Hacker News new | past | comments | ask | show | jobs | submit login

Do they want me to put my credit card and personal information in an insecure form? I'm trying to figure out if this form posts to a secure endpoint. I don't think it does.



http://mayone.us/distribution-plan/

" What payment processor do you use? Are my money and information safe?

We have decided upon using Stripe as our payment processor. Stripe has offered us a very competitive rate (for which we thank them), and Stripe is compliant with PCI requirements and no sensitive data hits our servers. When you enter in your credit card information, it is not stored on the mayone.us site and goes directly to Stripe via the Stripe.js API.

Or in short: Yes, your money and info are safe. "


Yeah I read that. But it's strange, when I enter in information and hit "Pledge" it posts the fields to another insecure endpoint:

http://mayone.us/wp-admin/admin-ajax.php

Maybe I am missing something about how stripe works?


https://stripe.com/help/ssl

> Do I need to use SSL on my payment pages?

> Yes


I'm concerned about why they are posting to THEIR own server to begin with. Even if they were using SSL, it seems like some kind of misuse of stripe.js




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: