@aral isn't it a precaution against scammers who just have the number but don't know the card type?
-
-
-
@charlesarthur It’s always a trade-off between security and experience. Would be even more secure if we added a captcha & two-factor auth :)
End of conversation
New conversation -
-
-
@aral@WeTransfer@MrAlanCooper I agree in no need to ask which card. So should we be asking "Credit Card or PayPal" in this situation? -
@rpepper Don’t even need to ask: Which do you want as default? eg. Present CC form, have Paypal as a link/button.+@WeTransfer@MrAlanCooper -
@aral@WeTransfer@MrAlanCooper Good point. I'm a dev and leave the#UX to the experts. Was curious what was considered best practice. Thx!
End of conversation
New conversation -
-
-
@aral Yes, it it easy to derive but it is a layer of extra protection against automated attacks. That is why it is done and recommended. -
@NickKirkman Quick, someone tell Stripe that—they’re about to go down ;) (In terms of security vs usability, imo latter wins in this case.) -
@aral I worked at a place who felt the same until a sustained attack lost $16k in 48 hrs. Banks told us it is common. We added this plus...
End of conversation
New conversation -
-
-
@aral@hbons@WeTransfer Most users don't know you can derive card type from number and might be very insecure when filling out the form. -
@aral@hbons@WeTransfer no improvent in mental overhead of "you can type any of these cards in here" as opposed to just clicking the logo. -
@_nilswerner
@aral@WeTransfer disagree. -
@hbons Hide card type. As user types card number, show card (ooh). Also avoids: user selecting wrong card in step 1+@_nilswerner@WeTransfer -
New conversation -
-
-
@aral I was surprised to discover that people are trained by sites that (needlessly) require this. 1/2 -
@aral We've seen support requests from potential customers who "can't sign up" because there's nowhere to enter the kind of credit card. 2/2 - 1 more reply
New conversation -
-
-
+1 MT
@aral: Folks, don’t do this—you can derive card type from the number. Don’t make the person do the work.pic.twitter.com/GPeD433ktG
-
Tweet unavailable
-
@dana_orourke@aral@OkazuYuri heh, true... still, just typing n the nrs allows you to figure out which it is -
Tweet unavailable
-
@dana_orourke@jeffsonstein@aral Folks who make databases not really thinking that way. -
@OkazuYuri@dana_orourke@aral IMHO thinking of the user experience is *everyone's* responsibility... in the end, that's how we get paid ;^}
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.