Reply to post: Re: Prevent fraud ?

Stripe is absolutely logging your mouse movements on websites' payment pages – for your own good, says CEO

Anonymous Coward
Anonymous Coward

Re: Prevent fraud ?

1) They’re using it as an indicator that the ‘person’ using your credit card details is either human or, in future use cases (see point 3) that it’s a high probability it is you. It will be one of a number of rules / scores / variables used to determine whether to proceed with the payment.

2) depends on use case. If i want to use it to prove it’s you, i store it (hopefully securely) against your identifier & reuse again to prove it’s you when you buy something else. I may in future share this information with your card issuer’s ACS (3D secure provider). if just anti bot, I store (hopefully securely) as input to the AI or whatever. If i think its not you, i decline the txn, hopefully securely store data & use to train AI.

3) Right to..... tricky, but fraud prevention tends to have carve outs. Need to.... PSD2, FCA have opined that behavioural biometrics must be available as a factor for strong customer authentication. The card payments ecosystem therefore have to do this. for it to work, it needs data. payment pages alone are data point poor. to work effectively more data needed. There will need to be interaction between merchants, acquirers, issuers & all their supporting providers to make this work - the EMV 3DS protocols makes it hard if not impossible for issuers to do it alone.

4) GDPR - good point, kinda hoping the regulators have this covered (PSD2 Europe wide) as they’re the ones driving a lot of this.

5) Amazon is a merchant. Stripe is a payment processor. Amazon are actually shit hot at fraud prevention, & have invested in a whole suite of tools to spot & prevent (i.e. decline the transaction). Stripe’s market tends to be smaller outfits who don’t ‘get’ fraud (not a criticism btw) nor have the ability to invest in the tools individually - they use what their payment processor offers them.

Amazon may well go down this route (see point 3), just not yet.

Not the required number of pages I’m afraid & so a bit broad brush, but that’s kinda it. I don’t work for Stripe, I do work in payments & have been on PSD2 for the last 3 years - there is a lot of detail chock full of devils, this is one of the biggies.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022