Hacker News new | ask | show | jobs
by etagwerker 3986 days ago
Yeah, Mercado Pago has been around more than Stripe, but they are still rookies when it comes to their platform's security.

See Stripe's Security section: https://stripe.com/help/security

I'm still trying to find Mercado Pago's Security section and security vulnerability protocol (e.g. Who do I contact when I find the next security hole?)
1 comments
benologist 3986 days ago
Just because they're not doing it like Stripe doesn't mean they're rookies, they also did $7.1 billion in transactions last year. Most companies have pretty obscure/lacklustre security outreach, it's something that's getting a lot more emphasis these days than it used to.
link
Aldo_MX 3986 days ago
Just because they did $7.1 billion in transactions last year, it doesn't mean they're not rookies.

Most of the big IT companies in this side of the world follow the ideology of "we don't care about doing things correctly, we only care about getting the stuff done" and succeed because of the traction they generate due to the lack of serious competition.

Recently Amazon joined the e-commerce arena in Mexico, but my expectations are that Mercado Libre will follow the footsteps of Ask.com, Source Forge, etc. instead of improving, they have been arbitrarily doing UX anti patterns in the last years in order to protect their income at the expense of the users.

link
etagwerker 3986 days ago
Maybe rookies wasn't the right word.

The fact that they allowed such a blatant vulnerability to reach production makes me question their test suite and development process. What else is wrong that we are not seeing?

I expect more transparency and professionalism from a company that processes $7.1 billion in transactions.

link
benologist 3986 days ago
It's not unreasonable to expect better transparency, that's something that's improving too slowly. We don't even know if this was exploited yet and it's been a couple months and there's always a lot of opacity around hacking incidents.

Security is hard and accidents are easy, dropbox once had a four hour period where they didn't verify passwords!

http://techcrunch.com/2011/06/20/dropbox-security-bug-made-p...

link
etagwerker 3985 days ago
That is pretty embarrassing too and even a bigger vulnerability, but Dropbox released a statement about it.

I believe that owning up to your mistake and being transparent about it can only make your customers trust you more. What worries me is that Mercado Pago is huge and they never released a statement about this issue. I hope that they change this policy soon.

link