
Pay for GitHub with PayPal - xkarga00
https://github.com/blog/1861-pay-for-github-with-paypal
======
tokenizerrr
Looking at the actual payment process it seems you get an iframe embedded
within the github page that asks for your credentials. It's not possible for
users to verify that the iframe actually belongs to paypal without looking at
the source (it doesn't, it actually belongs to
[https://assets.braintreegateway.com/](https://assets.braintreegateway.com/)
and it POSTs there too). If this was any less reputable website implementing
this it would look really, really shady.

It also doesn't help with that we've been training users to check the URL bar
before filling in their credentials, which won't help at all now.

~~~
pbcoronel
Hey I'm Pedro, one of the developers at Braintree who built this. We are
actively working on this. Initial integrations pointed to a Braintree domain,
but any new merchant who integrates PayPal via Braintree will be using a
PayPal domain. GitHub will do so shortly.

~~~
tokenizerrr
That's good, but I think the user needs a way to confirm that the pop-in is
actually served by paypal, and that that is where their credentials will go.
As it is now, what will stop me from faking one of these forms, making it look
totally legit, but instead sending the logins to my own server?

~~~
justinpaulson
What would ever have stopped you from doing that? What will stop you from
doing that in the future?

~~~
tokenizerrr
Uh, the fact that normal paypal integrations redirect you to a
[https://paypal.com](https://paypal.com) page that has paypal.com in the url
bar, and a green mark for an ssl certificate that says "Paypal, Inc [US]"?
Which we have trained everyone to look out for.

------
joelg236
I wonder if anyone will use this. Seems like paypal is no longer the defacto
standard for payment as it once was.

~~~
ROFISH
Personally, I trust paying a person via Paypal vs. a generic credit card form.
Or anything really that doesn't let me trust you with my 16+3 digits that
grants full access to drain my credit.

~~~
taylorwc
Agree, but reluctantly. Given Paypal's horrendous history of freezing funds
and poor customer support, I use it only when I have serious doubts about a
site's generic form.

~~~
Afforess
Paypal has great customer support if you are a consumer, it is only sellers
that have issues. And usually it is because someone thinks it is a good idea
to use Paypal as a donation processor (which it is NOT meant for) and are
surprised when they get into trouble.

------
rwinn
WikiLeaks... never forget

------
nodesocket
Honestly I know it will probably never happen, but it would be awesome if
Stripe added PayPal integration. That way we can accept credit cards like we
already do, but also accept PayPal using a single unified API.

A lot of our international users want to pay with PayPal instead of credit
cards. International credit cards also have a high tendency to decline.

~~~
dev_cheese
Have you thought about switching to Braintree to provide that functionality to
your customers?

~~~
nodesocket
We love Stripe, and don't want to migrate. Plus we use
[http://hookfeed.com](http://hookfeed.com) for Stripe analytics.

------
JamesBaxter
Hopefully this means I won't have to pay £1.61 in bank transfer fees every
month.

~~~
Someone1234
I don't understand why you would anyway. There are a shed load of UK credit
cards which don't charge a currency conversion fee.

Here's a list of them: [http://www.money.co.uk/credit-cards/credit-cards-with-
no-for...](http://www.money.co.uk/credit-cards/credit-cards-with-no-foreign-
transaction-fees.htm)

I've used a Halifax one before and never paid for paying in USD.

------
funkyy
I would love to see GitHub actually keeping PP off the site and not putting
money in their pockets. I am bit disappointed to see such an innovative and
open source company not directly supports one of the most shady corporations
around.

------
nayefc
Funny how Braintree had to build that for PayPal :)

~~~
dangrossman
Braintree is a division of PayPal.

------
musx
any plans to accept bitcoin or SEPA?

------
cgcardona
<insert snarky bitcoin comment here>

