And there are even more red flags.
- no information about what company/which individual is responsible for the service (I always want to know who I'm doing business with)
- no contact information (no, Twitter is not a business channel)
- no information about anything even related to liability and/or applicable laws
- no ToS
- no privacy policy (so no customers from the EU + possible lawsuits in the EU for the person who runs it)
- no cookie policy, but still a cookie. Even better, it's valid for 10 years... (and here we go again with possible lawsuits in the EU)
Maybe there is some information about this after the registration, but it is:
a) too late
b) not how a serious company should communicate with potential customers/partners.
Not if you handle the card numbers outside of Stripe (through a backend) instead of letting them pass through Stripe's iframe.
It's unclear to me if that's happening here. Stripe CAN work that way, but then PCI compliance is entirely on you (and you might as well get a regular merchant account at that point, since you've already gone to all that effort.)
Anything that touches cardholder data has to be PCI compliant. Stripe offloads PCI compliance for you because Stripe's front-end library lets the card number (etc) pass from your browser directly to Stripe's PCI-compliant backend, without ever passing through your application servers.
If you interrupt or proxy that flow, you become responsible for PCI compliance.
(Note that I have no idea if that's what they're doing here, but they could and you wouldn't even know until your account was closed for fraud. Also, this sort of centralized architecture can easily become a target for attack.)
Yep, same feeling here.
And there are even more red flags. - no information about what company/which individual is responsible for the service (I always want to know who I'm doing business with) - no contact information (no, Twitter is not a business channel) - no information about anything even related to liability and/or applicable laws - no ToS - no privacy policy (so no customers from the EU + possible lawsuits in the EU for the person who runs it) - no cookie policy, but still a cookie. Even better, it's valid for 10 years... (and here we go again with possible lawsuits in the EU)
Maybe there is some information about this after the registration, but it is: a) too late b) not how a serious company should communicate with potential customers/partners.
I'll pass.