Comment on Nope
NaibofTabr@infosec.pub 3 months agoYou’re right of course, the root issue is trust.
If you are a new product/service vendor for me, then there is no trust yet - there hasn’t been time for a trust relationship to develop. We don’t have a relationship yet, and certainly not enough of one for me to trust you with any of my financial information. By asking for that up front, you are demonstrating that you are not trustworthy. You are identifying yourself as the type of business that tries to collect excessive amounts of information about its clients for no justifiable reason. And even if your intentions are completely above-board in collecting that information, I also have no idea how the information you collect is secured, and since I haven’t evaluated the product yet I can’t determine whether the risk of sharing financial information with you is worthwhile. My risk-reward analysis is blank on the reward side, which means that I need you to lower my entry risk.
When you make this distinction of “high trust” and “low trust” people, you are actually misusing the term “trust”. Trust cannot exist without experience - it is something that develops over time through interaction. I cannot trust you if I have only just met you, it is impossible. I can be naive, and agree to what you ask for without suspicion, but naivety is not the same thing as trust. What you are calling “high trust” people would be more accurately termed “rubes” or “saps”.
On average, high trust people are just easier to manage, especially when you’re a small outfit. It’s better for everyone if low trust users bounce away because of the cc wall.
What you are saying here is that it’s convenient for you if people just give you what you ask for without asking too many questions or raising any objections, and you prefer customers who are generally lacking in awareness especially with regard to their own security. Of course that’s convenient for you, you don’t have to spend any time considering whether there’s something wrong with your approach to this.
If you are disrespecting my financial security up front, and you are doing that for the sake of your own convenience, that is a very bad place to start a relationship. You are damaging the potential for trust before we’ve even got started, because it’s “easier” for you.
Zos_Kia@lemmynsfw.com 3 months ago
Jesus Christ man 😂 you’re looking for a moral angle but there is no moral angle here. A business has the right to design their transactions however they want, even if that design explicitly excludes people like you.
Some people are easy-going, they are more prone to trust, they want to test a product they don’t write an essay about it about it they just put their CC info in, try the thing, and cancel the sub if it’s not for them. If they forget to cancel i refund their money cause i need a happy customer more than i need 20 bucks. You don’t need to call them rubes just because they’re invited to the party and you’re not.
NaibofTabr@infosec.pub 3 months ago
Hmm, perhaps I’m not explaining this very well. Morality has nothing to do with what I’m talking about. What I’m trying to describe is how I do risk assessment as a potential new customer, and how that affects creating client relationships for a business.
What I am saying is that you should be considering the risk tolerance of your potential customers. Sharing financial information on the internet is always a high-risk action, especially when you don’t have an existing relationship with the person or organization that is collecting that information, where there cannot be trust yet. People who readily take such actions can be accurately described as “rubes” because they don’t spend enough time thinking about risk.