Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I was going to ask something similar. Especially US companies seems rather fond of storing credit card information, but I never seem it done in Denmark, regardless of the size of the company. The most common solution is to let your payment processor deal with those sorts of things, you just have a token, which can only be used to deposit money into your account. So even if it's stolen or leaked, you can transfer the money back, they can't be transferred to a third party.

Why on earth you'd want to deal with credit card information and the attacks it attracts is beyond me. It's not like you're locked to the your provider, the tokens can be transferred... Not easily, but it can be done.

And no, companies would never pay Stripes asking price. You can negotiate much much lower rates with companies like Valitor/Rapyd or certain banks.



For a long time, payment processors in the US would charge more to offer tokenization services. Cost-conscious companies with an eye on their unit economics reacted in predictable ways.


> Cost-conscious companies with an eye on their unit economics reacted in predictable ways.

That seems like the likely explanation. I don't know what the additional cost would be, but with 7 million customers, it could be a million dollars a year in saving. That would require you to be able to be PCI compliant for less than that amount and the risk is still considerable, you could lose your VISA or MasterCard contract pretty quickly and then you're out of business.

We had a situation where scammers would use our site to check stolen credit cards, we got at most 7 days to handle the problem or VISA would close our account. I'd imagine that failing out of compliance would hit equally hard.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: