Hacker News new | past | comments | ask | show | jobs | submit login

For me as a customer, having PayPal as payment option increases the propability of purchase. Especially with one-time purchases from small vendors.

Reasons: No risk of credit card info misuse (by vendor), I only need username and password and I get certainly at least some kind of receipt for accounting.

>Reasons: No risk of credit card info misuse (by vendor), I only need username and password and I get certainly at least some kind of receipt for accounting.

It's a shame virtual cards never got more traction through the CC industry. For those who aren't familiar, some banks/cards offer you a tool that let's you set an arbitrary spend and expiration date (+2-12 months usually) and then generate a credit card number (with CVC) with those attributes (Bank of America branded theirs "SafeShop" for one example). Since it's a fully backed card number it'll transparently work on any site a normal CC would, but it cannot be charged more then the small limit (so you can set it just to the checkout price of one item and it's done), it can be trivially cancelled at will (useful for fighting dark pattern subscription services), etc (some of them can bind to merchant too). It's very effective for preventing misuse from online purchases. However for whatever reason it never seems to have spread or evolved really. BoA never added it to their mobile app for example, which seems like the most logical place, but rather kept it as a little Flash tool tucked away in their website. Plenty of banks do not offer it at all, and it never got much PR. It is more work to use and while that could have been reduced through better UIs (mobile again could really help there) it would always have been somewhat more work.

Maybe options like Apple Pay/Google Pay will ultimately fill that role, since they're essentially an automated version of the above (tolkenized per-purchase card numbers). It'd be nice if the industry would work harder though on some standards for the hardware ecosystem needed.

The reason I don't use virtual credit cards is because they tend to not protect you from first party fraud, only third party fraud.

Despite what the banks claim, they usually will NOT prevent recurring payments from being honored. Even if you don't have enough money in your account. (The bank will just collect it from you)

I used to use a service called Entropay, which would actually let you pre-pay money into a disposable virtual credit card. But banks would never let you do that, because it would undermine their own system.

90% of the problems that I have had over the last ten years have not been with credit card info being stolen, but with misleading or outright fraudulent behavior by merchants, and BoA virtual credit cards have all of the exact same problems as real credit cards and will do nothing to protect you.

You will still have to always keep an eye out that 90 days later you aren't charged again for the same thing. And you are still on the hook for charges made by the merchant you paid, and it is up to you to dispute any charges through the same process as with a regular credit card.

What I want, is to give a merchant a credit card number, pre load that number with $30, have them charge it, and then be completely done with it. This especially makes sense for low stakes low cost recurring monthly payments. I should just be able to stop paying a $5/month fax service that I never use, and have them terminate my service. Banks would never let you do that. Services that used to let you do that have been mostly shut down.

I understand that I may be technically agreeing to pay each month with recurring payments, but the onus should be on the provider to stop servicing me if I cannot come up with the money. The system that we have today for recurring payments makes no sense.

I simply want to be in control of how much money gets taken from me. It is the same reason I take bills out of my wallet to pay a clerk at a store, and do not simply hand them my wallet and ask them to take the money out. I don't care if I can call the bank and dispute things with them, I want to be the one to dole out the money for the transaction.

And I haven't tested this, but apparently if some scummy vpn service you did a 30 day trial with a few months ago claims you owe them, and you miss the window to dispute it, or the bank sides with the merchant, the bank is obligated to go after your money from other accounts.

No thanks.

>What I want, is to give a merchant a credit card number, pre load that number with $30, have them charge it, and then be completely done with it. This especially makes sense for low stakes low cost recurring monthly payments. I should just be able to stop paying a $5/month fax service that I never use, and have them terminate my service. Banks would never let you do that. Services that used to let you do that have been mostly shut down.

Privacy.com offers this service, but you have to pay from your bank account.

Like, Privacy.com has access to your bank account and have the authority to collect? Because then it is the same problem.

All I want, is the digital equivalent of a personal check.

A one time promise to pay money. If the merchant has a dispute with me, or thinks I owe them more money, they are free to sue me.

If my utility company wants automatic recurring payments, I have to sign paperwork which makes it very clear that I am authorizing recurring bank transfers.

The system we have now makes no sense at all.

It's not the same problem.

They block charges over the limit.

You can "turn off" a card after you use it.

They have "single use" cards that turn off automatically two minutes after the first charge.

You can set the spending limit on single use cards or for non-single use cards on a per month basis or per year basis.

You can use any billing name and address with the merchant.

what I* want is an exchange on the order of 'fooco is asking for $53.28, is that ok?'

the minor annoyance for recurring payments is totally worth not having to actively be on guard for random people withdrawing from my account.

why is this so hard? i suppose its because of some perverse incentives that I dont understand.

Me too, but I think that the big financial institutions are strongly against that.

Only available in the US though

Still has an arbitration agreement, unfortunately.

For something small or temporary, I might overlook it. For something that has direct access to my bank account, no go. They need to accept some liability if they want that level of access to my financial life.

To be fair, Paypal has an arbitration agreement too. But, if you're using Paypal as justification for your own policies, that's not exactly a strong starting position.

Two banks accounts deep. Let Paypal, Privacy see a dummy account, and use that account to transfer money into a main account. Keep layering for more protection, questions from your bank.

"Pay with Privacy", an interesting slogan to say the least.

Does privacy.com still require users to provide the username and password that they use for their bank account? That's an absolute no-go for me.

Interesting, is there any alternative for the EU market?

>Interesting, is there any alternative for the EU market?

Have a look at Revolut (however, you need a monthly subscription to use disposable virtual cards).

I use Revolut, and it's okay I guess. I dislike it's just a phone app and not a web one.

I also social engineered my way in to my own account via a brand new Twitter account, so ... beware.

Klarna has it, not sure which markets though.

I’m always surprised as to why people are concerned about card details misuse.

You are not responsible for card-not-present fraud (without 3D Secure). You can dispute any fraudulent charge with your bank, and I’d bet good money the bank has actually better customer service in that regard compared to PayPal.

As a consumer, I like PayPal because it allows me to shut off a payment stream when I want to.

A prime example was when I subscribed to NYTimes, and a few months later wanted to cancel. The only way to cancel was to make a phone call, navigate a phone tree, and wait for an agent. That was absurd, not only because I'm international and find it less convenient to call a US number... but particularly because I signed up and created the subscription online. NYT knew what they were doing by making it difficult for people to cancel.

With PayPal in between, I was able to easily just terminate the agreement. NYT could no longer suck money out of my card.

Technically you could still owe them that money... Just because you don't pay it doesn't mean that the contract gracefully ends.

You could argue about this. It is also questionable, where the contract was made. New York City? The place where the server is based? The place where the international customer is based? What law should apply? And if a company makes it unreasonable difficult to cancel a subscription then this may be a violation of some laws already. https://www.cnet.com/news/companies-must-let-customers-cance...

I know the point of your story was about being able to cancel, and not specifically NYT, but since others might read your anecdote and be turned off of NYT:

NYT has since upgraded to allow managing your subscription online, including upgrade/downgrade/cancellation.

I entirely agree that putting money into a PayPal account is a really bad idea, but I'll generally use one of my credit cards through PayPal if needed.

The last time I had to deal with card fraud, my bank was extremely reasonable to work with and didn't hesitate at all when disputing the charges. But the process can still be fairly annoying. Having to wait for the card to be replaced, having to move any auto billpay using that card to another, etc.

With very few exceptions, if the merchant isn't using a decent external payment platform, you might as well be posting your credit card information on Hacker News. I'd much rather run my card information through PayPal if that is the only option other than entering card information on the merchants dodgy website.

Most banks can be decent to deal with, and one can certainly take steps to mitigate the impact of it when it does happen (Like not using your debt card for purchases, ever. Using a different credit card for bill payments vs online purchases vs offline purchases, etc.) But I can understand why people would prefer to avoid card fraud when they have the option to do so.

Non-US credit or debit card owners are not in that good position wrt. disputes and getting their money back. Most of them charge for disabling the card and sending a new one. Dispute last for months, and are not automatically protecting the customer.

This is the first time I hear about this for UK. The chargeback rules are set by the network , i.e. MasterCard, Visa (sure Amex as well but they are both issuer , acquirer and network so that’s perhaps an unfair example). Is there a different rule set for MC USA vs MC rest of the world?

I worked for a fraud detection company in the UK that existed precisely because chargebacks work so well, here. So this is definitely news to me.

Yes, there is a world beyond US and UK. Customer support in, say, France is next to nonexistent compared to US and UK standards. Not to mention non-Western countries (where Visa and MasterCard still work, but the quality of service differs dramatically). I am Russian living in Switzerland, who speaks English and shops at Amazon/US. It creates all sorts of fun.

Laws in each country are different. In the US that is not just a network rule it is a law. In many other countries they are just rules that can change at any time. Check with your local country's laws as each are different. I would expect that the network's rules are in large part the intersection of the laws in every country they operate in - one set of rules is easier to track than trying to figure out which countries laws might be in effect (with disastrous consequences if they get it wrong).

Don't get me wrong, sometimes the networks rules are stronger than the laws for other reasons. Last I checked in the US the customer was legally out $50 in case of fraud, but all networks reduced it to zero figuring if they were already out potentially a large sum of money they may as well eat the last $50 too for goodwill reasons.

They’re only out $50 for debit accounts. Credit accounts, you’re not liable for anything.

Sad to hear that about Non-US card owners. In the US, I've had just the opposite experience. E.g., with AmEx, I had suspicious charges and before I even finished the description the agent interrupted me and said the charge and my card were both already cancelled and new card w/new numbers was already on the way via FedEx.

I'm not quite sure what pattern the agent recognized, but she sure didn't like it and they weren't going to put up with it for a second. I'm not sure why it wouldn't be in their interest to be this vigilant globally...

There are huge culture differences in different parts of the world, and no such thing as "global companies" -- local offices are staffed with locals. US customer support is probably the best in the world, only Japan could be a valid contender here. The rest of us have to suffer.

Interesting, and perhaps not surprising since a college acquaintance once told me (quite some years ago) that AmEx would only cancel your card in one country at a time. Seems he'd had some trouble in Europe (parents shut off funds or something), and while making his way home before eventually getting it sorted out, discovered that little tidbit.

"I’m always surprised as to why people are concerned about card details misuse. You are not responsible for card-not-present fraud (without 3D Secure). "

I am not surprised. You have obviously never stood in Ethiopia or wherever and have gotten a call from your bank: " This is the fraud department, unfortunately we have to block your card but we send you a new one".

Trick question: How many CC do you carry at a given time?

Hint: based from experience it should be at LEAST 3.

I am using a non-shit bank which will leave Apple Pay active while the physical card is replaced, or decline card-non-present transactions while leaving the card active for in-person transactions.

If the bank is bad it’s one thing but then the solution is to choose a better bank, not hack around the problem with a (shady) middleman like PayPal.

Not sure if it would have helped in your case, but when I was going to China for 2 months, I called the bank beforehand and let them know that I'll be in China, and asked to ensure the card would work there.

Would not have helped.

When I was abroad one guy was enjoying a decent McDonalds meal in the states with a cloned card.

Because then you have to go through the hassle of doing all of the paperwork, talking to the bank and getting a new credit card number (which means updating all your services that used the old number).

It's a pain in the butt when it happens.

I love a fresh card!

There are debit and prepaid cards, that can be used online, but disputing fraudulent charges is next to impossible. There are non-US banks, where disputing fraud is extremely difficult and takes months, during which your funds remain blocked. There are many cases where a card wouldn't work because it is from a different country, but PayPal works.

International consumer finance is a mess. Not everybody who shops on the Internet is a US citizen with a credit card account in a first-rate bank. There are other options.

It's just a pain when it happens and you have to notice and catch it to begin with. Last time I had my debit card skimmed I had a lot of subscriptions lapse and fail to charge because the old card had been cancelled but I hadn't gotten the new card yet to switch to.

I got all the money they'd charged back but it was still a stressful time because I didn't have any other card at the time.

I agree with you for US customers (and probably most of Western Europe), but situation in many countries in the rest of the world is different. Those consumers may not all be SOL in case of such fraud, but the recovery, if available, is much more involved than a single call / web action it takes in the US. My 2c.

Lots of people (especially in Europe) only have debit cards and no credit cards. And those often have worse consumer protection or in the best case you're still out your money for a long time during the dispute.

How is it different from PayPal though? In either case you have to wait for the dispute to clear in your favour before being able to get your money back.

>For me as a customer, having PayPal as payment option increases the propability of purchase.

For me, Paypal looks disgusting. Like it's stuck in 2002. I'd much rather buy if there's Apple Pay via Safari or Gumroad or literally anything else.

Until they arbitrarily ban your consumer account too, they just 'permanently limited' an old account I used on occasion to buy things on ebay without any problems that I haven't touched in a few months. No 3rd party access that I can tell so hilariously banned at random.

For me as a consumer if Paypal is the only option you will probably have lost me as a customer. I hate navigating through their mess of an UI and I also hate how they do not respect that I want 3D Secure on all credit card transactions (but this is more the fault of my bank which should deny their transactions).

Conversely, for me as a customer, if a vendor offers no option but PayPal then I refuse to do business there. Ethical considerations aside, I choose not to tie myself to yet another online service just to provide a layer of abstraction over the credit cards and bank accounts I already have.

It is often easier, more convenient, and less expensive, for small retailers to set up a PayPal option than a credit card payment option.

As a business, PayPal can be helpful that way too. But the point is, it shouldn't be the ONLY processor. Credit card input, via another processor, should always be an option.

Whereas I, as a consumer never use them because they are scammy.

OP isn't saying don't use it. Just don't make it your only option for accepting payment.

Same here. I find it easy to use.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact