Say I have a company where I want to make direct deposits to members' bank account. I understand that's it a really bad idea to ask them their information on the site and store it in the database.
But what If i ask our members to email us their bank info for direct deposits? I would then simply take their info and put it in excel sheet instead of storing it in the server(and delete the original email). That would be my reference point to sending the members direct deposits using my bank account. Is that legally allowed? If not, what would be another method to request a member's bank account info to make direct deposits?
Collecting banking account information has significant security implications and doing via email is not kosher. But there are alternatives.
The simplest alternative is using interbank service like Zelle where you can send money to your members' bank accounts using just their email accounts (the one associated with their bank login). We pay our smaller vendors this way and most get paid immediately without any transaction fees. But this may not work for members who use smaller banks outside the network (e.g credit unions) and the service does not have sophisticated tracking or linking to invoices.
If you have international members or need a more scalable/programmatic/self-serve solution, you can consider using a payment gateway provider like paypal/braintree or stripe-connect. Stripe is especially easy to integrate with a website and instead of you collecting and maintaining banking information for your members, stripe does on your behalf. Companies like Lyft use this to pay their drivers. It scales and works in almost all major international locations. Downside is there are per transaction fees which get steep if you want instant payments.
Related
I am collecting a payment using Stripe, and want to keep a portion, and send the rest onto another account from another organisation.
Stripe have told me that I have to connect an account. I have done this, Stripe gives me a link which the other organisation pastes into their browser, and all works. I can create a transfer linked to a payment intent.
But, when the link is pasted into the other organistions browser, this message is shown.
______ will be able to see your account data (such as all payment and payout history), including any data created by other business you've connected. They'll also be able to create new payments and take other actions for you.
This seems crazy - I just want to pay them some money, not ask them for full access.
Am I missing a trick?
Stripe Connect is a product/tool that allows accounts to work together to provide goods and services to end customers. There are a few different approaches to how this is configured based on your use case as well as whether you would be acting as the Platform (the one in control) or the Connect Account.
You should review the different Connect Account Types and determine what best matches your use case. Some questions to consider are as follows:
Who is interfacing with the end-customer (you or the other account)?
Who is providing the product/service?
Is this other account providing a service to you in exchange for a cut of the revenue?
On what account should the transactions and customers be stored?
It sounds like, based on the warning message, you were creating the other account to be the Platform and you would be Connect Account. In that cases the other account could make API calls on your behalf using your account token. This would be normal if the other account is providing a service to you like funneling customers to you in some way. A good way to quickly review what approach makes the most sense for your use case is to review the Funds Flow diagrams for the different types of Charges
Direct Charges
Destination Charges
Separate Charges and Transfers
I am developing a mobile app, a market place buyers and sellers can meet.
When making payments, the buyer will have to enter his credit card information every time, because we are not saving them.
To get paid, sellers need to have their bank details stored with us (That's what we think). We are planning to use a payment gateway like Stripe or Braintree.
Now, we have 2 questions.
Instead of we storing the bank details, can we shift this responsibility to the payment gateway provider? So the information are with that service and not with us.
If it is mandatory for us to keep the bank details, what security measures we need to take?
I can't speak for Braintree, but Stripe can handle storing those. I'd suggest reaching out to them to tell them more about your use case and ask for more details. https://support.stripe.com/contact/email
I have a subscription service for which free trials are allowed before signing up for the full payed service. I want to ask the customer to provide credit card details before gaining access to the free trial, to prevent abuse of the trial.
I'm using Stripe to handle payments so that I don't have to deal with storage of any sensitive payment information. This free trial scenario would seem to be very common, so I assumed there would be some way to query a card to make sure that it hasn't been used to sign up already. Just some API call that would accept the card number etc. and return a boolean.
I haven't seen anything like in the API docs. I know that fingerprints of cards are accessible after creating a card source, so is it advisable to store them myself and query them? Or have I missed something in the docs?
Just to be clear... I'm not looking to search a card for a particular customer. I know I can iterate over the cards to do that, but I'd have to iterate over the cards of every customer to accomplish what I want, which is not feasible.
Here you probaly want to contact the support team and suggest this as a new feature.
A possibility is the fingerprint you mention, in my opinion this would be the way i would do it too.
One single card should never be associated with one customer in a platform.
No, there is no way to check whether a credit card is used for another customer or not. And there shouldn't be. Because a customer has right to use his/her single credit card to maintain more than accounts.
You can easily integrate trial feature of a Subscription in Stripe which is best way to implement Trial feature using Stripe. If any customer's payment failed after trial expired then you will be notified by Stripe.
And Stripe and any other payment gateway is not advise to store any card info due to security issue.
I am working on a software that is to be used by businesses which make about $0.5mil revenue per year. I would like to incorporate into the software the option for my users to accept card payments from their clients. So far it seems I have the following options:
Manage multiple merchant accounts on behalf of my clients, however this has a few drawbacks. I would, for example, like to charge some small fee to cover the costs (about 0.1%) which I cannot accept if the payment to my user doesn't go through some stage that I can control where I can deduct the fee and send it my way. Also, about 50% of the mentioned revenue is paid for by credit or debit cards so a volume of $250,000 might not be enough to cover the fees set by the account provider.
Send everything through a merchant account that I control and then distribute the funds to the users. This, however, seems like a very small scale solution at best with the average number of payments per user per day being around 15.
The end result should be that the user enters a price in the software, this gets sent to a card reader where the user's client inserts their card and makes the payment. The amount charged includes all the fees associated. The amount paid will then be sent to some merchant account where my fee will be sent to me and the merchant fee will be deducted, the rest will be sent to my user's account. The whole point being that the user doesn't have to bother with setting up merchant account or card reader and simply gets a card reader from us which connects to the software and can immediately accept payments.
I sincerely hope I am missing something but I would appreciate any help with finding a way how to charge clients of my users and take some small fee.
So as it turns out, the best way to do this is using Stripe after all. If anyone is ever concerned, this is how I solved the problem.
Stripe is currently rolling out Managed Accounts of their Stripe Connect which can be used to effectively manage Stripe accounts for my customers. Therefore, once a user registers for my payment program, I create a managed account for them without the user knowing at all. For incoming Stripe payments I can then use the destination property as the id of the account where the money should go and specify an application fee which will be charged to my own account.
From there on the only problem to solve is that Stripe only supports online payments which can be overcome by using for example Payworks, however so far their service has been pretty terrible so this may be a weak point in the system.
I am developing an e-commerce website where some customers will be making frequent online purchases. With that said, I am trying to find a solution that will allow me to securely store credit card information, using Website Payments Pro, so customers do not need to re-enter credit card information every time that they make a purchase. I am aware of credit card "tokenization" services like Braintree, but they require you to use their entire payment platform. PayPal has confirmed that there are third party shopping carts out there that work with Website Payments Pro, that would securely store credit card information (as long as I am PCI compliant), but would not point me in the direction of one.
Does anyone know of a third party service that would fit my needs for this? Thanks for your time and help!
David
You can make use of PayPal's Reference Transactions API that makes a transaction ID as reference to make future transactions without entering their credit card information.This way your customers can make payments throughout the year.
Alternatively you can also make the billing agreement ID as the reference for future transactions.This way PayPal Payments Pro will pick the required details automatically from the previous transaction.Billing agreement ID has the benefit that it is not time bound for 1 year unlike transaction ID
It is very, very difficult to securely store credit card information. In fact, it was announced just two days ago that 130 million credit card numbers were stolen from major retail and finance companies that have far more resources than you probably do to secure that data.
I fully understand the desire to easily facilitate recurring payments. However, think though and understand the risk related to storing of credit card numbers before deciding to do so.
If you decide that you need to store the card numbers, I recommend hiring a security expert with a proven track record to help design your solution and then audit it once it's in place.
I think the better solution would be using paypal Vault
The Vault API provides a secure way to store customer credit cards. By storing cards with PayPal, you can avoid storing them on your servers.
so the flow should be as follow
you store customer credit card to vault, and get a card id back from paypal.
You can use that card id to make a transaction or save that card id with customer info in your database to make future transactions
Note:
A reference transaction must have occurred within the past 730 days because the ID may not be available after two years.
in the past, I have used aspdotnetstorefront, but it is an entire storefront application, including the payment gateway.
You can do this with PayPal Express if you don't want to use Pro.
https://www.paypal.com/cgi-bin/webscr?cmd=xpt/Marketing/general/RecurringPaymentFAQs-outside#Q9
Is that what you're looking for or are you looking for the actual code that uses their API?