Facebook Autofill Wants To Store Users' Credit Card Info

cagraham writes "Facebook has teamed up with payment processors PayPal, Braintree, and Stripe, in an attempt to simplify mobile payments. The system allows Facebook members (who have turned over their credit and billing info) to click a 'Autofill with Facebook' button when checking-out on a mobile app. Facebook will then verify the details, and securely transfer a user's info over to the payment processing company. The move is likely aimed at gathering more data on user behavior, which can be used to increase the prices Facebook charges for mobile ads. Whether or not the feature takes off however, will depend almost entirely on how willing users are to trust Facebook with their credit card data."

Facebook and Paypal

[Guru80]

Those two names invoked in the same sentence makes me feel a little ill. Nothing but bad experiences with both, what could possibly go wrong with them teaming up?

Re:Facebook and Paypal

[gander666]

About the same to me as American Airlines merging with US Airways.

Re:Facebook and Paypal

[Big+Hairy+Ian]

Facebook & Paypal mentioned in the same sentence why that hasn't happened since the took the Autor's Bio out of the Bible :D

Re:Facebook and Paypal

It's a good incentive to pay more with cash, and to keep on using cash for as long as you can.

Not credit card, not debit card, not any of the "electronic" or "mobile" alternatives. Good old boring cash. It's basically the only way to not have your personal data be bought and sold. Did I mention cash? If I didn't, I should have.

Re:Facebook and Paypal

[CastrTroy]

Personally, I've never had bad experiences with PayPal. But I've only ever used it to buy stuff. I also only have a credit card hooked up, which limits the amount of problems I could really have. Personally, I would rather give my credit card number to PayPal, the give it to some random Chinese website that I'm buying cheap stuff from. There really should be a more convenient way, without a third party like PayPal to send money to someone else, without giving them your credit card specifics. Visa, MasterCard, Amex, (and the others) should be providing this as a service to the cardholders (and merchants), not relying one someone like PayPal to act as an intermediary.

Re:Facebook and Paypal

[Dishevel]

Like ... Bitcoin?

Re:Facebook and Paypal

[no1nose]

I that for a while it was popular for some cards to offer temporary account numbers for online shopping that would be good for one purchase. I think Citibank did that. I never used that feature though.

Re:Facebook and Paypal

[somersault]

It's not really an incentive or disincentive for anything. I'm not going to use it, but whatever. Paying for everything with cash is pretty silly.

Re:Facebook and Paypal

[ArcadeMan]

And for online purchases, buy anonymous pre-paid credit cards with cash.

Re:Facebook and Paypal

The sad thing is that over here, even for pre-paid debit cards, they require copies of gov't ID.

Re:Facebook and Paypal

[ArcadeMan]

Holy crap, where is this "over here" you're talking about? North Korea? China? Germany? USA?

Re:Facebook and Paypal

Don't two negatives make a positive? As in "I'm positive this will end badly"?

Re:Facebook and Paypal

[Cornwallis]

Amex did it for a bit several years ago and it worked quite well.

Re:Facebook and Paypal

[fahrbot-bot]

There really should be a more convenient way ... to send money to someone else, without giving them your credit card specifics. Visa, MasterCard, Amex, (and the others) should be providing this as a service to the cardholders ...

Not exactly what you asked for but... at least one MasterCard vendor (Bank of America) offers Shop Safe enabling you to create temporary virtual CC numbers tied to your real CC. Each number includes a CCID and allows you to specify a credit limit and expiration date (2 months to 1 year, but you can delete it anytime). The virtual card is locked to the first merchant to charge against it.

Re:Facebook and Paypal

[GumphMaster]

In my "over here" you can get a pre-paid Visa from Australia Post but you must provide a working mobile phone number that does not block caller id and a (fake) DOB. Hardly anonymous. Too bad if you don't have a mobile phone. AFAICT none of the other options require less identifying information but I'd be happily corrected.

I don't even trust them with my real birthdate

[Snowhare]

Why would I trust them with anything else?

Re:I don't even trust them with my real birthdate

Duh...
Then don't give it to them. No one is forcing you...

Re:I don't even trust them with my real birthdate

[glavenoid]

Not yet anyway.

Re:I don't even trust them with my real birthdate

Why would I trust them with anything else?

That's you and me.

But the mindless hoards out there like the "convenience". And they may be under the erroneous impression that if there's a mistake or theft of their phone, they can just call their bank and do a charge back. It will most likely work with a theft of ones phone - after a police report is filed and then sending copies to your bank. But a mistake or fraud by someone else?

Let's use Roku as example. when I created a Roku account online a year or so ago (have to in order to use the thing - no technical reason, though) they "require" that you put payment information in. Now you can chat with customer service and demand to be exempted - after they give you the BS about "your convenience" - they'll exempt you or you can delete the payment information after signing up - if it's really deleted, I have no idea.

While in their channel store, I see the "Buddhist Channel" and in the description is says it's "Free". The after adding it and going to the channel, this pop-up comes up and says "We are charging you $1 a month to" pay for costs or some reason like that.

They slid that right in there. Now, IF I was stupid enough to have given Roku my payment information, I can just imagine what I would have to go through to stop it. Roku get a 30%+ commission on this shit so they aren't going to be too thrilled about the problem.

Bank backing me up? Ahahahahaha.

Here's what I've seen too aften in situations like this:

Bank calls merchant and tells them that you are disputing the charge.

Merchant: "Nope! He hit the OK button. It's valid!"

Bank to you: 'You owe it."

You" "Funk'in A!"

On the support forums, some folks rationalize it with "iTunes does it!"

And we have all heard the horror stories of $1,000 bills because a kid, who didn't know what they were doing was just buying shit.

tl;dr - Giving payment information up front doesn't give that many protections and opens you up to fraud and other unethical behavior.

Re:I don't even trust them with my real birthdate

[poetmatt]

the only difference here is that instead of them already having your credit card info via various sources, now you're giving it to them outright.

Re:I don't even trust them with my real birthdate

[Thanshin]

You aren't the target audience. You aren't a real client. You are just content for their real clients.

This is made for those who already want to inform Facebook of what they're doing every single minute of their lives, with the hope that someone will be interested enough to read about them. Facebook could just create a Facebook bank, ask people to put in their salary and some people would do it.

The fact that someone who wouldn't even give them their real birthday isn't interested, is as irrelevant for Facebook as the opinion of a non-client is for any other business.

Re:I don't even trust them with my real birthdate

[mlts]

Now here is where I don't understand things.

Facebook is a social media site where you go to see someone's cat pictures, maybe someone railing about gun control, or perhaps an invite to an IP masquerade ball come next month.

How did Facebook turn into a bank, a CA, and a trusted authentication provider? The last time we had a third party doing the gatekeeping was back in the days of Microsoft Passport (then renamed .NET logins, separate from the .net language.)

I can understand FB offering this, but I'd at least want to see some third party auditing done on the security aspect side, both routine and unexpected audits. At the minimum, the same level as FISMA security standards.

Of course, I am leery of another website having that much control over my users. As an OpenID provider, that is one thing. As the sole keeper of the keys, no.

Re:I don't even trust them with my real birthdate

[Saethan]

This is one reason why I still use a local bank. I can walk to their headquarters and file a complaint in person and actually get to talk to somebody face-to-face. Though the few charge-backs I've had to do a simple online ticket has resolved my issues.

Re:I don't even trust them with my real birthdate

[CrimsonAvenger]

But the mindless hoards out there

"Hordes".

You don't separate yourself well from that "mindless" adjective when you don't know the difference between "hordes" and "hoards".

Re:I don't even trust them with my real birthdate

Honestly, as long as we can understand the sentence nobody cares if a word is misspelled and/or misused.
Your talents are going to waste here, don't you have a spelling bee to judge?

Re:I don't even trust them with my real birthdate

[gsslay]

Now you tell us! What am I to do with all those mindless I've be storing up for the last 10 years?

Re:I don't even trust them with my real birthdate

[Jane+Q.+Public]

"Why would I trust them with anything else?"

Trading privacy -- which many are finally learning, means to some degree trading freedom -- for convenience is even worse than trading it for "security".

I'm with you. I don't trust Facebook with my real address, or phone number, or really anything at all except my name. I check my account maybe once or twice a year, just to make sure I didn't miss somebody dying, or something like that.

Re:I don't even trust them with my real birthdate

[Shirogitsune]

Zombie theme park?

Re:I don't even trust them with my real birthdate

The question is, at what point do I think I understand the writer's thought, when I really didn't get it because of a fault in the writer's grammar or spelling.

As with everything, attention to detail leads to a better product. Accepting mediocrity will eventually lead to chaos.

Re:I don't even trust them with my real birthdate

Really? Messing up a homophone is all it takes for you to call someone who has an otherwise insightful story "mindless"?

Protip: Being pedantic about grammar doesn't make you seem any smarter, especially when the error doesn't cause any confusion whatsoever. It just makes you seem like someone who paid attention in grade school and has been resting on his laurels ever since.

Re:I don't even trust them with my real birthdate

[idontgno]

Magazine-fed zombie gun.

No, not a gun to shoot zombies with. A gun to shoot zombies at other things.

Take that, you pitiful fast zombies. Nothing says fast like "muzzle velocity".

Re:I don't even trust them with my real birthdate

I agree with all of what you're saying and the masses of idiots are really starting to get on my nerves. I get really aggravated by stupidity (especially my own when I realize it) since those who behave more responsibly and think before they act pay for it too. You pay with your time when you call your bank and have to wait for half an hour because some moron is on the phone trying in vain to sort out fraud that was made too easy for the fraudsters by their clueless behavior. Similarly, police department resources go to process reports for such crimes. If 50 % of the population left their front doors wide open when they go to work and then go to the police to report theft, the other 50 % would protest loudly. Now, however, it's 90 % that leave their virtual front doors open... Furthermore, I doubt that it's good for society that criminals get more money no matter where it comes from. If for no other reason than their ability to show off more wealth to guys in their early teens that should instead see other paths in life as better.

Re:I don't even trust them with my real birthdate

[antdude]

Yeah, and they kicked me off for using false datas. :(

Re:I don't even trust them with my real birthdate

[RyoShin]

This is why I like to use one-time numbers for things like this. Discover (at least they used to, haven't had to do it in a while) will give you a generated number, and you say how much is on it, and it will deny anything over that. For something that's $1, that might still go through, but if all you need is a valid CC then you can make one for $.50 and they can't do jack about it.

wow.

[intermodal]

It's as if they're honestly trying to get everyone to delete their facebook account. I've been considering it almost daily for the past couple years, definitely more in the past several months. The only thing keeping me on there is how much of my family resides far from my current location.

Kind of makes you wonder, "How much do I really like my cousins?" I'm very close to saying, "Not enough to keep this account."

Re:wow.

[Bigbutt]

I'm with you there. I rediscovered my cousins, aunts, and uncles after 40 years through them finding me on Facebook. I keep up on their activities and assume they keep up on what I do based on the comments I've received. While they do have whacky beliefs (which are reflected in the occasional "Obama is declaring Martial Law on Oct 1st!111!11!!!!!!1" posting), it's still good to stay in touch.

But data collection (even though I keep my likes and details to myself), video ads, comment systems that require a Facebook account, and now this might be the tipping point.

I likely won't close the account. Most likely I'll just stop using it just like I've stopped going to several forums I used to frequent due to the number of crazy posts and responses.

[John]

Re:wow.

[TWX]

I'm starting to wonder if they're just trolling us. Facebook's policies and very reason for existence runs contrary to what I was taught as a child, which was anti-narcissism (ie, any sort of notoriety based on achievement, not simple vanity), speaking when one only has something to say and keeping one's personal life personal (as opposed to, "look at me with this drink in my hand! Look at me with this puppy! Look at me with these whores!"), and now, keeping one's finances close to one's chest. The Internet age with the ability to own a domain name and effectively vanity-publish has changed some of that, but "Social Media" has made it extremely simple to talk-at people without necessarily talking-to people.

I never signed up for Facebook in the first place. I'd had my own domain for a time, and ran my own web log, but decided that it wasn't worth the effort and that what I was willing to share with the rest of humanity wasn't something that the rest of humanity was interested in. When I've seen others using Facebook I continue to get that vibe. I don't know what I'd do in your shoes, but having never had an account and seeing all of the BS makes me happy that I never did have an account in the first place.

Re:wow.

[CanHasDIY]

I likely won't close the account. Most likely I'll just stop using it just like I've stopped going to several forums I used to frequent due to the number of crazy posts and responses.

[John]

That's pretty much the route I've taken - leave the account open, check it about once a month for messages, and never, ever put another piece of content or information on there for them to sell.

Re:wow.

[cdrudge]

Tipping point for what? No one is forcing you to use the autofill or even provide them with your credit card number.

Re:wow.

Just don't allow them access to that information. It's that easy.
 
Is it a bad practice? Yes.
Are you being forced to do it? No.
Is it an immoral practice? No.
 
  Don't do it. Problem Solved!
 
Seriously, don't act like they're using slave labor and you're a party to it.

Re:wow.

With all the ads, most people miss the updates from the (400) or so in the network, unless online all the time. Back to mailing list, blog feeds and regular email

Re:wow.

Until it is required.

Re:wow.

[houghi]

OK, so you want to be in contact with other people.

Do they have an email account? Do they have a phone? Do they have an address? In that case you can email, phone or write them.
So you keeping contact with them is not an issue.

What might happen is that they do not write back, do not phone back or come up with reasons why you can't visit.

So the REAL question is: can you handle the chance that THEY have no real interest in you.

Re:wow.

[Medievalist]

If you really feel that way, it only takes about ten minutes apiece to switch them all over to G+.

Not that I'm endorsing Google; I'm just saying there are other options for keeping in touch with family online.

Re:wow.

It's as if they're honestly trying to get everyone to delete their facebook account. I've been considering it almost daily for the past couple years, definitely more in the past several months. The only thing keeping me on there is how much of my family resides far from my current location.

Kind of makes you wonder, "How much do I really like my cousins?" I'm very close to saying, "Not enough to keep this account."

No one has mention that Facebook doesn't offer account deletion, only to disable it.

I think when the last time I explored that I learned that it would be still accessible to whoever you've got it set to. Allow "only me" still works today though, wether advertizes still access it I don't know but wouldn't doubt it in the least.

Re:wow.

[postbigbang]

You're absolutely right.

But this is more about Facebook as a meme to the parent of your message, rather than any specific compendium of data representing a cogently-derived opinion based on a preponderance of facts. Heaven forbid facts.

That said, I have little trust of Facebook, less of Google, and not much for anyone else but this isn't about me-- this is about some poor trusting soul (rather than the skeptical me) getting a browser hijack or MITM attacker or just plain raiding FB's repositories to milk out juicy auths and credentials.

Re:wow.

Yeah, since there's absolutely no other way to keep in touch with them. The phones, (video) chats, emails haven't yet been discovered.

Re:wow.

[slashmydots]

What you're saying outlines the "repeating the past" problem that Facebook has. Myspace was invincible and going to last for all eternity and because of that, they pissed off their users daily with awful updates and horrible page layouts. Facebook came out and was slightly better so tada, everyone bailed. Now Facebook put themselves in exactly the same place and the only thing that is necessary is for a slightly less annoying and evil one to come along. So in other words, not Google+. Isn't there some open source style non-profit social networking site out there? Let's all go there.

Re:wow.

[intermodal]

I didn't keep in close touch before Facebook, and I have no reason to suspect that I would in a post-Facebook life. I like knowing what my relatives are up to, but I don't actually care what they are up to. It's a subtle difference, but the difference is definitely there.

Re:wow.

[intermodal]

I really only think about it when I read a daily article about how much worse it got today and when I check in to see if anyone's up to anything.

Re:wow.

Um, wrong

...permanently deleted with no option for recovery...

I don't know if they actually ever remove the info from their DBs but nominally, they "delete it" in that you can't get it back. I deleted my FB account and I disappeared from all my friends' lists.

Re:wow.

[Gr8Apes]

I have accounts for dev purposes, no other reason. I have considered creating some scripts to completely pollute their DBs regarding people I know.

Re:wow.

[Joce640k]

It's as if they're honestly trying to get everyone to delete their facebook account.

No, I think your average Facebook user would welcome this.

Re:wow.

[Guru80]

I disconnected mine about 18 months ago. Having been with them since they were open to the public and my friend base (real friends and family and the odd acquaintance, not the invite everybody for shits and giggles group most people seem to have) gradually growing until it became easier to connect with them there instead of an occasional text or call it was a real pain in the ass to keep in touch with people the first couple months. After that however I found I enjoyed not having constant updates of what someone had for dinner or what funny thing their kid did (I have 3 of my own plus 2 more so I get plenty of that on my own). I also was forced to connect with those same people in a more personal way and only good has come from that.

Facebook WAS a convenient and unobtrusive means to stay connected, that boat sailed a long time ago though.

Re:wow.

[intermodal]

That was probably more true pre-Snowden.

It's not that people care specifically about the NSA, but they are definitely more aware of how vulnerable in general their information is. Not by much, but a little bit.

Re:wow.

Google wallet?

Re:wow.

[ArcadeMan]

Try to open a Facebook account today WITHOUT giving them a cellphone/SMS-capable number. Last time I checked, you couldn't.

Next up is credit cards, after that it could be bank accounts numbers, social security numbers, etc.

Re:wow.

You know there is a little something called EMAIL right?

tl;dr Fuck Facebook.

Re:wow.

[Princeofcups]

I'm starting to wonder if they're just trolling us. Facebook's policies and very reason for existence runs contrary to what I was taught as a child, which was anti-narcissism (ie, any sort of notoriety based on achievement, not simple vanity), speaking when one only has something to say and keeping one's personal life personal (as opposed to, "look at me with this drink in my hand! Look at me with this puppy! Look at me with these whores!"), and now, keeping one's finances close to one's chest.

Somewhere we went from modesty as a virtual and pride as a vice to the exact opposite. Or maybe that was always an ideal, and not a reality.

Re:wow.

[intermodal]

I hate email almost as much as I hate facebook.

Re:wow.

Cool, glad to be corrected. Thanks. I'll have to revisit that, but I do like being in contact with old friends and acquaintances though. I minimize what I give out but my friends and family can give it away. It an annoyance and convenience all rolled into one.

Re:wow.

[rsborg]

What you're saying outlines the "repeating the past" problem that Facebook has. Myspace was invincible and going to last for all eternity and because of that, they pissed off their users daily with awful updates and horrible page layouts. Facebook came out and was slightly better so tada, everyone bailed. Now Facebook put themselves in exactly the same place and the only thing that is necessary is for a slightly less annoying and evil one to come along. So in other words, not Google+. Isn't there some open source style non-profit social networking site out there? Let's all go there.

This prompts the question - is a "Social Network" something that lends itself to a viable business plan that doesn't involve selling out their users? Many folks I know are convinved this is *not* possible. The FB folks think you don't care that you're being sold out. Google figures you won't have a choice (what no google search? are you even competitive anymore, mr. coder?). The folks at App.Net think you're willing to front the money for a no-compromise account.

Me, being a raving socialist, think this should be something that's regulated and publicly owned such that I can a) opt out of social network data collection and b) there is no profit motive to cash in on data you've marked as private (esp. with slimy moves like randomly changing your preferences to "open" or having a convenient privacy leak so 3rd parties have a window to collect a bunch of information). If FB can't exist under these conditions, then I guess I'd rather it didn't exist.

Re:wow.

You make a very strange assumption in your post without seeming to realize it: you assume a social network must be a single centralized entity. I'm not suggesting that you get all of your family to install Diaspora, but I think we need to seriously re-examine the assumption that decentralized must be user unfriendly and therefore unsuitable for mass market adoption (see: Skype, although that was still at its root controlled by a central organization).

Re:wow.

[antdude]

Yep, this is a problem. They say they will only communicate with me on Facebook. Frak 'em then!

Re:wow.

[TWX]

I'm pretty sure that it always had been an ideal, but it seems to not be an ideal anymore, to at least a significant portion of the population.

It's one thing to sing praises of true achievements that go beyond what an average person reaches; that doesn't bother me too much if it's done with reason. I do object when mediocrity is celebrated, or when things of shock value are celebrated when they're actually poorly done. The entertainment industry is an example of the celebration of mediocrity, when we're told this is popular in order to make it popular, or when no-talent hacks are so worked or massaged or modified to make them talented that there is very little of the original underneath.

I guess that we're now living in the Age of Autotune. Instead of embracing raw talent, we manufacture it, and look down on some that are naturally talented when they're compared to the manufactured nature of others.

This is a good idea...

[ciderbrew]

I look forward to the "300million credit card details stolen" stories posted on here in a few years. And the stories of "Our Son spent 20,000 USD on crap DLC" every 5 months.

Re:This is a good idea...

[LittleBunny]

Personally, I look forward to the "Facebook rolls out incentives for users to supply the PayPal/credit card information of their friends"...

Seen this kind of thing before.

A little behind the times?

https://checkout.google.com/
http://www.google.com/wallet/

Is it better to have one person you don't trust to have your financial data, or many people you don't trust?

Re:Seen this kind of thing before.

Is it better to have one person you don't trust to have your financial data, or many people you don't trust?

No.

Re:Seen this kind of thing before.

[ArcadeMan]

You mean the Google checkout/Google wallet that only works in half-a-handful of countries? Those things?

Awfully hard to trust Facebook

[rubmytummy]

Given the deep contempt that Facebook demonstrates toward even the idea of personal privacy, I don't think I would want to trust them with my credit cards.

Re:Awfully hard to trust Facebook

[Greyfox]

I don't even trust those guys with a browser cookie, much less a credit card.

Re:Awfully hard to trust Facebook

[ccguy]

I don't even trust those guys with a browser cookie, much less a credit card.

Two notes:
1) It's their cookie :-)
2) I don't think the facebook guys need your credit card to buy shit :-) Of course from the credit card number they can tell which bank you use, which I'm sure they can leverage somehow.

Re:Awfully hard to trust Facebook

the facebook guys need your credit card to buy shit

They do if they want to buy it with your money, and then when it's disputed, place the burden of proof on you.

Re:Awfully hard to trust Facebook

[rsborg]

I don't even trust those guys with a browser cookie, much less a credit card.

Two notes:

1) It's their cookie :-)

It's my browser and computer. I (and Greyfox) just don't let them store it here.

2) I don't think the facebook guys need your credit card to buy shit :-) Of course from the credit card number they can tell which bank you use, which I'm sure they can leverage somehow.

3rd party apps need your CC info so they can bill you for what they're forced to give you for free now or beg you to buy FB credits. Facebook just wants to act like a middleman/bank at this point.

I'd say this is laughable, but.....

Talked to a guy last night who I had just met recently who couldn't comprehend why I wasn't on Facebook and didn't understand why my real name/face wasn't plastered all over Twitter. Some people just don't know/care about their data getting out

Just so stories

[Impy+the+Impiuos+Imp]

Fair enough. Add in a new user agreement, in large blinking red letters at the top, so the user doesn't even have to scroll past pages of deliberately obfuscating boilerplate, "Facebook will do this for you. In exchange we will gather buying info tied to your purchases through us to sell ads targetted to your buying habits. Truth be told, we don't care if you buy Depends or urine catheters or Justin Bieber tix, it's all done automatically by computer aggregate anyway."

I'm sure this will take off.

Like a lead balloon.

Ummm no

Just say no.

Re:Ummm no

[bearinboots]

Not just no, but hell no!

It'll work.

[rodrigoandrade]

Whether or not the feature takes off however, will depend almost entirely on how willing users are to trust Facebook with their credit card data.

What additional harm could a 16-digit string cause when people happily and willingly furnish Facebook with their full name, sex, DOB, address, pictures, employer's name, former employer's name, school, friends' and relatives' names, hobbies, personal preferences, real-time location, etc.?

Re:It'll work.

[Fjandr]

A lot.

In other news....

[CimmerianX]

Facebook wants to index your credit card transactions for you..... Please fill in your online banking passwords. You can trust them with your data you know....

Facebook? Paypal? Trust? ARE YOU ON DRUGS!?!?!?

[Chas]

Anyone who willingly opts into this is a friggin moron.

I can understand some cases where having a Facebook account or a Paypal account is a necessary evil (mostly emphasis on "evil").
But both of these services display an almost nonexistent regard for their user bases, with Paypal going so far as to actually steal money from its users (locking out accounts with cash in them for months on end and continuing to profit from the interest, fraudulently attempting to hoover out users' bank accounts, etc).

But hey, if you want these two to potentially ruin your life by bankrupting you and reporting about it online, go ahead!
I'll just sit back and laugh at you derisively.

why not just use e-mail?

Why not just use e-mail instead? There's nothing that Facebook offers that can't be done faster, better and easier with e-mail, is there?

Don't let Facebook take over your life. Take it back from them.

New Facebook sidebar widget

[cascadingstylesheet]

"Five other Visa holders like this website! Here are thumbnails of their credit cards."

Re:New Facebook sidebar widget

Bank of America likes this

Re:New Facebook sidebar widget

[ArcadeMan]

Mastercard likes this.

Re:New Facebook sidebar widget

[Shirogitsune]

Syrian Electronic Army likes this

Re:New Facebook sidebar widget

Prince of Nigeria #1242-C likes this

That would be stupid

[hardaker]

...will depend almost entirely on how willing users are to trust Facebook with their credit card data.

Well, that would just be plain stupid of me. Or anyone.

Thus, as history has shown us, it'll probably happen

The ONLY reasonable response...

[the+eric+conspiracy]

Is to put these people in your hosts file...

      127.0.0.1 facebook.com
      127.0.0.1 login.facebook.com
      127.0.0.1 www.facebook.com
      127.0.0.1 blog.facebook.com
      127.0.0.1 apps.facebook.com

Re:The ONLY reasonable response...

I used to do that until I noticed that facefuckingbook has many, many country-specific hosts and I couldn't find a complete list with all of them. Then I solved it with this firefox plugin: https://disconnect.me/facebook

I wonder if it's soon time for geeks to start a grassroots enlightenment campaign by walking up to random strangers and ask for information that they with 99 % certainty post on fb. When they tell you "no way, I don't know you!" you say you already know because you took a picture of them with your camera sunglasses (less than $ 10 when ordered from China) and entered it into google's image search and found their info and are just conducting a survey to find out how people's privacy behavior IRL differs from their online behavior. Online they wouldn't even have any idea of who you are or what your intentions with the information are. I can imagine that every average fb user idiot would tell their friends (ironically, by posting on fb) about what happened to them and maybe be a little wiser. I guess the only problem is that geeks would have to not only get out of their mom's basement but also talk to other people IRL.

Re:The ONLY reasonable response...

[Lincolnshire+Poacher]

Using 127.0.0.1 will waste time at the application protocol layer trying to connect to a web server on your localhost.

Try 0.0.0.0 or :: instead, both are null routes and will fail immediately in the transport layer.

Why Facebook wants a credit card on file

[dougsyo]

I would hope that Facebook protects credit card data in accordance with GLB, PCI, other regulations and best practices.

But the reason they want people to put a credit card on file with them is so they can market things - they figure you're more likely to buy an impulse purchase when you have a number on file (a la Amazon) than when you have to enter a card number for each purchase.

Which is exactly why I've resisted EVERY overture Facebook has made for me to purchase something - I don't play games, I don't give gifts via Facebook, and I won't pay the $1 fee to get an FB email into someone's "inbox" rather than "other" box.

Doug

Wow, really?

Facebook ... PayPal, Braintree, and Stripe

So a company with a horrible reputation on selling information, a company with a reputation of freezing assets, and two relatively unknown companies (at least to me) come together. Yeah, no, I'm staying far, far away from this.

Innovation

[MrKaos]

This will really save the NSA a lot of work!!!

Hi Guys!!!

No

[howlinmonkey]

that is all I have to say.

Not in anyones interest

Let's get this straight, payment providers are willing to let Facebook be the front-end to their services and only exist behind an interface??? What is to stop Facebook from becoming a bank and phasing out other payment providers. This is a bad business move.

Re:Not in anyones interest

[cagraham]

Exactly my thought as well. Once Facebook has a sizable trove of credit card information, they'll have the ability to simply become the payment processor themselves.

Re:Facebook? Paypal? Trust? ARE YOU ON DRUGS!?!?!?

[jbeaupre]

Anyone who willingly opts into this is a friggin moron.

No one in this world has ever lost money by underestimating the intelligence of the great masses of the plain people. Nor has anyone ever lost public office thereby.
-H. L. Mencken

No problem, not your money

[Rob+Kaper]

You can easily trust Facebook with your creditcard details. Creditcard payments represent the money of the creditcard company, not yours. In case of a Facebook leak, the system is compromised, not your wallet.

Re:No problem, not your money

[Rhyas]

Not the best way to look at that, given that you're on the hook for any money spent through that card. Sure, there's "protection" there if someone else spends money through your card, or the system is compromised, etc. But the hassle is nearly all yours for straightening such a mess out.

Very very very good and im all for that

[osiaq]

Law is like the fence: tiger jumps over, viper sneaks in and the cattle stays in order. I like those fences that they inventing every day :)

Facebook Autofill can...

[Red_Chaos1]

...store my nuts in it's mouth.

Multi factor authentication

[wulfhound]

This is part of a bigger play by Facebook. Most mail accounts in use right now are password SMTP over TLS/SSL. Yet most services on the net assume that people are in full control of their primary mailboxes. By going multi-factor on their login system, Facebook wants to establish their messaging system as a more secure, more trusted endpoint (especially for the average user with zero understanding of password hygiene) than good old email. Once they do so, and get their users trained up softly-softly on multi-factor authentication, they then quietly pitch to organizations and service providers (banks, government services, utilities, ...) to request Facebook, rather than email, as the preferred primary mechanism for staying in touch with customers. After all, if Facebook accounts are harder to spoof than an email address -- and with the continual life history & social graph data they contain, they surely are -- why wouldn't an organization want to stay in touch with its customers that way? From the point of view of a big org concerned with identity theft and fraud prevention, it's surely a tempting way to arrange things. Facebook owns your digital identity and theirs, phishing becomes much more difficult to execute as senders are authenticated & easily verified.

Re:Multi factor authentication

[Reziac]

This is already happening. Some of what used to be Yahoo Groups or on a dedicated forum have moved to Facebook. I consider this a great leap backward (even if there weren't privacy concerns, Facebook's interface makes me want to stick forks in my eyes). I've abandoned the relevant 'social groups' rather than put up with all this. :(

Re:Multi factor authentication

[wulfhound]

I'm there under a pseudonym for exactly that reason. I detest with a passion their real-names-only policy, and their way of forcing you to engage on every forum & on every topic with the same identity & tying it back to your entire social graph and history. It's the anti-Internet :(

Even if you don't I have to ask...

[s.petry]

The first I have to ask "Why would anyone buy something from a free site?". That is the part I really don't get. I get finding a time waster game like Angry Birds, but that money goes to Zynga and Facebook should get their cut from a Zynga rep based on someone purchasing a game designed for Facebook. It's working backwards.

Next, why would anyone purchase anything from a company with so many security problems? Facebook as been full of them since release, and not rocket science hacking problems but simple "we fucked up" problems.

Keep your "free" account, just don't use it. Don't "pay" for garbage.

Re:Even if you don't I have to ask...

[intermodal]

Well, I don't know why a person would do so. I certainly wouldn't. But I wouldn't it past Facebook to try to scrape the information from other tabs you might have open.

Re:Even if you don't I have to ask...

[s.petry]

Opera, NoScript, Ad-block, etc.. Many of ways of blocking them from attempting to do so. I'm a bit paranoid as well, and in addition to those steps I would only open FB in a clean run of Opera to make sure there is no cache/history for them to try and access.

Re:Even if you don't I have to ask...

[intermodal]

I already take such measures. I was offering a hypothetical as to why this is a problem for less technical users than us who might still be smart enough to never pay Facebook for anything.

Re:Even if you don't I have to ask...

[s.petry]

Ahh, my bad.

Many robots at FB

[WeeBit]

will allow it to store credit data for them then down the road you will hear about the worst security breech of consumer data including their credit, debit and paypal accounts. They will whimper and ask how did it happen? After getting the sorry excuse... Then it will be pushed to the side just like the many other breeches in consumer data in the past. meanwhile the robots will just order a new card and move on like nothing happened.

Trust?

[Fjandr]

I trust Facebook with my financial information just as far as I can throw the combined weight of every asset (both human and non) of the corporation combined.

Jew World Order

Facebook owned by Jews.

Re:Yo...

Yo, facebook is wack.

Discover has temporary proxy CC numbers

[rsborg]

https://www.discover.com/credit-cards/member-benefits/security/secure-online-account-number.html

Virtual credit cards: BoA, Citi, Discover

[bgalbrecht]

Bank of America, Citigroup and Discover all have virtual credit card programs. I think BoA and Citi are better than Discover. While all three limit the virtual credit card to a single merchant, BoA and Citi allow you to set lower credit limits and shorter expiration dates, Discover's credit limit and expiration date is the same as your real card. You can also bump up the credit limit and expiration date at BoA and Citi for repeat purchases from the virtual card's merchant. I think that if you tie a virtual credit card to a PayPal account, it can pay out to multiple PayPal accounts, so you're probably better off not using Discover with PayPal if you don't trust PayPal or the merchant. Amex shut down their virtual credit card program in 2004, I don't think it's been restarted. There may be other banks with virtual credit cards, but they're rare.

People pay for this?

Seriously, who on earth pays for Facebook?