Ask HN: Why has nobody pushed for a consumer side CC processing solution?

[mntwiddler]

I live in the Midwest and will readily admit that I am WAY out of the loop of the valley but...

I LOVE buying things online. In fact I love it so much that I do it probably 1-2 times a week. I buy books, clothes, random gadgets, web apps etc.

I HATE having to fill out a payment form every time I want to pay for something. And in order to not fill out a payment form every time I visit the site I have to become a "member" of the site, give them my email address, remember the password and on and on. It's annoying. Why can't I just swipe my credit card like I can at a store and buy something? Why is it not that easy?

I really subscribe to the whole "Ideas don't matter as much as execution" mantra and I would surprised if this hasn't already been brought up many times. But if it has why hasn't somebody done something about it? And if somebody has done something about it why haven't I heard about it?

[stonemetal]

There is a certain amount of security in "swipe my credit card". It implies the customer has possession of a thing that hasn't been reported stolen. Now if I stick a card swipe on the side of your monitor so you can swipe from home what data do I transmit that gives that same "in possession of a thing that hasn't been reported stolen" feeling? Currently it is a raft of personal information. If we were in Europe it could be data from the chip embedded in your credit card. Until US cards catch up I am not sure how you would battle fraud.

[mntwiddler]

Definitely an issue. However if a card has been reported stolen wouldn't it just be deactivated and not work whether it was used at an at home swipe or swiped at a business?

[stonemetal]

The physically possesses part is an important part of that equation. If I hack the users computer and steal the swipe info then I can retransmit the data and home swipe without physical possession of the card. Since the user never lost the card he is less likely to report it lost or stolen in a timely manner. A smart credit card would generate a known nonce making retransmited data worthless, and restore the likely physically has the card factor.

[wmf]

I think Chrome and Firefox are working on this. https://wiki.mozilla.org/WebAPI/WebPayment

[bradleyjg]

The browsers all have automated form filling functionality, as do many of the password plugin providers (e.g. lastpass).

[mntwiddler]

Auto-form filling is cool and helps the situation but what about NON technical individuals who wouldn't understand how to use that or people who don't understand plugins? How about if your purchasing something on a company card vs. a personal card? What if you have multiple cards?

Wouldn't just being able to swipe be a whole lot simpler?

[bradleyjg]

Even if you had a credit card swiper connected to your computer you'd still have to enter the CVV2 and associated address information because from the merchant's point of view it'd still be a card not present transaction. If you want to change that, you'd have to go down the road of having a piece of hardware that a third party can trust the owner hasn't tampered with. That's a really difficult problem as various DRM schemes have shown.

The there's the integration between the swiper and the operating system and the operating system and the browser. And at the end you are still left with a UX very much like the form filling software because the browser needs to guess where to put the information and have some way of fixing it if it got it wrong.

[karolisd]

Isn't this what Google is trying to do with Wallet?

[mntwiddler]

I think the whole push to go "card-less" or "wallet-less" is awesome and will eventually happen but what about the millions of people who won't do that for a really long time?? Cards maybe eventually die (I hope they do) but I still think they will be a prevalent of payment processing for at least the next 7-10 years.