Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
The Almighty Buck Facebook

Facebook Autofill Wants To Store Users' Credit Card Info 123

cagraham writes "Facebook has teamed up with payment processors PayPal, Braintree, and Stripe, in an attempt to simplify mobile payments. The system allows Facebook members (who have turned over their credit and billing info) to click a 'Autofill with Facebook' button when checking-out on a mobile app. Facebook will then verify the details, and securely transfer a user's info over to the payment processing company. The move is likely aimed at gathering more data on user behavior, which can be used to increase the prices Facebook charges for mobile ads. Whether or not the feature takes off however, will depend almost entirely on how willing users are to trust Facebook with their credit card data."
This discussion has been archived. No new comments can be posted.

Facebook Autofill Wants To Store Users' Credit Card Info

Comments Filter:
  • by Guru80 ( 1579277 ) on Wednesday September 25, 2013 @08:34AM (#44947317)
    Those two names invoked in the same sentence makes me feel a little ill. Nothing but bad experiences with both, what could possibly go wrong with them teaming up?
    • About the same to me as American Airlines merging with US Airways.
    • Facebook & Paypal mentioned in the same sentence why that hasn't happened since the took the Autor's Bio out of the Bible :D
    • by Anonymous Coward

      It's a good incentive to pay more with cash, and to keep on using cash for as long as you can.

      Not credit card, not debit card, not any of the "electronic" or "mobile" alternatives. Good old boring cash. It's basically the only way to not have your personal data be bought and sold. Did I mention cash? If I didn't, I should have.

      • It's not really an incentive or disincentive for anything. I'm not going to use it, but whatever. Paying for everything with cash is pretty silly.

      • And for online purchases, buy anonymous pre-paid credit cards with cash.

        • by Anonymous Coward

          The sad thing is that over here, even for pre-paid debit cards, they require copies of gov't ID.

          • Holy crap, where is this "over here" you're talking about? North Korea? China? Germany? USA?

            • In my "over here" you can get a pre-paid Visa from Australia Post but you must provide a working mobile phone number that does not block caller id and a (fake) DOB. Hardly anonymous. Too bad if you don't have a mobile phone. AFAICT none of the other options require less identifying information but I'd be happily corrected.

    • Personally, I've never had bad experiences with PayPal. But I've only ever used it to buy stuff. I also only have a credit card hooked up, which limits the amount of problems I could really have. Personally, I would rather give my credit card number to PayPal, the give it to some random Chinese website that I'm buying cheap stuff from. There really should be a more convenient way, without a third party like PayPal to send money to someone else, without giving them your credit card specifics. Visa, Maste
      • Like ... Bitcoin?
      • by no1nose ( 993082 )

        I that for a while it was popular for some cards to offer temporary account numbers for online shopping that would be good for one purchase. I think Citibank did that. I never used that feature though.

      • There really should be a more convenient way ... to send money to someone else, without giving them your credit card specifics. Visa, MasterCard, Amex, (and the others) should be providing this as a service to the cardholders ...

        Not exactly what you asked for but... at least one MasterCard vendor (Bank of America) offers Shop Safe [bankofamerica.com] enabling you to create temporary virtual CC numbers tied to your real CC. Each number includes a CCID and allows you to specify a credit limit and expiration date (2 months to 1 year, but you can delete it anytime). The virtual card is locked to the first merchant to charge against it.

      • Bank of America, Citigroup and Discover all have virtual credit card programs. I think BoA and Citi are better than Discover. While all three limit the virtual credit card to a single merchant, BoA and Citi allow you to set lower credit limits and shorter expiration dates, Discover's credit limit and expiration date is the same as your real card. You can also bump up the credit limit and expiration date at BoA and Citi for repeat purchases from the virtual card's merchant. I think that if you tie a virtua
  • by Snowhare ( 263311 ) on Wednesday September 25, 2013 @08:35AM (#44947329)

    Why would I trust them with anything else?

    • by Anonymous Coward on Wednesday September 25, 2013 @08:50AM (#44947503)

      Why would I trust them with anything else?

      That's you and me.

      But the mindless hoards out there like the "convenience". And they may be under the erroneous impression that if there's a mistake or theft of their phone, they can just call their bank and do a charge back. It will most likely work with a theft of ones phone - after a police report is filed and then sending copies to your bank. But a mistake or fraud by someone else?

      Let's use Roku as example. when I created a Roku account online a year or so ago (have to in order to use the thing - no technical reason, though) they "require" that you put payment information in. Now you can chat with customer service and demand to be exempted - after they give you the BS about "your convenience" - they'll exempt you or you can delete the payment information after signing up - if it's really deleted, I have no idea.

      While in their channel store, I see the "Buddhist Channel" and in the description is says it's "Free". The after adding it and going to the channel, this pop-up comes up and says "We are charging you $1 a month to" pay for costs or some reason like that.

      They slid that right in there. Now, IF I was stupid enough to have given Roku my payment information, I can just imagine what I would have to go through to stop it. Roku get a 30%+ commission on this shit so they aren't going to be too thrilled about the problem.

      Bank backing me up? Ahahahahaha.

      Here's what I've seen too aften in situations like this:

      Bank calls merchant and tells them that you are disputing the charge.

      Merchant: "Nope! He hit the OK button. It's valid!"

      Bank to you: 'You owe it."

      You" "Funk'in A!"

      On the support forums, some folks rationalize it with "iTunes does it!"

      And we have all heard the horror stories of $1,000 bills because a kid, who didn't know what they were doing was just buying shit.

      tl;dr - Giving payment information up front doesn't give that many protections and opens you up to fraud and other unethical behavior.

      • Re: (Score:3, Insightful)

        by Saethan ( 2725367 )
        This is one reason why I still use a local bank. I can walk to their headquarters and file a complaint in person and actually get to talk to somebody face-to-face. Though the few charge-backs I've had to do a simple online ticket has resolved my issues.
      • Re: (Score:2, Insightful)

        But the mindless hoards out there

        "Hordes".

        You don't separate yourself well from that "mindless" adjective when you don't know the difference between "hordes" and "hoards".

        • by gsslay ( 807818 )

          Now you tell us! What am I to do with all those mindless I've be storing up for the last 10 years?

      • by RyoShin ( 610051 )

        This is why I like to use one-time numbers for things like this. Discover (at least they used to, haven't had to do it in a while) will give you a generated number, and you say how much is on it, and it will deny anything over that. For something that's $1, that might still go through, but if all you need is a valid CC then you can make one for $.50 and they can't do jack about it.

    • the only difference here is that instead of them already having your credit card info via various sources, now you're giving it to them outright.

    • You aren't the target audience. You aren't a real client. You are just content for their real clients.

      This is made for those who already want to inform Facebook of what they're doing every single minute of their lives, with the hope that someone will be interested enough to read about them. Facebook could just create a Facebook bank, ask people to put in their salary and some people would do it.

      The fact that someone who wouldn't even give them their real birthday isn't interested, is as irrelevant for Faceb

    • by mlts ( 1038732 ) *

      Now here is where I don't understand things.

      Facebook is a social media site where you go to see someone's cat pictures, maybe someone railing about gun control, or perhaps an invite to an IP masquerade ball come next month.

      How did Facebook turn into a bank, a CA, and a trusted authentication provider? The last time we had a third party doing the gatekeeping was back in the days of Microsoft Passport (then renamed .NET logins, separate from the .net language.)

      I can understand FB offering this, but I'd at le

    • "Why would I trust them with anything else?"

      Trading privacy -- which many are finally learning, means to some degree trading freedom -- for convenience is even worse than trading it for "security".

      I'm with you. I don't trust Facebook with my real address, or phone number, or really anything at all except my name. I check my account maybe once or twice a year, just to make sure I didn't miss somebody dying, or something like that.

    • by antdude ( 79039 )

      Yeah, and they kicked me off for using false datas. :(

  • wow. (Score:5, Insightful)

    by intermodal ( 534361 ) on Wednesday September 25, 2013 @08:36AM (#44947357) Homepage Journal

    It's as if they're honestly trying to get everyone to delete their facebook account. I've been considering it almost daily for the past couple years, definitely more in the past several months. The only thing keeping me on there is how much of my family resides far from my current location.

    Kind of makes you wonder, "How much do I really like my cousins?" I'm very close to saying, "Not enough to keep this account."

    • Re:wow. (Score:5, Interesting)

      by Bigbutt ( 65939 ) on Wednesday September 25, 2013 @08:45AM (#44947465) Homepage Journal

      I'm with you there. I rediscovered my cousins, aunts, and uncles after 40 years through them finding me on Facebook. I keep up on their activities and assume they keep up on what I do based on the comments I've received. While they do have whacky beliefs (which are reflected in the occasional "Obama is declaring Martial Law on Oct 1st!111!11!!!!!!1" posting), it's still good to stay in touch.

      But data collection (even though I keep my likes and details to myself), video ads, comment systems that require a Facebook account, and now this might be the tipping point.

      I likely won't close the account. Most likely I'll just stop using it just like I've stopped going to several forums I used to frequent due to the number of crazy posts and responses.

      [John]

      • I likely won't close the account. Most likely I'll just stop using it just like I've stopped going to several forums I used to frequent due to the number of crazy posts and responses.

        [John]

        That's pretty much the route I've taken - leave the account open, check it about once a month for messages, and never, ever put another piece of content or information on there for them to sell.

        • by Gr8Apes ( 679165 )
          I have accounts for dev purposes, no other reason. I have considered creating some scripts to completely pollute their DBs regarding people I know.
      • by cdrudge ( 68377 )

        Tipping point for what? No one is forcing you to use the autofill or even provide them with your credit card number.

        • You're absolutely right.

          But this is more about Facebook as a meme to the parent of your message, rather than any specific compendium of data representing a cogently-derived opinion based on a preponderance of facts. Heaven forbid facts.

          That said, I have little trust of Facebook, less of Google, and not much for anyone else but this isn't about me-- this is about some poor trusting soul (rather than the skeptical me) getting a browser hijack or MITM attacker or just plain raiding FB's repositories to milk ou

        • Try to open a Facebook account today WITHOUT giving them a cellphone/SMS-capable number. Last time I checked, you couldn't.

          Next up is credit cards, after that it could be bank accounts numbers, social security numbers, etc.

      • What you're saying outlines the "repeating the past" problem that Facebook has. Myspace was invincible and going to last for all eternity and because of that, they pissed off their users daily with awful updates and horrible page layouts. Facebook came out and was slightly better so tada, everyone bailed. Now Facebook put themselves in exactly the same place and the only thing that is necessary is for a slightly less annoying and evil one to come along. So in other words, not Google+. Isn't there some
        • by rsborg ( 111459 )

          What you're saying outlines the "repeating the past" problem that Facebook has. Myspace was invincible and going to last for all eternity and because of that, they pissed off their users daily with awful updates and horrible page layouts. Facebook came out and was slightly better so tada, everyone bailed. Now Facebook put themselves in exactly the same place and the only thing that is necessary is for a slightly less annoying and evil one to come along. So in other words, not Google+. Isn't there some open source style non-profit social networking site out there? Let's all go there.

          This prompts the question - is a "Social Network" something that lends itself to a viable business plan that doesn't involve selling out their users? Many folks I know are convinved this is *not* possible. The FB folks think you don't care that you're being sold out. Google figures you won't have a choice (what no google search? are you even competitive anymore, mr. coder?). The folks at App.Net think you're willing to front the money for a no-compromise account.

          Me, being a raving socialist, think this

    • Re:wow. (Score:5, Interesting)

      by TWX ( 665546 ) on Wednesday September 25, 2013 @08:48AM (#44947483)
      I'm starting to wonder if they're just trolling us. Facebook's policies and very reason for existence runs contrary to what I was taught as a child, which was anti-narcissism (ie, any sort of notoriety based on achievement, not simple vanity), speaking when one only has something to say and keeping one's personal life personal (as opposed to, "look at me with this drink in my hand! Look at me with this puppy! Look at me with these whores!"), and now, keeping one's finances close to one's chest. The Internet age with the ability to own a domain name and effectively vanity-publish has changed some of that, but "Social Media" has made it extremely simple to talk-at people without necessarily talking-to people.

      I never signed up for Facebook in the first place. I'd had my own domain for a time, and ran my own web log, but decided that it wasn't worth the effort and that what I was willing to share with the rest of humanity wasn't something that the rest of humanity was interested in. When I've seen others using Facebook I continue to get that vibe. I don't know what I'd do in your shoes, but having never had an account and seeing all of the BS makes me happy that I never did have an account in the first place.
      • I'm starting to wonder if they're just trolling us. Facebook's policies and very reason for existence runs contrary to what I was taught as a child, which was anti-narcissism (ie, any sort of notoriety based on achievement, not simple vanity), speaking when one only has something to say and keeping one's personal life personal (as opposed to, "look at me with this drink in my hand! Look at me with this puppy! Look at me with these whores!"), and now, keeping one's finances close to one's chest.

        Somewhere we went from modesty as a virtual and pride as a vice to the exact opposite. Or maybe that was always an ideal, and not a reality.

        • by TWX ( 665546 )
          I'm pretty sure that it always had been an ideal, but it seems to not be an ideal anymore, to at least a significant portion of the population.

          It's one thing to sing praises of true achievements that go beyond what an average person reaches; that doesn't bother me too much if it's done with reason. I do object when mediocrity is celebrated, or when things of shock value are celebrated when they're actually poorly done. The entertainment industry is an example of the celebration of mediocrity, when we'r
    • Comment removed (Score:5, Insightful)

      by account_deleted ( 4530225 ) on Wednesday September 25, 2013 @09:07AM (#44947683)
      Comment removed based on user account deletion
      • Re: (Score:3, Insightful)

        by intermodal ( 534361 )

        I didn't keep in close touch before Facebook, and I have no reason to suspect that I would in a post-Facebook life. I like knowing what my relatives are up to, but I don't actually care what they are up to. It's a subtle difference, but the difference is definitely there.

      • by antdude ( 79039 )

        Yep, this is a problem. They say they will only communicate with me on Facebook. Frak 'em then!

    • If you really feel that way, it only takes about ten minutes apiece to switch them all over to G+.

      Not that I'm endorsing Google; I'm just saying there are other options for keeping in touch with family online.

    • It's as if they're honestly trying to get everyone to delete their facebook account.

      No, I think your average Facebook user would welcome this.

      • That was probably more true pre-Snowden.

        It's not that people care specifically about the NSA, but they are definitely more aware of how vulnerable in general their information is. Not by much, but a little bit.

    • by Guru80 ( 1579277 )

      I disconnected mine about 18 months ago. Having been with them since they were open to the public and my friend base (real friends and family and the odd acquaintance, not the invite everybody for shits and giggles group most people seem to have) gradually growing until it became easier to connect with them there instead of an occasional text or call it was a real pain in the ass to keep in touch with people the first couple months. After that however I found I enjoyed not having constant updates of what

    • The first I have to ask "Why would anyone buy something from a free site?". That is the part I really don't get. I get finding a time waster game like Angry Birds, but that money goes to Zynga and Facebook should get their cut from a Zynga rep based on someone purchasing a game designed for Facebook. It's working backwards.

      Next, why would anyone purchase anything from a company with so many security problems? Facebook as been full of them since release, and not rocket science hacking problems but simple

      • Well, I don't know why a person would do so. I certainly wouldn't. But I wouldn't it past Facebook to try to scrape the information from other tabs you might have open.

        • by s.petry ( 762400 )
          Opera, NoScript, Ad-block, etc.. Many of ways of blocking them from attempting to do so. I'm a bit paranoid as well, and in addition to those steps I would only open FB in a clean run of Opera to make sure there is no cache/history for them to try and access.
          • I already take such measures. I was offering a hypothetical as to why this is a problem for less technical users than us who might still be smart enough to never pay Facebook for anything.

  • by ciderbrew ( 1860166 ) on Wednesday September 25, 2013 @08:37AM (#44947359)
    I look forward to the "300million credit card details stolen" stories posted on here in a few years. And the stories of "Our Son spent 20,000 USD on crap DLC" every 5 months.
    • Personally, I look forward to the "Facebook rolls out incentives for users to supply the PayPal/credit card information of their friends"...
  • by rubmytummy ( 677080 ) on Wednesday September 25, 2013 @08:41AM (#44947409)
    Given the deep contempt that Facebook demonstrates toward even the idea of personal privacy, I don't think I would want to trust them with my credit cards.
    • by Greyfox ( 87712 ) on Wednesday September 25, 2013 @08:53AM (#44947539) Homepage Journal
      I don't even trust those guys with a browser cookie, much less a credit card.
      • by ccguy ( 1116865 )

        I don't even trust those guys with a browser cookie, much less a credit card.

        Two notes:
        1) It's their cookie :-)
        2) I don't think the facebook guys need your credit card to buy shit :-) Of course from the credit card number they can tell which bank you use, which I'm sure they can leverage somehow.

        • by rsborg ( 111459 )

          I don't even trust those guys with a browser cookie, much less a credit card.

          Two notes:

          1) It's their cookie :-)

          It's my browser and computer. I (and Greyfox) just don't let them store it here.

          2) I don't think the facebook guys need your credit card to buy shit :-) Of course from the credit card number they can tell which bank you use, which I'm sure they can leverage somehow.

          3rd party apps need your CC info so they can bill you for what they're forced to give you for free now or beg you to buy FB credits. Facebook just wants to act like a middleman/bank at this point.

  • by Anonymous Coward

    Talked to a guy last night who I had just met recently who couldn't comprehend why I wasn't on Facebook and didn't understand why my real name/face wasn't plastered all over Twitter. Some people just don't know/care about their data getting out

  • Just so stories (Score:3, Interesting)

    by Impy the Impiuos Imp ( 442658 ) on Wednesday September 25, 2013 @08:42AM (#44947425) Journal

    Fair enough. Add in a new user agreement, in large blinking red letters at the top, so the user doesn't even have to scroll past pages of deliberately obfuscating boilerplate, "Facebook will do this for you. In exchange we will gather buying info tied to your purchases through us to sell ads targetted to your buying habits. Truth be told, we don't care if you buy Depends or urine catheters or Justin Bieber tix, it's all done automatically by computer aggregate anyway."

  • by rodrigoandrade ( 713371 ) on Wednesday September 25, 2013 @08:46AM (#44947473)
    <blockquote>Whether or not the feature takes off however, will depend almost entirely on how willing users are to trust Facebook with their credit card data.</blockquote>

    What additional harm could a 16-digit string cause when people happily and willingly furnish Facebook with their full name, sex, DOB, address, pictures, employer's name, former employer's name, school, friends' and relatives' names, hobbies, personal preferences, real-time location, etc.?
  • by CimmerianX ( 2478270 ) on Wednesday September 25, 2013 @08:50AM (#44947507)
    Facebook wants to index your credit card transactions for you..... Please fill in your online banking passwords. You can trust them with your data you know....
  • by Chas ( 5144 ) on Wednesday September 25, 2013 @08:51AM (#44947519) Homepage Journal

    Anyone who willingly opts into this is a friggin moron.

    I can understand some cases where having a Facebook account or a Paypal account is a necessary evil (mostly emphasis on "evil").
    But both of these services display an almost nonexistent regard for their user bases, with Paypal going so far as to actually steal money from its users (locking out accounts with cash in them for months on end and continuing to profit from the interest, fraudulently attempting to hoover out users' bank accounts, etc).

    But hey, if you want these two to potentially ruin your life by bankrupting you and reporting about it online, go ahead!
    I'll just sit back and laugh at you derisively.

    • Anyone who willingly opts into this is a friggin moron.

      No one in this world has ever lost money by underestimating the intelligence of the great masses of the plain people. Nor has anyone ever lost public office thereby.
      -H. L. Mencken

  • by cascadingstylesheet ( 140919 ) on Wednesday September 25, 2013 @08:58AM (#44947591) Journal
    "Five other Visa holders like this website! Here are thumbnails of their credit cards."
  • ...will depend almost entirely on how willing users are to trust Facebook with their credit card data.

    Well, that would just be plain stupid of me. Or anyone.

    Thus, as history has shown us, it'll probably happen

  • Is to put these people in your hosts file...

          127.0.0.1 facebook.com
          127.0.0.1 login.facebook.com
          127.0.0.1 www.facebook.com
          127.0.0.1 blog.facebook.com
          127.0.0.1 apps.facebook.com

    • Using 127.0.0.1 will waste time at the application protocol layer trying to connect to a web server on your localhost.

      Try 0.0.0.0 or :: instead, both are null routes and will fail immediately in the transport layer.

  • I would hope that Facebook protects credit card data in accordance with GLB, PCI, other regulations and best practices.

    But the reason they want people to put a credit card on file with them is so they can market things - they figure you're more likely to buy an impulse purchase when you have a number on file (a la Amazon) than when you have to enter a card number for each purchase.

    Which is exactly why I've resisted EVERY overture Facebook has made for me to purchase something - I don't play games, I don't g

  • by MrKaos ( 858439 ) on Wednesday September 25, 2013 @09:23AM (#44947861) Journal
    This will really save the NSA a lot of work!!!

    Hi Guys!!!

  • that is all I have to say.
  • You can easily trust Facebook with your creditcard details. Creditcard payments represent the money of the creditcard company, not yours. In case of a Facebook leak, the system is compromised, not your wallet.

    • by Rhyas ( 100444 )

      Not the best way to look at that, given that you're on the hook for any money spent through that card. Sure, there's "protection" there if someone else spends money through your card, or the system is compromised, etc. But the hassle is nearly all yours for straightening such a mess out.

  • Law is like the fence: tiger jumps over, viper sneaks in and the cattle stays in order. I like those fences that they inventing every day :)
  • ...store my nuts in it's mouth.

  • by wulfhound ( 614369 ) on Wednesday September 25, 2013 @11:07AM (#44949133)
    This is part of a bigger play by Facebook. Most mail accounts in use right now are password SMTP over TLS/SSL. Yet most services on the net assume that people are in full control of their primary mailboxes. By going multi-factor on their login system, Facebook wants to establish their messaging system as a more secure, more trusted endpoint (especially for the average user with zero understanding of password hygiene) than good old email. Once they do so, and get their users trained up softly-softly on multi-factor authentication, they then quietly pitch to organizations and service providers (banks, government services, utilities, ...) to request Facebook, rather than email, as the preferred primary mechanism for staying in touch with customers. After all, if Facebook accounts are harder to spoof than an email address -- and with the continual life history & social graph data they contain, they surely are -- why wouldn't an organization want to stay in touch with its customers that way? From the point of view of a big org concerned with identity theft and fraud prevention, it's surely a tempting way to arrange things. Facebook owns your digital identity and theirs, phishing becomes much more difficult to execute as senders are authenticated & easily verified.
    • by Reziac ( 43301 ) *

      This is already happening. Some of what used to be Yahoo Groups or on a dedicated forum have moved to Facebook. I consider this a great leap backward (even if there weren't privacy concerns, Facebook's interface makes me want to stick forks in my eyes). I've abandoned the relevant 'social groups' rather than put up with all this. :(

      • I'm there under a pseudonym for exactly that reason. I detest with a passion their real-names-only policy, and their way of forcing you to engage on every forum & on every topic with the same identity & tying it back to your entire social graph and history. It's the anti-Internet :(
  • will allow it to store credit data for them then down the road you will hear about the worst security breech of consumer data including their credit, debit and paypal accounts. They will whimper and ask how did it happen? After getting the sorry excuse... Then it will be pushed to the side just like the many other breeches in consumer data in the past. meanwhile the robots will just order a new card and move on like nothing happened.
  • I trust Facebook with my financial information just as far as I can throw the combined weight of every asset (both human and non) of the corporation combined.

You are always doing something marginal when the boss drops by your desk.

Working...