tag:blogger.com,1999:blog-4603329861106773844.post8841945784631206310..comments2024-03-27T11:28:27.956+01:00Comments on C'est pas mon idée !: Payer en un clic (vraiment !) avec SociallyPayUnknownnoreply@blogger.comBlogger1125tag:blogger.com,1999:blog-4603329861106773844.post-19140530912685599552011-03-15T19:31:53.301+01:002011-03-15T19:31:53.301+01:00Falk Wolsky, concepteur de SociallyPay a souhaité ...Falk Wolsky, concepteur de SociallyPay a souhaité apporter une réponse, que je relaie ici (car il n'a pas pu enregistrer lui-même son commentaire) :<br /><br />Everything is correct with what you write - but on the important topic of "security" I have something to say.<br /><br />I think, SociallyPay makes web Payments more secure. Why?<br /><br />Normally users have to enter sensitive data for payments online. Or users have a PayPal or other similar account and have to login on it.<br /><br />SociallyPay uses the authentication services from social networks like Facebook. And these providers use technologies like OAuth. If users pay with the SociallyPay-Button we don't know, get or transmit login credentials. Neither SocialMedia Logins or Payment Provider Logins.<br /><br />We also don't know, store or process credit card or a bank account information. We don't have this info at any time ;-)<br /><br />The Button itself (the HTML representation) stores only hashed keys and no other information. Our back-end then gets the necessary information via the Auth-Mechanism and proceed to transfer the information to the payment provider via an secured network.<br /><br />That means that, in principle, one can manipulate the button" - but our back-end blocks it then.<br /><br />That is "the inner level".<br /><br /><br />At the "outer level" is a "user-controlled fraud mitigation system".<br /><br />SociallyPay makes simple a time- and value-based agreement with users. For example the user configures (on one simple form on sociallypay.com) that he authorizes, e.g., SociallyPay to transfer a maximum of $200 for 3 months, and a maximum of $20 a day.<br /><br />Trough this SociallyPay can impersonate "the user" against the payment provider. The user then have to login and confirm this agreement onece with his provider and can pay with the SociallyPay button for 3 months.<br /><br />It will be impossible for SociallyPay to make payments outer these limits!<br /><br />I think - as I say - this is more secure than some payment methods actually working.<br /><br />Hope this clarify some things.Patricehttps://www.blogger.com/profile/14308074608455108769noreply@blogger.com