I worry a lot about making credit card transactions with websites I don't have stable credentials on, and always opt to pay via Amazon or (gak) Paypal if it's my first time buying somewhere, unless they're using Stripe.
Is there anything you check for to confirm that it is Stripe? I was deceived last week, paying for something via something that looked like an embedded Stripe payment form.
> Is there anything you check for to confirm that it is Stripe?
You check the domain name in the address bar.
Embedded forms aren't safe—one must assume that the surrounding page has access to anything entered into the form, so you're not just giving your CC data to Stripe, you're also giving it to whatever site embedded the form. If you don't trust the merchant with your credit card, the only safe system is the one where you're directed to a top-level page hosted by Stripe to enter the payment details.
