Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

We have clients with different-enough needs that it's often easier to write a new, simple shopping cart for them than it would be to integrate an existing behemoth to do what they need.

Should we have every single project certified? How do you even go about that?



Have them not touch the CC#. Leave that last part of the funnel to some certified external. You'd also make them a big service. I simply abandon most carts if the CC entry stage is still on the merchant site and not on someone's big and recognized like PayPal, and I hate PayPal. I just don't trust the little, unknown, guys with CC# & details.


While your concerns are warranted - we've taken over some terrifying projects and cleaned them up in a hurry - I've never been that paranoid about it.


I didn't use to be. Then I had a problem and my bank took 2 months and almost 10 phone calls to fix it. Then I became a little paranoid.


I'm never very bothered handing out my CC details. It's not like I'm liable for anything that happens with it, and when shopping online I generally just the one-time use numbers that all of my credit cards offer. Really, the worst that can generally happen is that I have to get a new CC #.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: