

Ask HN: Is it weird to ask users to pay via CC through a desktop app? - superic

I'm working on something that would take payments (via credit card) from within a desktop application. Is that weird? The purchase is for something physical that would be received via real mail (which the application helped make).<p>It's not that it wouldn't be secure or anything like that. I'm not going to store the payment information -- just keep a record that it happened successfully.<p>I suppose I could make it so users would have to buy credits on the website and those credits would show up in the desktop app version as well as online. But that seems like an extra step for some users. I also don't want to hide the real cost of the service from users by saying "$10 is 382 credits and one use of the service is 342 credits" or anything like that. Associating cash cost with the product is fine.<p>Thoughts? Am I over-thinking this?
======
mahmud
You're not over thinking it, the web has trained people to trust it with their
credit cards, while your application has to establish itself a new.

The best thing you can do is mimick the visual cues of browser security and
put a big fat golden lock somewhere on the screen, and show other cues of
encryption in use (say, show a certificate verification dialog.)

Of course, use OpenSSL! This goes without saying. Don't fake security if
you're sending sensitive stuff in plain text.

Just to be sure your users don't have a keylogger (specially on Win32) provide
an on-screen keyboard/keypad and accept input only through that, or encourage
it over the actual keyboard. The more security hoops people jump through the
better they like it, at least I do.

~~~
wmblaettler
I have noticed an on-screen keyboard/keypad with ING Direct. They use it for
PIN entry. I presume that it is to defeat keyloggers as you have mentioned.

------
dkersten
If you're going the credits route.. why not just say "Your account has $10"?
No need to rename it to credits or anything like that.

Also, desktop online casino apps seem to open a browser on the payment page.
Maybe you could do something like this?

~~~
superic
Oh, no, what I was saying is I _don't_ want to do that. I would simply state
that "Your account has $10" rather than masking it with credits.

~~~
dkersten
Ah, I think I misunderstood what you were saying then.

------
wmblaettler
iTunes allows for in-application purchases with an online account. I suggest
examining their payment model.

------
eli_s
I suppose it comes down to human psychology. People are more used to entering
CC info on a secure site (https padlock icon all that) rather than their
desktop apps. Maybe the easiest solution would be to send users to a secure
URL?

