I am developing a mobile app, a market place buyers and sellers can meet.
When making payments, the buyer will have to enter his credit card information every time, because we are not saving them.
To get paid, sellers need to have their bank details stored with us (That's what we think). We are planning to use a payment gateway like Stripe or Braintree.
Now, we have 2 questions.
Instead of we storing the bank details, can we shift this responsibility to the payment gateway provider? So the information are with that service and not with us.
If it is mandatory for us to keep the bank details, what security measures we need to take?
I can't speak for Braintree, but Stripe can handle storing those. I'd suggest reaching out to them to tell them more about your use case and ask for more details. https://support.stripe.com/contact/email
Related
I develop and host a SaaS business that bills most customers directly, and that is a normal basic use-case with Stripe.
However, I also have a reseller that handles the billing relationship for those mutual customers. Since I host the SaaS service, all signups and subscription changes run through my software, and I'd like to use Stripe to track those customers, and create an invoice for each one of what the reseller owes us for them. Then I'd like to be able to charge the reseller's credit card once to pay for all those customers' invoices in one transaction. Is that possible?
Stripe Connect seems to serve the general need for handling these types of multi-party transactions. But I don't want to require the reseller to use Stripe to bill their own customers.
It seems maybe it could work if I created a single Stripe customer for the reseller, and then create a subscription for each of the reseller's customers under the reseller's customer resource. But it's not the canonical way of doing it, and I think I'd prefer a Stripe customer resource for each actual customer.
Although it might seem I could just collect payment from the reseller, and then mark all the customer invoices as paid offline but that seems it would double book revenue. I definitely don't want that!
I'm hoping someone might have a suggestion about the best way to accomplish this.
Thanks.
These types of questions are probably better suited for the Stripe support team, as they’ll be able to advise you on your business model and if there are any edge cases or unknowns you should be aware of: https://support.stripe.com/contact
I have a subscription service for which free trials are allowed before signing up for the full payed service. I want to ask the customer to provide credit card details before gaining access to the free trial, to prevent abuse of the trial.
I'm using Stripe to handle payments so that I don't have to deal with storage of any sensitive payment information. This free trial scenario would seem to be very common, so I assumed there would be some way to query a card to make sure that it hasn't been used to sign up already. Just some API call that would accept the card number etc. and return a boolean.
I haven't seen anything like in the API docs. I know that fingerprints of cards are accessible after creating a card source, so is it advisable to store them myself and query them? Or have I missed something in the docs?
Just to be clear... I'm not looking to search a card for a particular customer. I know I can iterate over the cards to do that, but I'd have to iterate over the cards of every customer to accomplish what I want, which is not feasible.
Here you probaly want to contact the support team and suggest this as a new feature.
A possibility is the fingerprint you mention, in my opinion this would be the way i would do it too.
One single card should never be associated with one customer in a platform.
No, there is no way to check whether a credit card is used for another customer or not. And there shouldn't be. Because a customer has right to use his/her single credit card to maintain more than accounts.
You can easily integrate trial feature of a Subscription in Stripe which is best way to implement Trial feature using Stripe. If any customer's payment failed after trial expired then you will be notified by Stripe.
And Stripe and any other payment gateway is not advise to store any card info due to security issue.
Say I have a company where I want to make direct deposits to members' bank account. I understand that's it a really bad idea to ask them their information on the site and store it in the database.
But what If i ask our members to email us their bank info for direct deposits? I would then simply take their info and put it in excel sheet instead of storing it in the server(and delete the original email). That would be my reference point to sending the members direct deposits using my bank account. Is that legally allowed? If not, what would be another method to request a member's bank account info to make direct deposits?
Collecting banking account information has significant security implications and doing via email is not kosher. But there are alternatives.
The simplest alternative is using interbank service like Zelle where you can send money to your members' bank accounts using just their email accounts (the one associated with their bank login). We pay our smaller vendors this way and most get paid immediately without any transaction fees. But this may not work for members who use smaller banks outside the network (e.g credit unions) and the service does not have sophisticated tracking or linking to invoices.
If you have international members or need a more scalable/programmatic/self-serve solution, you can consider using a payment gateway provider like paypal/braintree or stripe-connect. Stripe is especially easy to integrate with a website and instead of you collecting and maintaining banking information for your members, stripe does on your behalf. Companies like Lyft use this to pay their drivers. It scales and works in almost all major international locations. Downside is there are per transaction fees which get steep if you want instant payments.
I am working on a software that is to be used by businesses which make about $0.5mil revenue per year. I would like to incorporate into the software the option for my users to accept card payments from their clients. So far it seems I have the following options:
Manage multiple merchant accounts on behalf of my clients, however this has a few drawbacks. I would, for example, like to charge some small fee to cover the costs (about 0.1%) which I cannot accept if the payment to my user doesn't go through some stage that I can control where I can deduct the fee and send it my way. Also, about 50% of the mentioned revenue is paid for by credit or debit cards so a volume of $250,000 might not be enough to cover the fees set by the account provider.
Send everything through a merchant account that I control and then distribute the funds to the users. This, however, seems like a very small scale solution at best with the average number of payments per user per day being around 15.
The end result should be that the user enters a price in the software, this gets sent to a card reader where the user's client inserts their card and makes the payment. The amount charged includes all the fees associated. The amount paid will then be sent to some merchant account where my fee will be sent to me and the merchant fee will be deducted, the rest will be sent to my user's account. The whole point being that the user doesn't have to bother with setting up merchant account or card reader and simply gets a card reader from us which connects to the software and can immediately accept payments.
I sincerely hope I am missing something but I would appreciate any help with finding a way how to charge clients of my users and take some small fee.
So as it turns out, the best way to do this is using Stripe after all. If anyone is ever concerned, this is how I solved the problem.
Stripe is currently rolling out Managed Accounts of their Stripe Connect which can be used to effectively manage Stripe accounts for my customers. Therefore, once a user registers for my payment program, I create a managed account for them without the user knowing at all. For incoming Stripe payments I can then use the destination property as the id of the account where the money should go and specify an application fee which will be charged to my own account.
From there on the only problem to solve is that Stripe only supports online payments which can be overcome by using for example Payworks, however so far their service has been pretty terrible so this may be a weak point in the system.
I am developing an e-commerce website where some customers will be making frequent online purchases. With that said, I am trying to find a solution that will allow me to securely store credit card information, using Website Payments Pro, so customers do not need to re-enter credit card information every time that they make a purchase. I am aware of credit card "tokenization" services like Braintree, but they require you to use their entire payment platform. PayPal has confirmed that there are third party shopping carts out there that work with Website Payments Pro, that would securely store credit card information (as long as I am PCI compliant), but would not point me in the direction of one.
Does anyone know of a third party service that would fit my needs for this? Thanks for your time and help!
David
You can make use of PayPal's Reference Transactions API that makes a transaction ID as reference to make future transactions without entering their credit card information.This way your customers can make payments throughout the year.
Alternatively you can also make the billing agreement ID as the reference for future transactions.This way PayPal Payments Pro will pick the required details automatically from the previous transaction.Billing agreement ID has the benefit that it is not time bound for 1 year unlike transaction ID
It is very, very difficult to securely store credit card information. In fact, it was announced just two days ago that 130 million credit card numbers were stolen from major retail and finance companies that have far more resources than you probably do to secure that data.
I fully understand the desire to easily facilitate recurring payments. However, think though and understand the risk related to storing of credit card numbers before deciding to do so.
If you decide that you need to store the card numbers, I recommend hiring a security expert with a proven track record to help design your solution and then audit it once it's in place.
I think the better solution would be using paypal Vault
The Vault API provides a secure way to store customer credit cards. By storing cards with PayPal, you can avoid storing them on your servers.
so the flow should be as follow
you store customer credit card to vault, and get a card id back from paypal.
You can use that card id to make a transaction or save that card id with customer info in your database to make future transactions
Note:
A reference transaction must have occurred within the past 730 days because the ID may not be available after two years.
in the past, I have used aspdotnetstorefront, but it is an entire storefront application, including the payment gateway.
You can do this with PayPal Express if you don't want to use Pro.
https://www.paypal.com/cgi-bin/webscr?cmd=xpt/Marketing/general/RecurringPaymentFAQs-outside#Q9
Is that what you're looking for or are you looking for the actual code that uses their API?