Braintree V.Zero SDK – Faster integration, drop-in UI, and pay with PayPal (opens in new tab)

(braintreepayments.com)

76 pointsdrewolson11y ago30 comments

30 comments

19 comments · 7 top-level

talos11y ago· 5 in thread

Huh. I'm confused, what's to stop someone from copying the "Paypal" button and associated modal, but simply directing the form to themselves to absorb the Paypal credentials?

I suppose anyone could do this to take advantage of silly users, but this is encouraging users to trust 3rd party websites by design.

Seems wide open for phishing.

aioprisan11y ago

There is also nothing stopping anyone from slapping on the old PayPal button or the Checkout with Amazon button on a phishing site. Do you prefer something non-branded out of the box, such as Stripe's Pay with Card button? Generally, you can't turn these services on without at least having the page serving the production version on SSL.

talos11y ago

Yeah, but those sites don't have people enter in their login/password until after they've been forwarded to an `amazon.com` or `paypal.com` domain. Try it. This is encouraging users to engage in fundamentally unsafe behavior (enter credentials for site A on site B because site B looks like site A).

1 more reply

aioprisan11y ago

I remember seeing these same concerns with the Stripe button. Edit: found the old discussion link: https://news.ycombinator.com/item?id=5079702&mobify=0

talos11y ago

When I've used Stripe payment before, I remember just entering my credit card info. I can do this anywhere, regardless of how it's branded.

If someone malicious gets my credit card info, I have a lot of ways to defend myself. Someone malicious getting my PayPal login info could be much, much more dangerous, and I'd have considerably less protection. Essentially we're talking about leaking login info here -- that's very different than credit card info.

pc11y ago

This phishing concern is part of why we decided to use one-time SMS tokens with Checkout -- there's no password to steal.

1 more reply

ericcholis11y ago· 2 in thread

Some usability things I noticed on the Drop-in UI Sample Page: (https://www.braintreepayments.com/features/drop-in)

It appears that the PayPal is a header, rather than a button, it has no call to action. Separating the credit card form from the button and giving it a clear header (Like: "Pay With Credit Card") would help indicate the choice of PayPal or Credit Card.

Also, I'm not sure if it's intentional, but the credit card form doesn't actually do anything. Completing the form with a test credit card gives no follow-up call to action. This could be confusing to people wanting to see a "working" integration.

benmills11y ago

I'm one of the developers who works on v.zero. We're planning on constantly improving the drop-in UI based on feedback and data. Currently we allow you to embed the form shown in your own form. It's expected you would include your own call to action that would be more contextual for the user.

On native mobile we,ve taken the approach to render the call to action for you and allow you to configure the text. Is that something you would find useful on web as well? It's definitely something we've debated internally.

ericcholis11y ago

I like that I've got the ability to control the display, I'm looking forward to testing the integration. But, for some people, providing the full look and feel might fit better with the "drop-in" notion.

weixiyen11y ago· 2 in thread

Will this be able to save credit cards on the device so the user doesn't need to re-enter their credit card every single time they need to make a purchase?

klynch11y ago

Kristi from Braintree here. You can securely store the card info to the Braintree vault so the user only has to enter the credit card info in your app one time. You won't be able to save credit cards to the device to use across apps.

jjk11y ago

Will we be able to do the same for Paypal credentials? So if someone wants to do paypal, store that and charge later?

1 more reply

chatmasta11y ago· 1 in thread

And what happens when Braintree (owned by Paypal) decides to drop you as a merchant? What if you're running a website supporting Tor, or selling proxies or VPNs, and they decide your content is "against policy?"

They'll "drop" you, and suddenly your "drop in" SDK is completely worthless and you're forced to write your billing system from the ground up.

From a risk perspective, using a solution like Chargebee, that integrates with multiple merchant accounts (including Braintree), is a much better choice. If for whatever reason your merchant drops you (it does happen!), you don't need to make any code changes. You only need to swap out the backend merchant account in your Chargee dashboard.

These "batteries included" payment solutions are nice for getting up and running quickly, but if you have any semblance of long term planning, it's a bad idea to build your entire billing infrastructure around the API of a single merchant account provider.

dcc111y ago

This anyone considering a "serious" long term business should avoid Paypal, they eventually screw every merchant one way or another, their history is littered with horror stories and business that have grown reliant on then and went under when their funds get eventually frozen over some automated stupidity and no customer support.

cte11y ago· 1 in thread

Does this work for marketplace payments?

klynch11y ago

The new integration method is available for our marketplace merchants, but PayPal as a payment method is not available for marketplaces in this initial launch.

lbotos11y ago· 1 in thread

I skimmed but does anyone know why they called it V.zero?

drfatbooty11y ago

Hey I'm Tony, one of the devs at Braintree. We chose v.zero because we tried to rethink how our merchant integrated with us from first principles. This represents our simplest integration yet. You can check out more at https://www.braintreepayments.com/v.zero

omfg11y ago

I don't quite understand the recent developments at Braintree. We were using both them and PayPal for awhile before deciding to turn out card transactions over to PayPal also as it would secure a better rate. Meanwhile BrainTree has been working to make it easier to split processing between the two. Is the end goal here to make sure you're paying the highest rate? Why wouldn't you only use PayPal?

j / k navigate · click thread line to collapse

30 comments

19 comments · 7 top-level

talos11y ago· 5 in thread

Huh. I'm confused, what's to stop someone from copying the "Paypal" button and associated modal, but simply directing the form to themselves to absorb the Paypal credentials?

I suppose anyone could do this to take advantage of silly users, but this is encouraging users to trust 3rd party websites by design.

Seems wide open for phishing.

aioprisan11y ago

talos11y ago

1 more reply

aioprisan11y ago

I remember seeing these same concerns with the Stripe button. Edit: found the old discussion link: https://news.ycombinator.com/item?id=5079702&mobify=0

talos11y ago

When I've used Stripe payment before, I remember just entering my credit card info. I can do this anywhere, regardless of how it's branded.

pc11y ago

This phishing concern is part of why we decided to use one-time SMS tokens with Checkout -- there's no password to steal.

1 more reply

ericcholis11y ago· 2 in thread

Some usability things I noticed on the Drop-in UI Sample Page: (https://www.braintreepayments.com/features/drop-in)

benmills11y ago

ericcholis11y ago

weixiyen11y ago· 2 in thread

Will this be able to save credit cards on the device so the user doesn't need to re-enter their credit card every single time they need to make a purchase?

klynch11y ago

jjk11y ago

Will we be able to do the same for Paypal credentials? So if someone wants to do paypal, store that and charge later?

1 more reply

chatmasta11y ago· 1 in thread

They'll "drop" you, and suddenly your "drop in" SDK is completely worthless and you're forced to write your billing system from the ground up.

dcc111y ago

cte11y ago· 1 in thread

Does this work for marketplace payments?

klynch11y ago

The new integration method is available for our marketplace merchants, but PayPal as a payment method is not available for marketplaces in this initial launch.

lbotos11y ago· 1 in thread

I skimmed but does anyone know why they called it V.zero?

drfatbooty11y ago

omfg11y ago

j / k navigate · click thread line to collapse