

“Stripe.com”.equals(“landmine”) as of now - james-singh
http://james-singh.com/2012/11/29/stripe-com-equalslandmine-as-of-now/

======
tvwonline
The same could be said of any payment processor.

The only way to verify would be to fill in your credit card details on a
domain belonging to the processor.

~~~
james-singh
Maybe what you're saying is the only way. Or maybe there are some options (two
options in the above comment). But whatever it is, we cannot resort to an
insecure way of payment just because there is no other way.

~~~
tvwonline
Regardless of people lying about using Stripe or what ever processor they
claim, you still don't have any guarantee that their backend system is secure
and treating your credit card information properly.

~~~
james-singh
Don't they need to go through PCI-DSS certification?
[http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Secu...](http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard)

I think those who've received the certification are pretty much worth the
trust. I don't see anything like that on stripe.com homepage though. Ditto for
paymill.com.

~~~
tvwonline
Sorry, looking back, my response wasn't very clear.

I didn't mean Stripe's backend, but the website owner's. Before passing the
data to Stripe's API, the website owner might intentionally or unintentionally
do something insecure with your details.

Meaning if you wanted to feel 100% safe with your transaction you may prefer
to enter your details on Stripe's website where you trust that company and
their implementation of security measures.

Unfortunately, if someone wants to try and trick a user into getting their
details, there is an infinite number of ways to make their payment page look
secure. Worse still, non-tech people wouldn't know to trust a company like
Stripe as opposed to any other made up company.

------
gluejar
stripe could hoste a page that lists your site as a client, display your loge,
and you could link to that page

~~~
james-singh
That seems like one good way of doing it. The other one I can think of is
using a widget containing html form generated dynamically by stripe, along
with a back link with a unique hash param that verifies it's authenticity.

