I run a small web app that makes a little bit of money through ads.<p>People commonly give the advice that you should ask your users for payments if you want to keep your web app alive.<p>I do not know if people will pay for this app, but recently, I decided that I would add some for-pay features to my app.<p>I mentioned my decision to a friend. He said "Aren't you concerned that accepting payments may open your site up to attackers or abuse?" I pressed him, but he couldn't come up with a reason for asking. This idea had not occurred to me.<p>So, I'm asking you, people of HN: is my friend just paranoid? Have you heard about something bad happening to a website or app after payments were added? Do you have experience with this problem, or was it never a problem for you?
It happens. Candy Japan gets a bit of discussion here on HN, and has a few posts about credit card fraud on the blog (eg <a href="https://www.candyjapan.com/behind-the-scenes/how-i-got-credit-card-fraud-somewhat-under-control" rel="nofollow">https://www.candyjapan.com/behind-the-scenes/how-i-got-credi...</a>). The basic premise is that credit card fraudsters use small online transactions to check if a card is valid before they use it for the big high value stuff, and the cost of those transactions to a small business can make it expensive to run.<p>That said, if you're just enabling features on a site the actual cost to you is effectively zero, so maybe it's not something to worry about.