However, one tiny nitpick:
The Stripe brand is not equivalent to paypal and other common payment options, it doesn't yet mean anything to most people. The button saying "Pay with Stripe" might confuse people or not convert optimally, perhaps let the text be customized?
Yes, I absolutely agree. We're redesigning that part of the button, and allowing people to specify various options, such as 'Pay', 'Add Card', 'Checkout' etc.
That was my first concern as well. This is a great feature, as long as we can customize the button, otherwise I'm not really excited to share this with customers. As much as I love Stripe, my customers want a way to "Pay with credit card" not "Pay with Stripe".
For me, it would be great if the entire button was replaceable with my own link, not just the text (ie. if I could style it with CSS to my heart's content)
Yea, I agree - if you are accepting payments from non-developers it's probably going to damage your conversion rate. Having an option for a "Powered by Stripe" logo would probably be a better way to build brand awareness.
This will probably confuse consumers until Stripe has the brand awareness of Paypal.
I agree with you if the button is standing alone, but if its a "Pay with Stripe" button alongside a Paypal and Google Checkout button then I think it adds more street cred than is taken away.
I would love this feature. I'm going to go ahead with implementation even without it, but being able to customize the text would make it that much better.
I think they need to start with something like 'Pay with Credit Card <br/><small>powered by Stripe</small>', and as their brand grows switch the emphasis to their brand and away from the word Credit Card.
Every time I see yet another Stripe post on HN, I get all sad all over again knowing they have no real plans to launch in NZ (or any other country afaik).
After a year or so of waiting they have expanded to only one other country (Canada), and they still completely avoid talking about future expansion other than a token "We are working on expanding into other countries" sort of answer =/
Very cool looking project, but looking more and more like it's never going to be able to used by the majority of the world... (ie any developers living outside of the USA).
They're in a business and industry that is difficult enough to launch in a single country, have repeatedly stated their intention to expand, backed up their talk by launching in Canada and yet you say, "no real plans to launch in NZ (or any other country afaik)", "completely avoid talking about future expansion" and "looking more and more like it's never going to be able to used by the majority of the world"?
There are reasons the options are poor; consider those and be patient. The fact that they're even thinking about expanding at this point is impressive enough, considering the hurdles.
I'm sorry. It's really frustrating for us too. To the extent it helps, Canada is very much just a first step for us. We're actively working on a number of countries—including New Zealand specifically.
How can you say it's "looking more and more like it's never going to be able to be used by the majority of the world... (ie any developers living outside of the USA)." when they just finished their first expansion.
Now that they've got a system down for expanding, they don't have to do so much work next time. Though every country will still have it's own set of rules and regulations regarding the finances, you must crawl before you can walk, yet alone run.
I have no idea how long it took Paypal to reach as many places as it has, but we have no reason to doubt Stripe will get there too.
With a growing startup ecosystem (500 startups being officially here, for example) and very few payment solutions (for example, Paypal only offering Payments Standard), I thought I'd just drop in to inquire about Mexico on the short list for expansion.
Why would we use a payment processor that only works in the US and Canada? I mean everything I've seen about Stripe looks utterly fantastic, but we've been waiting ages for it to come to Britain and Europe, when is this actually going to happen? What actual roadblocks are in the way of this happening? What have the team responsible for this been doing for the past year or so, sitting on their arses?
Every time someone posts about stripe there is this comment. They have said numerous times that they are working on it and they have to pass through several regulatory hurdles to do so. They also explained in their blog post about the canadian support that many of the hurdles of adding a secondary region to the platform wont have to be done for further regions. So your answer is it will be released when its ready.
EDIT: to avoid any FUD, there's no problem with the URL; as the replies say, the path of the target URL is encrypted under SSL.
---
ORIGINAL: I have a question about the security of the button, though I may be wrong. The outgoing request is a GET with the credit card info in plain-text as a query parameter. With it went all of the cookies in the origin's domain.
Cookies are only sent for the domain involved in the request, so only stripe.com cookies would be sent to Stripe, not any cookies for the domain hosting this button.
I wanted to say thanks for the comments. This is just a beta product that we're experimenting with. As many people here are pointing out, there's still a lot we want to fix and improve (e.g. the button text and how validation works). We definitely welcome any feedback, though -- especially if you go to implement it on your site.
This is awesome guys, great work. One quick nitpicky thing that I don't think has been addressed yet: In Safari after the cancel button has been clicked, clicking the button fades in, then out, and in again before you can enter anything. Edit I'm using Safari 5.1, doesn't seem to happen in 6.
Great work but I do have questions about the security implications. I'd love to have a chat if you have some time. I'm trying to do something similar (button popups and involves money) but we're non-competing.
In case any Stripe folks read this, I tested it with an invalid month (13) and valid year (16,15,13,12 in that order) and valid everything else, and every time it put the red error highlight around the year instead of the month.
No comment box on post page, so posting here instead.
Actually, I'd be interested to know what are the main obstacles in launching this service internationally. Is it mainly bureaucracy and legal issues, or are there yet other considerations?
It would be cool, if you start typing numbers* into the first field, it automatically switched focus to the proper second field and put the CC numbers there. Just made the mistake myself, started typing the example CC number and only afterward noticed I filled out the "Full Name" field.
*May cause problems for 2Pac and other new age names...
2pac would be fine, no common cards use a 2xxx prefix anymore (only [3 4 5 6] are in use these days). 50 Cent might cause issues, but those could be dampened by not bouncing to the CC field until you've entered 4 characters or so.
I'd love to hear the security implications of the button. Seems to me that someone could easily replicate this and trick users into entering their credit card number. Am I wrong? Are there any other avenues of attack? I have an idea about something similar but since I'm no security expert, I'd love to hear what more experienced hackers think.
There seems to be a bug in Chrome when the javascript validates my MM input. Notice that MM is impossible (66) yet it highlights the YY box (which is valid): http://i.imgur.com/iHYFe.jpg
Boom! The button idea is brilliant. It really seems like Stripe has the potential here to become the payment fabric of the web in a way PayPal once could have been but botched due to a lousy UX.
I'm not sure having a modal is the best idea -- aren't modals generally frowned upon because they require a mental recontextualization and disrupt the user's flow? I'm just curious if anyone else had this thought.
Although I can see why having a prepackaged one-button solution would make sense, where Stripe takes care of the presentation / styling / inputs, so there actually is a change of context.
For the record, I use Stripe at my company, and I love it!
Looks great. I can only imagine that this is the first step towards allowing users to store their credit card information securely with Stripe and not have to pass it through every merchant site. I can't wait until the day that Stripe's ease of use for developers meets (and exceeds) Paypal's ease of use for customers.
In my opinion the button resembles a regular bootstrap button. I think Stripe ought to give this button a little creative touch to make it instantly recognizable; you know, building the brand recognition thing. When I see the Paypal button i instantly know what I'm clicking on.
For some reason I couldn't find the cancel button, honestly had to look for it for a while. My brain expected to be able to click in the top left or right or on the background to dismiss it, never though to look next to the "pay" button. But otherwise the design is awesome!
Yeah, I'd say a big red cancel button (or maybe give the "Pay" button the whole bottom slice, and have a traditional red X button in the corner), and the ability to dismiss the dialog by clicking outside of its frame would go a long way here.
I really like Stripe. They're working hard to make payments work as well as GitHub does for source control, and this is yet another really useful tool. They're not perfect--we still encounter bugs occasionally--but they're responsive and friendly. Goes a long way.
[+] [-] recuter|13 years ago|reply
However, one tiny nitpick: The Stripe brand is not equivalent to paypal and other common payment options, it doesn't yet mean anything to most people. The button saying "Pay with Stripe" might confuse people or not convert optimally, perhaps let the text be customized?
[+] [-] maccman|13 years ago|reply
Yes, I absolutely agree. We're redesigning that part of the button, and allowing people to specify various options, such as 'Pay', 'Add Card', 'Checkout' etc.
[+] [-] mrschwabe|13 years ago|reply
[+] [-] boucher|13 years ago|reply
[+] [-] obeattie|13 years ago|reply
[+] [-] slykat|13 years ago|reply
This will probably confuse consumers until Stripe has the brand awareness of Paypal.
[+] [-] jhull|13 years ago|reply
[+] [-] zrail|13 years ago|reply
[+] [-] pclark|13 years ago|reply
[+] [-] rscale|13 years ago|reply
I think they need to start with something like 'Pay with Credit Card <br/><small>powered by Stripe</small>', and as their brand grows switch the emphasis to their brand and away from the word Credit Card.
[+] [-] davesmylie|13 years ago|reply
After a year or so of waiting they have expanded to only one other country (Canada), and they still completely avoid talking about future expansion other than a token "We are working on expanding into other countries" sort of answer =/
Very cool looking project, but looking more and more like it's never going to be able to used by the majority of the world... (ie any developers living outside of the USA).
[+] [-] detst|13 years ago|reply
There are reasons the options are poor; consider those and be patient. The fact that they're even thinking about expanding at this point is impressive enough, considering the hurdles.
[+] [-] pc|13 years ago|reply
[+] [-] speg|13 years ago|reply
Now that they've got a system down for expanding, they don't have to do so much work next time. Though every country will still have it's own set of rules and regulations regarding the finances, you must crawl before you can walk, yet alone run.
I have no idea how long it took Paypal to reach as many places as it has, but we have no reason to doubt Stripe will get there too.
[+] [-] jeduan|13 years ago|reply
[+] [-] antihero|13 years ago|reply
[+] [-] tomschlick|13 years ago|reply
[+] [-] StavrosK|13 years ago|reply
[+] [-] juddlyon|13 years ago|reply
I've used the service for a client and am in the process on two others. Highly recommended, especially if you've ever been in PayPal integration hell.
[+] [-] pfraze|13 years ago|reply
---
ORIGINAL: I have a question about the security of the button, though I may be wrong. The outgoing request is a GET with the credit card info in plain-text as a query parameter. With it went all of the cookies in the origin's domain.
GET https://api.stripe.com/v1/tokens?key=W1xyC0XilnJTkz52noGj1Hh...
The SSL keeps the cookies safe from loggers, but not from stripe. The URL, however, is not protected from anybody, right?
[+] [-] Cushman|13 years ago|reply
[+] [-] boucher|13 years ago|reply
[+] [-] naz|13 years ago|reply
[+] [-] pc|13 years ago|reply
I wanted to say thanks for the comments. This is just a beta product that we're experimenting with. As many people here are pointing out, there's still a lot we want to fix and improve (e.g. the button text and how validation works). We definitely welcome any feedback, though -- especially if you go to implement it on your site.
[+] [-] zsherman|13 years ago|reply
[+] [-] gawker|13 years ago|reply
Great work but I do have questions about the security implications. I'd love to have a chat if you have some time. I'm trying to do something similar (button popups and involves money) but we're non-competing.
[+] [-] SkyMarshal|13 years ago|reply
No comment box on post page, so posting here instead.
[+] [-] nitrogen|13 years ago|reply
[+] [-] boucher|13 years ago|reply
[+] [-] duiker101|13 years ago|reply
[+] [-] LordIllidan|13 years ago|reply
Actually, I'd be interested to know what are the main obstacles in launching this service internationally. Is it mainly bureaucracy and legal issues, or are there yet other considerations?
[+] [-] knighthacker|13 years ago|reply
[+] [-] pkamb|13 years ago|reply
*May cause problems for 2Pac and other new age names...
[+] [-] ConstantineXVI|13 years ago|reply
[+] [-] gawker|13 years ago|reply
[+] [-] degenerate|13 years ago|reply
[+] [-] jaredcwhite|13 years ago|reply
[+] [-] sherwin|13 years ago|reply
Although I can see why having a prepackaged one-button solution would make sense, where Stripe takes care of the presentation / styling / inputs, so there actually is a change of context.
For the record, I use Stripe at my company, and I love it!
[+] [-] camwest|13 years ago|reply
[+] [-] rubergly|13 years ago|reply
[+] [-] bdr|13 years ago|reply
[+] [-] pc86|13 years ago|reply
[+] [-] tucaz|13 years ago|reply
[+] [-] plainOldText|13 years ago|reply
[+] [-] JacksonGariety|13 years ago|reply
[+] [-] ANTSANTS|13 years ago|reply
[+] [-] Frozenlock|13 years ago|reply
[+] [-] mratzloff|13 years ago|reply
[+] [-] marcamillion|13 years ago|reply
I would love a complete solution that just allows me to connect this button to a product, and then Stripe takes care of everything else.
[+] [-] swanify|13 years ago|reply