[ic] RE: PayPal working with IC (changed to whhhhyyyy won't you make a PayPal mod)?

[Julia Jacobs]

On 2/21/02 5:02 PM, "Jason Kohles" <jkohles@redhat.com> wrote:

JK>If they are willing to do that, why not just ask them for the username
JK>and password of their banks webpage, then transfer the money directly
JK>from their account.  The big difference here is that with their paypal
JK>username and password, you can EASILY drain the contents of any of their
JK>linked bank accounts, charge all their credit cards up to the limit,
JK>compile a list of everyone they had ever sent or received money from,
JK>get their auction site usernames and passwords, and generally wreaked
JK>havoc. 

I really don't get this.  I can store customers credit card numbers in my
userdb with a standard non secure catalog foundation demo install, but you
wont implement a secure PayPal integration even when a PayPal rep has
specifically agreed to work with a Red Hat developer.  None of your
arguments make sense in light of this fact.  Also considering PayPal already
works seamlessly with these commercial shopping carts:

Agora Shopping Cart
Americart
CharonCart
CoolCart
CyberWiz MysmcStore
Dansie Shopping Cart
eCartsoft
eMartCart
Hassan Shopping Cart
IntelliCART
Line9 Tek9 Pro
Mal's e-commerce Shopping Cart
Merchant OrderForm Cart
MetaLinks MetaCart2
Miva Merchant 4
RealCart
SecureNetShop
Shopping Cart Software
SmartCart
vShoppingCart
X-Cart
Zoovy Developer
not to mention the Open Source solution I mentioned before:
OScommerce.

JK>You could always just make your payment page a simple page that says 'to
JK>complete transaction send $amount dollars in cash to the following
JK>address', it would be much safer for everyone.  Also keep in mind this
JK>section of the paypal terms of use:

JK>"* Passwords. You may not reveal your account password(s) to anyone
JK>else, nor may you use anyone else's password. PayPal is not responsible
JK>for losses incurred by Users as the result of their misuse of
JK>passwords."

JK>So implementing this would just lead to you losing your PayPal account.

How are you revealing your account password by entering it into the form
which after you press the button immediately gets transferred to PayPal?
How is that different than entering it into PayPal's form?  Again, why would
a PayPal rep want to work with you or why would this information be
available to developers to implement into their shopping carts or why would
these other commercial shopping carts use this method if it was "against
PayPal policy"

JK>I could, I could also make a module that handles payments by posting the
JK>credit card information to usenet news with a note that says 'please
JK>charge $x to this card and forward the cash to me', however I won't
JK>because these are both very bad ideas.

How is entering PayPal account information into a secure form which goes
directly to PayPal's website equivalent to posting credit card information
on a usenet news with a note that says 'please charge $x to this card and
forward the cash to me', which I also agree is a very bad idea.  I hope you
do not create any mods like this in the future :).

JK>It's the merchant who I would not trust with this information.  If you
JK>were having dinner in a restaurant and gave the waiter a credit card,
JK>and he told you the only way they take credit cards is if you give him
JK>the card and your pin number so he can run across the street and use the
JK>atm to withdraw the amount of your check from your account, would you
JK>give the waiter your pin number?  Of course you wouldn't, but this is
JK>exactly what you are suggesting here, with the difference being that
JK>someone who has your paypal username and password may have access to
JK>more than one credit card/bank account.

Yet you trust merchants with a system that allows them to store customer
credit card numbers through a non secure checkout form.  Again, I do not
follow your logic here.  Then again I am not an Interchange developer.
Perhaps you folk have a special brand of logic that my limited imagination
does not allow me to comprehend.

-- 
Julia Jacobs
Currant Media
407-977-4523
Fax 407-261-0176
http://www.currantmedia.com
Members of The Better Business Bureau
* Multimedia Producers
* Web Design & Development
* 2D/3D Graphics/Animation
* Hosting, domain and e-mail
* E-Commerce ­ check, credit card validation