Security News > 2020 > April > Stripe is absolutely logging your mouse movements on websites' payment pages – for your own good, says CEO

Stripe is absolutely logging your mouse movements on websites' payment pages – for your own good, says CEO
2020-04-22 21:50

Stripe CEO Patrick Collison insists his company's collection of e-commerce customers' site interactions, mouse metrics, and identifiers is solely for fighting fraud - though he allows that the payment platform's disclosure could be better.

On Tuesday, developer Michael Lynch questioned Stripe's data collection in a blog post, noting that the biz's JavaScript library, used by web merchants to implement client-side aspects of Stripe's payment system, records browsing activity and reports the data back to the company.

According to Lynch, the library when present on a page reports the URL even if the page does not include a Stripe payment form, and includes mouse movement telemetry and unique identifiers that let Stripe match visitors against data from other Stripe-implementing sites.

Responding to Lynch's concerns in a post on Hacker News, Collison insisted Stripe doesn't use the data for advertising or to investigate their users' habits.

While Stripe recommends loading the code "On every page, not just the checkout page" for spotting anomalous behavior, it can be confined to just where transactions occur and it can be unloaded if desired.


News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/04/22/stripe_defends_mouse_measuring_javascript/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Stripe 5 0 2 4 1 7