
Ask HN: Did adding a payment system subject you to blackhat hacking attempts? - rocannon
I run a small web app that makes a little bit of money through ads.<p>People commonly give the advice that you should ask your users for payments if you want to keep your web app alive.<p>I do not know if people will pay for this app, but recently, I decided that I would add some for-pay features to my app.<p>I mentioned my decision to a friend. He said &quot;Aren&#x27;t you concerned that accepting payments may open your site up to attackers or abuse?&quot; I pressed him, but he couldn&#x27;t come up with a reason for asking. This idea had not occurred to me.<p>So, I&#x27;m asking you, people of HN: is my friend just paranoid? Have you heard about something bad happening to a website or app after payments were added? Do you have experience with this problem, or was it never a problem for you?
======
onion2k
It happens. Candy Japan gets a bit of discussion here on HN, and has a few
posts about credit card fraud on the blog (eg
[https://www.candyjapan.com/behind-the-scenes/how-i-got-
credi...](https://www.candyjapan.com/behind-the-scenes/how-i-got-credit-card-
fraud-somewhat-under-control)). The basic premise is that credit card
fraudsters use small online transactions to check if a card is valid before
they use it for the big high value stuff, and the cost of those transactions
to a small business can make it expensive to run.

That said, if you're just enabling features on a site the actual cost to you
is effectively zero, so maybe it's not something to worry about.

~~~
rocannon
Oh yeah, I did see that Candy Japan post. I had forgotten. Thanks!

