← Back to context

Comment by pjc50

1 day ago

> anything popular that used this system seems like it'd be pretty inundated with fraud

I coined "micropayments means microfraud"; I would expect this to have similar situations to the AWS mystery bill problem, but on a tiny scale. If you can charge customers without their confirmation it's easy to run up bills. And of course the amounts are so tiny you can't afford dispute resolution.

1 comment

pjc50

Reply
strnisa  1 day ago

Yes, merchant abuse is a risk. What we do and plan to do:

  - Each merchant requires an OAuth grant, and customers can revoke it at any time.
  - A customer ledger shows what, when, and how much each merchant charged. This can be shown in the customer's dashboard and monthly statement emails.
  - Customers have account-level spending caps to limit exposure. We will add per-merchant caps.
  - If patterns look off or we get complaints, we can pause new charges and review.