Current time: 22-Nov-24, 23:27 Hello There, Guest! (LoginRegister)
Visual ESP ETA and showcase vid: showthread.php?tid=21154
Why is paypal not enabled?
19-Apr-20, 00:53 (This post was last modified: 19-Apr-20 00:58 by arsenal.)
Hey guys so I have been a member for a long time and would like to purchase a new package however paypal is disabled and also its asking us to pay via rexdigitalshop? there are literally no reviews (on that store) nor do we know our data will be compromised any thoughts? For old timers can the administration enable Paypal payments? There is no way in the world we will ever use rexdigital since we have credits cards worth a ton of $ and last thing we need is a unknown payment gateway tell us to incorporate our identity with payment without protection.
19-Apr-20, 01:02 (This post was last modified: 19-Apr-20 01:02 by TheNotoriousAWP.)
rexdigitalshop is written by the developer who has done all of the web framework in the past for hexui. In addition, it does card payments through stripe still. They have strict limited data policies and from my experience, the developer has told me he would not want to look through all of the data regardless. The reason billing address, etc. is needed is for verification from your bank / card company.

Paypal only fuck over small businesses and consumers. There is no reason to be using them and they don't really make payments more secure as your bank have better chances of returning a fraudulent payment than paypal does.
19-Apr-20, 01:08
That is the issue, if the developer created a gateway payment that works through stripe how is that even safe? (what if the database gets hacked?)
I do not mind the option being available to new comers, but old timers who made numerous of payments I think they deserve atleast some sort of comfort.

There are many of us old timers who only use paypal or etransfer for payments not to scam small businesses but for a safe transaction for both ends.
19-Apr-20, 01:17 (This post was last modified: 19-Apr-20 16:18 by TheNotoriousAWP.)
(19-Apr-20 01:08)arsenal Wrote:  That is the issue, if the developer created a gateway payment that works through stripe how is that even safe? (what if the database gets hacked?)
I do not mind the option being available to new comers, but old timers who made numerous of payments I think they deserve atleast some sort of comfort.

There are many of us old timers who only use paypal or etransfer for payments not to scam small businesses but for a safe transaction for both ends.

It's only the direct debit that is enabled through paypal as opposed to a simple bank transfer. the data shared is actually smaller than with PayPal.
19-Apr-20, 01:20
(19-Apr-20 01:17)TheNotoriousAWP Wrote:  
(19-Apr-20 01:08)arsenal Wrote:  That is the issue, if the developer created a gateway payment that works through stripe how is that even safe? (what if the database gets hacked?)
I do not mind the option being available to new comers, but old timers who made numerous of payments I think they deserve atleast some sort of comfort.

There are many of us old timers who only use paypal or etransfer for payments not to scam small businesses but for a safe transaction for both ends.

Even if you use paypal, your billing address and information gets sent to the sellers regardless. It's only the direct debit that is enabled through paypal as opposed to a simple bank transfer. the data shared is actually the same


yes but it is secure in terms of theft.
19-Apr-20, 04:09
(19-Apr-20 01:20)arsenal Wrote:  
(19-Apr-20 01:17)TheNotoriousAWP Wrote:  
(19-Apr-20 01:08)arsenal Wrote:  That is the issue, if the developer created a gateway payment that works through stripe how is that even safe? (what if the database gets hacked?)
I do not mind the option being available to new comers, but old timers who made numerous of payments I think they deserve atleast some sort of comfort.

There are many of us old timers who only use paypal or etransfer for payments not to scam small businesses but for a safe transaction for both ends.

Even if you use paypal, your billing address and information gets sent to the sellers regardless. It's only the direct debit that is enabled through paypal as opposed to a simple bank transfer. the data shared is actually the same


yes but it is secure in terms of theft.

Not true. Your bank has more power than paypal. Paypal don't really look at evidence and side with the buyer automatically and fuck over sellers.
19-Apr-20, 05:20
I don't think you know how payment gateways work, at all.
Do you really think Stripe would let us be able to grab the credit card information?

This is from Stripe's security page:
Quote:This is possible because Checkout and Elements host all form inputs containing card data within an iframe served from Stripe’s domain—not yours—so your customers’ card information never touches your servers.
https://stripe.com/docs/security

This is btw how 99% of all payment solutions work. I think PayPal must be one of the ONLY one who redirects people onto their own site.
Redirection vs iframe is the same. Redirection = redirects your browser to their page, Iframe = creates another browser in your current browser with their page. Iframe is safer because payment solutions tailored to be in an iframe often have less content. Less content, gives less attack surfaces for a hacker.
PayPal could also be made into an iframe, if I made my shop button in an iframe and let the redirection happen in the iframe browser, would just look ugly since PayPal isn't meaned to work that way.

Stripe is WAY more secure than PayPal, and they even do regular checks where they go through our website to make sure we meet their high level of security demands: https://i.gyazo.com/afd2f54ffffcbf6654df...105892.png which I had to go through just recently actually, took them 3-days, which shows that they actually go things in depth.

We do not want to use PayPal again because it treats businesses bad, there support is bad, and they prolly have the worst security in business, because their systems is outdated as hell.
If you want safe transactions stop using payment solutions living on aged technology from 2008.

RexDigital do plan to integrate PayPal, but Hexui will prolly not enable the option.
Never have I used so little cost on fraud, than with Stripe and its awesome anti-fraud radar system.

RexDigital does not store anything on purchases, not even billing address, customer name or anything at all. Either way you can leave fake crap if you want I don't care. The only reason I need it, is because of EU regulations forcing me, and I don't want in 4-years to be jailed for fraud because I didn't collect customer information as required by law, in 5000+ transactions.

This really makes me angry actually. Because what's your other options than Hexui? 50+ cheat providers, who doesn't even publicize their company information. How's it safe to deal with someone who won't give you their name or company information?
What are you gonna do if they misuse your IP, or use their cheat software to steal your credit-card details with a keylogger or whatever? well nothing, because you have no way of knowing who they are.
If I did that though, or if Rexdigital did, I would get fcked in a courtroom as soon as your reported me to the authorities in Denmark or the EU. Rexdigital can't do that though, since nothing of the information is processed through them, it's just visualized as it were, but it's a Stripe hosted page, shown to you through a iframe/virtual browser. I could though steal your credit card details by placing malware on your PC through my software's auto updater, therefor I think it's important you know who I am, so you can report me, for your safety.
Why do you think so many cheat providers don't want to tell you who they are? Because they want you to have NO rights, so they can do whatever they want to.

All in all, no were not getting PayPal back, it's bad, old, insecure and too expensive.
19-Apr-20, 14:40
Another thing worth noting, is how little data we actually store and collect:
https://i.gyazo.com/34a79182bbcd545bde72...41b0f4.png

Our user table in our database, is 407 mb, after 6-years
Remember each customer have a client and module stored.

If you divide this with our user count: 32.379
We store less than 12.5 kB of information pr customer. "LESS than 12.5 kB" because the a huge part of the data size is due to the the generation of unique client and module which is stored pr customer.
The only thing I have on you which is considered personal is your e-mail and ip address.
Then Stripe have your name stored, and I'm able to see only the last 4-digits of your credit card.
Then on Billy.dk we store invoices where whatever billing address and name you filled is shown (accountance system), we are required to store invoices for 4-years by EU and Danish laws. I will delete them after 4-years though, as then I'm not required to have them anymore.

And here is an example of what information RexDigital have on you
https://i.gyazo.com/daef284310c8c03264b8...cad862.png
Isn't it nice I can share a random users FULL transaction info with you, because it contains NO personal information at all?

The only thing stored is what payment method you used and what you bought. But rexdigital are unable to link that to you, since they sure nothing identity linking information is stored.
They create a transaction id, which I store, and Stripe store, so I can link a users payment from Hexui in Stripe. So I'm able to do a refund or inspect a transaction if an error happens.
RexDigital is absolutely the most private payment gateway there is. Most middle-man gateways will log your name and address information.

PayPal sent us your full-name used on your PayPal account with their IPN. How stupid is that, when we don't need your full-name here on Hexui. We need it in our invoice system, and can perfectly rely on what you submit to us, and not what you submit and verify on PayPal, they shouldn't share that information with us.

Beside that, try to get a technical information from any other provider. Most won't cause they don't care about your rights, and a lot don't know how their payment system even work, so they can't tell you what information they have.

We know exactly what we and our partners collect, and we're completely transparent about it. And I can assure you everything we do have, is stored safely. EU has very strict data protection laws, and if you ever feel for it, you can with GDRP do a data seizure and get everything removed, as a legal business we have to accept such request.

Even my competitors criticize me for storing such little information, they are like: Oh what if Valve buys the cheat, how will you know it's them? And they openly tells me how they screenshot customer pc's and have backdooring tools in their cheats, to hack anti-cheat developers or people with evil intentions and what not.
But I live under the assumption, that when Valve buys a cheat, they of course use fake information, They do whatever in their power to hide their identity. Therefor there is no reason for me to store such information, it will actually just end up being misleading. I have much better ways to identify VAC, that does not rely on information that can be user manipulated.

Oh and last thing: We don't even use ANY google analytics tools, like pretty much everyone of our competitors do and any other website in general, which collects an immensive amount of data of a website visitor.
Except for the registration captcha which is google based, which we are going to replace very soon with hCaptcha.

Edit: let me show you information we stored when using PayPal:
Quote:lid
uname
uid
additional
sid
endgroup
receiver_email
receiver_id
business
item_name
item_number
quantity
invoice
option_name1
option_selection1
option_name2
option_selection2
payment_type
payment_status
pending_reason
reason_code
payment_date
settle_amount
settle_currency
exchange_rate
payment_gross
payment_fee
mc_gross
mc_fee
mc_currency
mc_handling
mc_shipping
tax
txn_id
txn_type
for_auction
auction_buyer_id
auction_closing_date
auction_multi_item
first_name
last_name
address_name
address_street
address_city
address_state
address_zip
address_country
address_country_code
address_status
payer_business_name
payer_email
payer_id
payer_status
residence_country
memo
subscr_date
subscr_effective
period1
period2
period3
amount1
amount2
amount3
mc_amount1
mc_amount2
mc_amount3
recurring
reattempt
retry_at
recur_times
username
password
subscr_id
auth_id
auth_exp
auth_amount
auth_status
transaction_entity
remaining_settle
parent_txn_id
case_id
case_type
case_creation_date
notify_version
verify_sign
timestamp
enddate
expired
You can opt out of some of it, but mostly providers don't because they use standard payment modules built in to their forum system, such as vBulletin's and Xenforo's payment modules. Where they have to do code core edits to filter this information out, which they don't bother doing, because these changes will be overwritten in forum software updates, or don't know how to.

Information we store now using Stripe through Rexdigital:
Quote:id
transaction_id
product_sku
uid
buyer_uid
transaction_status
suspended_seconds
enddate
expired
updated_at
created_at

So ye again, we don't use PayPal based on privacy concers, their shitty way of dealing with small businesses, their bad support, their aged slow system, their aged insecure system.

We highly respect individuals privacy, and only collect and store what we are required too by EU laws and to make automatic elevation possible, and we make sure whoever we partner with do the same.
19-Apr-20, 15:33
So if your concern is security and privacy, there's three options on the internet: Hexui, Ezfrags and Aimware.
Ezfrags do everything manual and dont use conventional payment methods, so they are highly private, one problem is though they have no public company information, so you have NO rights as customer.
Aimware has public company information and a custom payment module and is situated in the Switzerland, so they should be damn good. It's rumored they have backdoor in the client though to harm people with bad intentions, as they once hacked a guy trying to crack their client.
Worth noting Chods-Cheats also have public company information, but seems like he use a default payment module, thankfully it's Stripe though and not PayPal crap.
They all use google analytics crap shit though.
19-Apr-20, 15:41
If you are still not convinced, you can visit me at my office address, and I will gladly go through everything with you, over a cup of coffee.

I'm soon moving from: Flæsketorvet 68. 1, 1711 Copenhagen V, Denmark
To address: Stengade 51B, 3000 Elsinore, Denmark.
Elsinore is a beautiful city, with an absolutely amazing 16th-century castle, so if you ever came by to see it, make sure to visit me for free coffee at my friend's coffee shop downstairs at Stengade 49C, he also sell great waffles which can be poured with ice-cream Smile


User(s) browsing this thread: 2 Guest(s)