Hacker News new | past | comments | ask | show | jobs | submit login

The problem is that most consumers don't plan ahead for wanting to buy a porn subscription. It's a spur of the moment decision. Any form of barrier you put in front of that decision -- whether it's extra verification, or a different digital currency they need to buy, or a prepaid card just for adult content -- drastically reduces the percentage of surfers that go from "guy looking at the site's preview page" to "guy that became a member."

This is why few Adult companies have setup Verified by Visa or 3-D Secure (though as I noted elsewhere, 3-D Secure rarely actually works) for verifying cards before charging the transaction. This is why Adult companies in the UK started scrambling when they passed legislation requiring driver's license verification. This is why no prepaid adult content card -- and there have been numerous, including one promoted by Howard Stern -- has ever really caught on. Any extra step required to pay for a site increases the percentage of people that just click off to somewhere else. Luring those people to your site in the first place is expensive, involving all sorts of advertising and affiliate deals, so anything that reduces the conversion ratio is a deal breaker.

I wonder if fraud could be reduced by creating a "push" payment model instead of pull. Not just for adult sites, but for e-commerce in general.

The form says "To subscribe, remit $25 to account 12345678, and paste the transaction ID into this field." The merchant could then verify that the transaction ID matched up with a payment he received and complete the sale.

With a standardized microformat for the payment data, this could probably all be detectable and streamlined into browser plugins or apps-- you'd just see a button that redirects you to log into your bank's site with the transfer details prewired.

I figure this has plenty of benefits:

* The only remotely sensitive data you pass to the merchant is a transaction ID. You'd probably be able to actually do the sale without SSL, but certainly without most of the PCI compliance hassle.

* The merchant can't use the info you provided to enable an unexpected second charge or subscription.

* The bank can choose to make their process for executing the push transactions as "easy" or as "secure" as they (or the users) want. The merchant doesn't have to know, care, or worse, spend money to retool their site to support changes.

In a way, PayPal's flow is sort of push-oriented, but it's ugly in a lot of ways.

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact