I would like to discuss best security practices. I want to build confidence and reassure my platform users.
I know that with stripe connect, stripe would have the host contact info for the payouts. And there is a delay in the payouts to after the booking.
But shouldn’t the platform also be able to moderate the vendor’s changes? As they can change their names, contact info and even change their attached ID and photos.
What kind of problems can this cause for the owner of the platform? Or can it lead to fraud by hosts? Can anyone elaborate their thoughts…
Currently there’s no separate workflow for moderating vendors, vendor profiles are approved via listings (if the first listing of a user is approved).
If you use Stripe Connect, they take care of KYC during the onboarding (they also ask for an ID and verify the identity), even if some details change on your site, payouts will be still verified and the actual owner of the Stripe Express account will not change.
We’re also working on a new option for attributes that prevents editing the field value once it’s set, once it becomes available you can use it and add a notice that if vendor wants to update specific details after they are entered, they should contact the site administrator (e.g. via a custom contact form).