amuck-landowner

Who uses Stripe for payments? Beware, they seem to not validate cards.

drmike

100% Tier-1 Gogent
Lousy response from Stripe.   Marketing wrote that response.

They obviously DO NOT DO NOT DO NOT have fraud protection.  Stolen cards folks.  Cards reported to banks prior as stolen and still rubber stamped by Stripe. 

If other card processors allow the same shit to slip through, they should be put out of business.  No logic in them facilitating theft/fraud through not truly verifying the account.  Can't believe bank issuer would allow the transaction either.  But hey, maybe it's just like I've always thought, banks make a mint on "fraud", even when they are perpetrating it.
 

gwseward

New Member
Isn't it possible they took the whole conversation seriously, spent time drafting a response and copy/pasted it from whatever editor they were using? And from Stripe's about page there is a Michael Schade that works there. 
 

Kakashi

Active Member
Verified Provider
This is a bit worrying. We use Stripe and have had several payments go through Stripe that were clearly fraudulent i.e. Fraudster in Indonesia using USA credit card. So for the last couple of weeks all stripe transactions from new clients have been double checked. 

I didn't realise it was this dire though... time to hunt for alternatives that allow UK companies.
 
Last edited by a moderator:

tchen

New Member
@Damian jclark's Braintree module like his other one for stripe will inject the CC form on page.  The only difference between this and the Stripe one is that it uses the S2S method.
I took a closer look and that module doesn't use the data.js which is required to integrate with the Kount advanced fraud detection service.  So you're basically looking at basic gateway-level things like carding detection - which brings us back to more or less the same level as the Stripe implementation. The WHMCS integrations both attempt to push a card through the gateway.  It's not listening for any fine-grained feedback other than yes/no so a lot of the flexibility both systems have to allow the provider to make a better decision aren't fed back.

Both will allow you to set AVS/CVV rules to have the API auto-reject cards for basic fraud before submitting it for authorization. 

If other card processors allow the same shit to slip through, they should be put out of business.  No logic in them facilitating theft/fraud through not truly verifying the account.  Can't believe bank issuer would allow the transaction either.  But hey, maybe it's just like I've always thought, banks make a mint on "fraud", even when they are perpetrating it.
I'm starting to get the suspicion that they used fresh stolen cards (or via carding) and then just gave you some random name/phone that'd match the area.  As far as I know, only AMEX will bother validating the name.

And @Kakashi, neither gateway has the information required to deny that order.  All they get is the card's billing address and it's really up to the merchant to determine whether to allow cross-country/state purchases.  That's going to be a limitation of the WHMCS integration for either service.  Kount has more information like ip, past order attempts, etc - across multiple gateways that they can use to filter for fraud attempts, but that's not really available in the current implementation.
 

Damian

New Member
Verified Provider
So... it appears that LorenKelley has been murdered by a street gang of some sort. Can't think of any other reason to ignore a community that wants to give them their business.

Anyone have a non-drone contact for Braintree that I can pick their... brain? (HA!)
 

XFS_Duke

XFuse Solutions, LLC
Verified Provider
Oh well, I might switch, only because I don't want to pay monthly fee's, but at the same time, I'm wondering how great it will actually be. Anyone here actually use them and have you had any issues?

Also, what WHMCS module do you use?

Thanks
 

SPINIKR-RO

New Member
Verified Provider
BraintTree is already integrated with HostBill if anyone is using it. Honestly though looking through here I have not had a issue with Stripe, of course nothing is totally secure from fraudulent transactions. Stripe has honored a few that I knew were not legit and have always refunded the transaction prior to any sort of dispute or chargeback.
 

XFS_Duke

XFuse Solutions, LLC
Verified Provider
BraintTree is already integrated with HostBill if anyone is using it. Honestly though looking through here I have not had a issue with Stripe, of course nothing is totally secure from fraudulent transactions. Stripe has honored a few that I knew were not legit and have always refunded the transaction prior to any sort of dispute or chargeback.
You're the minority here... HostBill is another thread needing to happen... Can't believe nobody started one on here about HostBill and their issues...
 

SPINIKR-RO

New Member
Verified Provider
You're the minority here... HostBill is another thread needing to happen... Can't believe nobody started one on here about HostBill and their issues...
Is that really the case?

There plenty of threads on it and mostly people bitching about the price, even I laugh at how that has unfolded but where are the complaints regarding the app itself? Most complaint about it and have never used it. I have used it in fairly large scale for 12 months now and it out performs WHMCS by a long shot, I also appreciate the weekly updates where todays fixed a SQL vuln.

Yes it has been a bumpy ride in terms of fixing some bugs, a few that were critical but overall better experience that I can say about WHMCS which I have used since 2008ish.
 
Last edited by a moderator:

concerto49

New Member
Verified Provider
Oh well, I might switch, only because I don't want to pay monthly fee's, but at the same time, I'm wondering how great it will actually be. Anyone here actually use them and have you had any issues?


Also, what WHMCS module do you use?


Thanks
Braintree has a whmcs module. You need your own merchant account to use it.
 

XFS_Duke

XFuse Solutions, LLC
Verified Provider
Is that really the case?

There plenty of threads on it and mostly people bitching about the price, even I laugh at how that has unfolded but where are the complaints regarding the app itself? Most complaint about it and have never used it. I have used it in fairly large scale for 12 months now and it out performs WHMCS by a long shot, I also appreciate the weekly updates where todays fixed a SQL vuln.

Yes it has been a bumpy ride in terms of fixing some bugs, a few that were critical but overall better experience that I can say about WHMCS which I have used since 2008ish.
Ha, well yea, we own a lifetime license... We use it, I like it to an extent.. But I don't like the fact that you have to pay for everything now. Oh, a new order page, charge. Oh you have a bug in the program, oh that is $75 to submit it and hope you get a refund. The price hikes are stupid. I understand you like it, but as I said, you're the minority. We switched from WHMCS to HostBill and back to WHMCS because of their lack of fixing real issues and when I found something I couldn't submit the ticket because I wasn't going to pay that clown for him to fix his script. I've had issues with the addon configuration using the scroll option and a few others.

But we can sit here and argue about it all day for a year, it won't solve anything. To each his own. I'll use HostBill only because we have a license but if it weren't for that... Well, i rather not spend more money for him to fix something, period.
 

ISG

New Member
We use Authorize.Net now through TransFirst. Just got it setup, ran tests and everything seemed to work fine. Activated it a couple of days ago. I wouldn't really recommend Stripe for anyone.. I mean, yea it is low cost, but you get what you pay for..



This is who I used for a while but keep using them wait until you get some type of chargeback or a declined payment. I moved from them because of the fees and poor support.
 

joepie91

New Member
I also appreciate the weekly updates where todays fixed a SQL vuln.

This is a red flag. If they are still "fixing SQL vulns", that means they are not using parameterized queries. That's really not acceptable in 2015, and makes them negligent.


The entire concept of "SQL vulns" doesn't exist when using parameterized queries.
 

KuJoe

Well-Known Member
Verified Provider
This is a red flag. If they are still "fixing SQL vulns", that means they are not using parameterized queries. That's really not acceptable in 2015, and makes them negligent.


The entire concept of "SQL vulns" doesn't exist when using parameterized queries.

You quoted a post from 2013 ;)
 

Powerfulbox

New Member
Verified Provider
Used stripe for about 2 years and only ever got 1 charge back, I am a big fan of stripe and if I had my way I would push it as our main payment method. More then 70% of our customers pay with PayPal still which has been really good for the last year but have way more complications with them in the pass then stripe.
 
Top
amuck-landowner