

Ask HN:  Why has nobody pushed for a consumer side CC processing solution? - mntwiddler

I live in the Midwest and will readily admit that I am WAY out of the loop of the valley but...<p>I LOVE buying things online.  In fact I love it so much that I do it probably 1-2 times a week.  I buy books, clothes, random gadgets, web apps etc.<p>I HATE having to fill out a payment form every time I want to pay for something.  And in order to not fill out a payment form every time I visit the site I have to become a &quot;member&quot; of the site, give them my email address, remember the password and on and on.  It&#x27;s annoying.  Why can&#x27;t I just swipe my credit card like I can at a store and buy something?  Why is it not that easy?<p>I really subscribe to the whole &quot;Ideas don&#x27;t matter as much as execution&quot; mantra and I would surprised if this hasn&#x27;t already been brought up many times.  But if it has why hasn&#x27;t somebody done something about it? And if somebody has done something about it why haven&#x27;t I heard about it?
======
stonemetal
There is a certain amount of security in "swipe my credit card". It implies
the customer has possession of a thing that hasn't been reported stolen. Now
if I stick a card swipe on the side of your monitor so you can swipe from home
what data do I transmit that gives that same "in possession of a thing that
hasn't been reported stolen" feeling? Currently it is a raft of personal
information. If we were in Europe it could be data from the chip embedded in
your credit card. Until US cards catch up I am not sure how you would battle
fraud.

~~~
mntwiddler
Definitely an issue. However if a card has been reported stolen wouldn't it
just be deactivated and not work whether it was used at an at home swipe or
swiped at a business?

~~~
stonemetal
The physically possesses part is an important part of that equation. If I hack
the users computer and steal the swipe info then I can retransmit the data and
home swipe without physical possession of the card. Since the user never lost
the card he is less likely to report it lost or stolen in a timely manner. A
smart credit card would generate a known nonce making retransmited data
worthless, and restore the likely physically has the card factor.

------
wmf
I think Chrome and Firefox are working on this.
[https://wiki.mozilla.org/WebAPI/WebPayment](https://wiki.mozilla.org/WebAPI/WebPayment)

------
bradleyjg
The browsers all have automated form filling functionality, as do many of the
password plugin providers (e.g. lastpass).

~~~
mntwiddler
Auto-form filling is cool and helps the situation but what about NON technical
individuals who wouldn't understand how to use that or people who don't
understand plugins? How about if your purchasing something on a company card
vs. a personal card? What if you have multiple cards?

Wouldn't just being able to swipe be a whole lot simpler?

~~~
bradleyjg
Even if you had a credit card swiper connected to your computer you'd still
have to enter the CVV2 and associated address information because from the
merchant's point of view it'd still be a card not present transaction. If you
want to change that, you'd have to go down the road of having a piece of
hardware that a third party can trust the owner hasn't tampered with. That's a
really difficult problem as various DRM schemes have shown.

The there's the integration between the swiper and the operating system and
the operating system and the browser. And at the end you are still left with a
UX very much like the form filling software because the browser needs to guess
where to put the information and have some way of fixing it if it got it
wrong.

------
karolisd
Isn't this what Google is trying to do with Wallet?

~~~
mntwiddler
I think the whole push to go "card-less" or "wallet-less" is awesome and will
eventually happen but what about the millions of people who won't do that for
a really long time?? Cards maybe eventually die (I hope they do) but I still
think they will be a prevalent of payment processing for at least the next
7-10 years.

