

Show HN: Accepting Payments Over SMS with Stripe - MatthewB
http://blog.sendsonar.com/2015/06/24/sonar-stripe-for-an-amazing-sms-based-customer-experience/

======
dnlongen
+1 for a thorough walkthough.

I'm not quite ready to +1 the idea though. It's intriguing, but seems to open
a user up to abuse. Unsolicited messages (email, SMS, IM, DM, Facebook, etc.)
are a popular way of phishing (tricking individuals into giving away private
information). One tip security pros repeat over and over is not to click on
unsolicited links.

While you say customers will only provide payment information to a company
they trust, what is to keep a crook from impersonating a trusted vendor and
tricking a customer into paying them instead of the actual company?

I'm all for convenience when done safely, and perhaps your business model
accounts for this - I'm just curious what you have done to prevent SMS-based
payments from turning into a source of fraud.

~~~
MatthewB
Thanks for the comment. We believe the potential for abuse on SMS is the same
as any channel.

If a crook spoofed a phone number (pretending to be a company), the customer
would still need to initiate the order. Meaning, if they received a text out
of the blue from a company saying "thanks for ordering pizza now put your
credit card in" without having actually asked for pizza, it would be quite
weird for them to put their CC info in.

If a user's phone was lost/stolen, there's a chance someone could text in an
order and at that point it is up to the company to do things like verifying
information for orders over a certain price point (along with other security
hurdles).

As for unsolicited messages, it is illegal for a company to do that (it still
happens, I get spam phone calls on a daily basis) and we give an easy way to
opt-out (simply reply back any of our unsubscribe keywords like "stop") and
they wont' be able to message you anymore through Sonar.

Hope that helps! Would love to hear your thoughts.

------
hammeiam
This example reminds me of that Push for Pizza app that made waves awhile ago.
Therefore, I love it! But seriously, this was a really solid walkthrough

------
vishaldpatel
Hey all! I wrote this article. Please feel free to ask me any questions.

~~~
m1117
how do you prevent scam?

~~~
vishaldpatel
Customers will only provide payment information to a company that they trust.

