Ask HN: Did adding a payment system subject you to blackhat hacking attempts?

[rocannon]

I run a small web app that makes a little bit of money through ads.

People commonly give the advice that you should ask your users for payments if you want to keep your web app alive.

I do not know if people will pay for this app, but recently, I decided that I would add some for-pay features to my app.

I mentioned my decision to a friend. He said "Aren't you concerned that accepting payments may open your site up to attackers or abuse?" I pressed him, but he couldn't come up with a reason for asking. This idea had not occurred to me.

So, I'm asking you, people of HN: is my friend just paranoid? Have you heard about something bad happening to a website or app after payments were added? Do you have experience with this problem, or was it never a problem for you?

[onion2k]

It happens. Candy Japan gets a bit of discussion here on HN, and has a few posts about credit card fraud on the blog (eg https://www.candyjapan.com/behind-the-scenes/how-i-got-credi...). The basic premise is that credit card fraudsters use small online transactions to check if a card is valid before they use it for the big high value stuff, and the cost of those transactions to a small business can make it expensive to run.

That said, if you're just enabling features on a site the actual cost to you is effectively zero, so maybe it's not something to worry about.

[rocannon]

Oh yeah, I did see that Candy Japan post. I had forgotten. Thanks!