

Let people pay you. Make it easy - begriffs
https://github.com/begriffs/lucre

======
jackowayed
The demo app is not served over HTTPS, nor do the instructions tell users to
use HTTPS. This is bad.

Yes, in its normal (unattacked) operation, the connection _to Stripe_ will be
safe HTTPS. But if someone does a man-in-the-middle attack, then there will be
no connection to Stripe, just a connection to an evil website that steals the
card (or both to be sneakier; it doesn't matter).

If you're not serving your site over HTTPS, then an attacker can arbitrarily
rewrite the content of your site, so no one can trust it.

~~~
martin-adams
What stops anyone doing that on most e-commerce sites? If I go to
Amazon.co.uk, my basket is served over HTTP. A man in the middle attack could
rewrite that and get me to log into a fake site that looks legit.

Of course, the obvious answer is to run everything over HTTPS, but I'm not
sure I understand the difference in what Amazon do and this demo page.

~~~
danenania
Yeah, even displaying a login form on a non-https page is a big hole for mitm
attacks, but most of the web can't be bothered.

~~~
delinka
Even displaying _any_ page over non-HTTPS and linking to a login page is a big
hole for MITM attacks. Who's to say the login page is really on the correct
server? As long at the little lock looks green (does Joe Public even pay
attention?), it's safe ... right?

------
6ren
Annoyance: you start reading, and the page suddenly scrolls back to the top.

That is, the page has mostly loaded. You scroll down, and start to read. The
rest of the page loads, and it scrolls back up to the top. (I'm assuming the
page codes this, and it isn't a behaviour of FF 20.)

So many sites do this, and it is _so_ annoying. Probably, on github's own
servers, loading is so fast that they never experience this problem
themselves.

------
davidbanham
This looks cool, but probably worth pointing out that it's only relevant to
Americans or Canadians as it relies on Stripe.

~~~
rurounijones
And UKians soon

<http://thenextweb.com/uk/2013/03/01/stripe-uk-europe-launch/>

~~~
StavrosK
_Some_ UKans now, I'm in the beta and it's amazing. I use it for early beta
access here: <http://beta.getinstabot.com/>

Couldn't be easier to work with. Major, major props to the Stripe team.

------
alpb
I appreciate this effort. But isn't integrating Stripe fairly easy with Stripe
Connect button (<https://stripe.com/connect>) without any effort on backend,
or even integrating any backend code?

~~~
begriffs
It seems like Stripe connect requires users to create accounts. I wanted to
make the minimal app possible to pay me. No accounts, no nothing, just
payment.

That said, there's not much to my app. Just some rails routes, a form, and
Stripe Checkout on the client side. But it gets the job done.

~~~
StavrosK
Yeah, sounds like he meant Stripe Checkout, which is half of the same thing
you do (it returns a token, which you then need to charge), but has a better
UI.

------
dangrossman
It seems like a PayPal button would solve the same problem a whole lot easier.

~~~
lowboy
But then you risk becoming another horror story of Paypal if things go wrong.

~~~
dangrossman
Statistically, things do not often go wrong with PayPal. The number of "horror
stories" is extremely _low_ for a payment service with hundreds of millions of
accounts and $145 billion in payment volume. Regardless, the idea here is to
be quick and dirty to accept occasional payments. There's no risk there since
you can immediately withdraw the payment. If your account gets closed, who
cares. You don't need a Stripe account, a Heroku app, and devops knowledge
when copying and pasting a PayPal button or telling someone to send money to
your e-mail would suffice.

~~~
lowboy
Yes, they might be relatively low, but the way they handle account freezes
just leaves a bad taste in the mouth. I understand wanting to prevent fraud,
but it seems like they catch a lot of innocent people and force them to prove
that the money was obtained legitimately. Guilty until proven innocent.

------
magicarp
Does this need the overhead of being a fully-fledged Rails application? What
about making it a Sinatra app?

------
rurounijones
Heh, that is very easy.

I like it BUT it is SO simple and ad-hoc that I wonder if people would be put
off by it.

Like the story about users who disbelieve a big system has done something
unless it takes a few seconds to process etc.

I wonder if people will think "This is too easy; it must be a scam"

------
benatkin
Casual use doesn't fit well into most tech company's business models. Their
APIs made to work for casual use because they don't get used casually enough
to make the support costs of casual use outweigh the marketing gain for
serious customers. If this was turned into a WordPress plugin that caught on
and tens of thousands of people installed it on their blogs for casual use, I
think Stripe would probably make it more difficult to sign up.

------
namuol
This is nice, but what we really need is something that generates non-ugly
"buy" form templates that work with Paypal, Amazon, Google Wallet, and Stripe
for direct CC purchases.

------
winter_blue
Stripe is currently not supported in my country.

PayPal is pretty much the only payment gateway supported.

Is there something like this, but for PayPal?

~~~
addandsubtract
PayPal, outside of the US, requires you to pay over their site. So no, there
isn't something exactly like this for PayPal. You could, however, just embed a
PayPal button in your checkout and have the buyer complete the order and pay
on PayPal.

------
axelf
But then you have to pay stripe's transaction fee. Why not use something like
venmo that is free when you use it with ACH?

~~~
j_s
Can you share any experience you've had implementing w/ Venmo, especially in
comparison to this Stripe implementation?

------
Kiro
Is it even legal to accept money like this as a non-business entity? What
about taxes?

~~~
bdonlan
It's income, just like any other income, and is subject to income tax in the
US. If you're paid more than $20,000 and had more than 200 transactions,
you'll get a 1099-K, but even if you don't, you still have to report it as
income on your 1040s.

Also, see these entries in Stripe's FAQ - you're not required to be a business
to use stripe: [https://support.stripe.com/questions/sole-proprietor-
without...](https://support.stripe.com/questions/sole-proprietor-without-
federal-ein) [https://support.stripe.com/questions/do-crowdfunding-
sites-n...](https://support.stripe.com/questions/do-crowdfunding-sites-need-
to-be-in-the-united-states)

AIUI, incorporation is mostly about limiting liability, and making it easier
to sell off the business (or shares thereof) later. There are probably other
advantages as well, but making it legal to accept payments at all isn't one of
them.

------
evadne
<https://spacebox.io/>

~~~
r0s
> All plans are subject to Stripe's additional transaction charge of 2.9% + 30
> cents per transaction.

They should just put that center at the top of the site so I can bounce
faster.

------
mikelbring
<https://coinfly.com> does the same thing, easy way to send invoices with
Stripe.

------
marcamillion
This is nice. I like it.

Thanks!

------
bowerbird
you da man, joe! thanks!

the check's in the mail. ;+)

-bowerbird

