription, log-in to PayPal and cancel it immediately so they can save the $3 between the $33 sub option and the $36 / 1 year only option. And then stuff fails and they wonder why. Mind boggling. (My fault I guess for incentivising the auto subscription v's the 1 year option - by $3 !)

    When a subscription fails with Stripe due to expiry of CC details. The consumer simply re-subscribes, entering the new valid CC details there and then and a new subscription begins. No snafu, no PM's. Everyone happy.

    So.

    If you are sitting in my seat, what you notice is that most people don't actually use PayPal for everyday transactions. Many of the subscribers on this forum somewhat reluctantly created a PayPal account - or reactivated their ancient PayPal account - just to subscribe - because for four years it was the *only* option we had. Then I added Stripe and it got easier.

    Perhaps with later versions of XF the plugin that manages Stripe will enable update of CC prior to expiry. I can't say categoricallly but it's a possibility. Either way, the UX flow with Stripe when CC's expire is waaaaaay better.

    Heavy, dedicated users of PayPal are not the majority of you here. Most of the 380 odd subscriptions are folk who don't intimately understand online CC security and are also not paranoid about making payments online with a dash of vigilance. I can tell by the way TOFF liked an earlier comment of mine - he is in this group I speak of.

    This conversation about the detail, this is absolutely for the minority among you. Which is fine, and I'm happy to go through it, but we still arrive at where we have, which is;

    - PayPal is dead to me.
    - CC payment via Stripe is now the only payment option.

    Now, I'm not going to say never ever again, good UX is to provide two payment options - and one day PayPal may return as an option. For me though, I've been bitten hard, and I'm going to need a lot of renewed confidence before I go there again with PayPal.
     
    skifree, Ted Harper, hipo and 4 others like this.
  48. Marty_McSly

    Marty_McSly What a plonker. Ski Pass: Gold

    Joined:
    Jul 12, 2011
    Messages:
    8,434
    Likes Received:
    8,869
    Location:
    Hunter Valley Whine Country, NSW
    I wouldn't say I was a heavy user, but I use it regularly enough that remembering the password and keeping my cards current aren't issues for me. IIRC I get e-mails from PP when my cards approach their expiry dates.

    I'm not saying I won't use Stripe. The information you've given is enough to give me comfort.

    In general terms, the comments from @cold wombat and @hipo echo my wariness of providing CC details for every transaction. I'm paranoid enough that I only link PayPal to a bank account that usually only has a few hundred dollars in it. The only way PayPal can access my main bank account that income goes into, is via the debit Visa card attached to the account, which can be cancelled at a moment's notice if I suspect unauthorised use.

    I'd just be more comfortable if Stripe had a more public profile, like requiring their name or logo be shown in payment gateways that use their technology. I pretty much will only use a CC number for payment when I'm very obviously redirected to a secure payment gateway, or a secure payment popup opens. So if the CC payment mechanism is embedded in the merchant's website, I just don't go there. That would be where an indication that Stripe is behind the payment mechanism would be useful.
     
    hipo and cold wombat like this.
  49. cold wombat

    cold wombat Twitter Contributer Social Media Mod Ski Pass: Gold

    Joined:
    Jun 4, 2008
    Messages:
    49,614
    Likes Received:
    18,862
    Location:
    Perth
    I have no argument with the decisions you have made. Given the landscape, it makes sense.

    My argument is with the landscape. I have no problem at all using Stripe: on the contrary, I *prefer* to use them (based on reputation). What I don't like (as has already been noted by myself, @hipo & @Red_switch) is the lack of transparency (which is well beyond your control as you've noted). There is nothing more you can do to improve transparency (at least that I am aware of).
     
    Red_switch and Richard like this.
  50. cold wombat

    cold wombat Twitter Contributer Social Media Mod Ski Pass: Gold

    Joined:
    Jun 4, 2008
    Messages:
    49,614
    Likes Received:
    18,862
    Location:
    Perth
    I have a virtual cc attached to my real cc. I use the virtual cc for all online transactions. I can destroy it and create a new one at will. I love that capability. If I have to deal with a dodgy merchant...
     
    kylep, Marty_McSly and Richard like this.
  51. Richard

    Richard Maintenance Dept Administrator

    Joined:
    Mar 14, 1995
    Messages:
    12,934
    Likes Received:
    11,462
    Location:
    Newcastle
    I get your concerns. I take similar precautions with PayPal and have my personal PP locked down with a 2FA dongle. Like most of the tech heads here, I know what good online transaction hygiene is and how to minimise my exposure to fraud.

    The button here says Stripe. The modal used to have a Stripe logo but now it does not. Probably because folk got confused when buying stuff on "MyCornerStore.com" and the payment page had a different logo and not one that said "MyCornerStore" - so they backed out - when dealing with the very large scale, folk are strange (it's why imho FB are absolute masters of both white UX and dark UX - scale reveals every.tiny.little.thing that causes friction in UX and needs to be fine tuned in order to get folk to do what you want them to do). Either way, I'd guarantee the logo on the modal cause more confusion than it created confidence. Which is a brand thing - an area where PayPal has an advantage at least. Way more brand presence with the consumer and association with safety.