Hacker News new | past | comments | ask | show | jobs | submit login

Hi, We plan to in the future. We haven't many people requesting it since most of them have majority of Indian customers which can not have recurring billing



How will you reconcile recurring payments with 3D secure requirements?


One way to do that would be to monitor SMSes for 2FA codes. This can be easily done on Android and iOS. The app can run the payments flow in a phanthomjs esque environment and read off 2FA values from the SMS inbox, and bam! Payment done. Also, there are other options for authorizing recurring payments but at fixed amt, and paper work can't be avoided.


Not every bank sends 2FA codes via SMS. For example my debit card with SBI has a static password that I need to put in for every payment


In that case, you could provide the user with a on-device one-click authenticate button (via notification/email, reminding her/him to approve the payment) that'd push the credentials out to your phantom-js instance. I am not sure what RBI complaince mandates, but one might be a strongbox.io away from implementing such a scheme server-side as well, if legal. A lot of care must go into securing such systems, no doubt. And there might be simpler alternatives that I simply cannot think of.


Just like cvv, we are not allowed to store the static passwords.


Well, you don't really store the passwords on your servers, but rather store it on user's own devices (in a keystore, for instance). The user then agrees to push the credentials to your servers periodically instead of typing the password to authorize the payment.


We have a few tricks up our sleeve.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: