I'm developing a Symfony 3 application and the client chooses stripe for online payment
Users will make auctions on the website.
Is there a solution (with stripe or another system) to check if the user has provision on his account to accept the auction ?
Amounts can be quite big (10k€)
Thanks !
Olivia
A lot of payment gateways offer Auth/Capture separation, in which you can first authorize the payment (suggesting the shopper's credit card has enough in the CC cap\credit ceiling to afford this deal currently).
The issue is that this authorisation request often puts the funds on a "hold period" on the card - a time frame in which the CC cap is reduced as if the shopper purchased the item, and could cause the shopper to max-out their credit even if they didn't end up purchasing. This is why authorisation calls on large amounts need to be handled with caution.
If you want to go ahead with this business model, make sure you also have a cancel/reverse authorisation option - that will allow you to validate first with an auth only request, and then release the hold on the shopper's CC. I am not familiar with Stripe's API, but I know that BlueSnap has both Auth and Auth reversal APIs:
Auth API: https://developers.bluesnap.com/v8976-JSON/docs/auth-only
Auth reversal API: https://developers.bluesnap.com/v8976-JSON/docs/auth-reversal
You can use the auth & capture flow to create an authorization but not capture the funds immediately.
Note that such large amounts will probably have high decline rates. I recommend you reach out to Stripe's support at https://support.stripe.com/email to discuss your business model in more details.
Related
I've making a SaaS that allows customers to subscribe to a plan, and use coupons at the checkout stage. The coupons give the customers X% off for X months, and by default, everyone gets a 7 day trial when they subscribe.
What is confusing me is the documentation. In one section it says that you should create SetupIntents to take a payment and elsewhere it says to use tokens.
I'm in the middle of coding the payment flow, but I just wanted to check to see if my logic and understanding is correct. Could anyone validate the below?
Customer enters card number and coupon
Call Stripe, get token for card
Send token and coupon to server
Create Stripe customer with token
Create Subscription with discount and pass customer ID
What has now happened is an authorisation attempt was made. If SCA is required, then the subscription status is incomplete and the latest invoice payment intent status requires action.
At this point, I can redirect my user to the SCA Flow using handleCardPayment() to prompt 3DS, and once complete the subscription status is then active.
If the invoice payment fails for any reason, then the subscription state is incomplete and the payment intent requires has a payment action required status. At this point, I should present my customer with the React Elements form again, and call the stripe.invoices.pay endpoint with the new card token
Going forwards, all subscription charges should not need further SCA approval, however if the customer changes plan or the bank requests it, then I can point my user back through the SCA Flow process
A diagram of the flow is here: Green is UI, Orange is Server, Blue is Stripe
Is there anything I have missed or misunderstood here? I've been reading about creating SetupIntents and PaymentIntents, but I'm not sure I need this?
If you are creating subscriptions using the Stripe Billing product they handle creating the PaymentIntent(if you are taking a payment immediately) or a SetupIntent (if you are setting up a trial or metered billing). All that you really have to do different is handleCardPayment (for payments) or handleCardSetup (for setting up trials and metered billing). This section in the docs is pretty good.
If you are not using billing they have a video on their Stripe Developers Youtube channel which may help clear up any confusion.
Hope this helps :)
Welcome fellow sufferer, cards and tokens are implemented in Stripe Charges API which is not SCA compilant. If you want use Stripe for payments inside the EU you should use payment intents.
Card tokens are also allowed for creating payment intents.
But if you want reduce the number of necessary authentications you should use setup intents (with usage = "off-session") for creating payment methods and not card tokens.
I have a lot of old customers who have still registered with the Charges API. I use the following strategy:
New customers always register via Setup Intents and Payment Methods.
Old customers use the Charges API until their tokens become invalid. Then they must also use setup intents and payment methods.
Of course, the customers do not notice much of it.
In summary, I would always use payment methods and setup intents for new customers and card updates. Only with the setup intents can you ensure that your customers have to authenticate themselves as rarely as possible.
EDIT: The crucial point is off-session payments that occur with subscriptions. The Stripe procedure is described here: https://stripe.com/docs/payments/cards/saving-cards#saving-card-without-payment
Again I am frustrated by the lack of documentation involved in developing using Google Wallet as a payment gateway and I may switch to another service.
My new question is as follows:
Can I programmatically change the payment card utilized by a Google Wallet for digital goods subscription?
If a card utilized in a subscription expires, that is on the user, However, If I do not provide a means of changing the payment card elegantly, that is on me!
Does anyone know how this can be done? Or would I have to create a whole new subscription to produce this effect? This should be a basic feature of any payment gateway so I am assuming that I am missing something.
It should also be noted that creating a new subscription may be problematic without an ability to cancel the previous subscription via the API. Provided that both the old and new cards are still valid, it would attempt to process the payments for both subscriptions!
On a side note, why does it seem that the Google Wallet API is missing so many key features? (annual subscriptions, subscription cancellation, the issue mentioned above, etc...?)
Thanks again everyone!
If Google can't successfully charge, they'll send you a failure postback which you can use to evaluate what to do with the subscription.
It would be best if you don't equate Wallet to a "payment gateway" (or credit card processing service/gateway) because it isn't.
At the end of the day, Wallet basically gives you some "access" to a Wallet User's data. It's up to the Wallet users' to add/remove whatever payment instruments they have in their Google Wallet.
in Wallet for Digital, Google also handles the transaction - the processing part, so you're freed of any PCI compliance, and related payment infrastructure to get stuff going.
Instant Buy, Google will send you a "virtual card" for you to process the transaction using your own/existing credit card processor/gateway. In this case, you do have to be PCI compliant and have existing infrastructure.
In both cases, you don't have access to the actual Wallet users' payment data. Google locks that stuff down.
Hth....
I want to know, can i use google wallet with braintree payment gateway in android application. To be more technical clear, take MASKEDWallet from google wallet and fetch all useful information from it and send it to braintree payment gateway for completing the purchase.
Please help.
I'm a couple of days into working on same, so this is devoid of technical specifics (more conceptual). Also I'm doing so on the "web" side of Wallet Instant Buy (not Android), though the concept of sending payment details through, and meeting (PCI) requirements, to your (any) credit card payment gateway should be the same.
Unless I'm corrected by a Googler:
You'll need to make a FullWalletRequest to obtain the "full wallet" which means the actual card details that you need to send to your gateway (card no, cvc/cvv, expiration, billing address etc.).
At which point, it wouldn't differ from any other/existing (gateway type) credit card processing.
At the end of the day, what Google Wallet Instant Buy does:
provide a merchant application (droid/ios/web) a "Virtual Onetime Card", which,
represents a Google Wallet user's real card stored in his/her Google Wallet account, therefore securing actual card details and scoping the transaction (because it's one-time)
I would think the only possible caveat is whether or not a gateway accepts such type of of card (" a MasterCard-branded virtual prepaid debit card")..unlikely that would be an issue (in US, which is where the API is limited to at this time...)....
Digressing a bit. The other caveat that comes to mind is if you employ some fraud screening service. You're given a "virtual card" (not the real card of a cardholder), so if your service uses/needs that information to come up with a risk score, then its something you need to account for...
Hth....
How can I tell from the stripe api -
A user has cancelled their subscription?
A user's credit card is no longer valid.
Is there anyway round having to call the stripe API every time the user logs in to check these facts?
Handling cancellations is purely the responsibility of your application—users don't have an interface to Stripe. If they're canceling, they're doing it through whatever account management system you provide. You should thus be tracking cancellations in your own database. Whatever database you're using, add a subscription status field and update it when a user cancels or re-subscribes.
As for tracking invalid cards, Stripe provides notifications of billing failures—and many other useful events—via webhooks. In most cases, if you're not implementing a webhook responder, you're working much too hard on your billing infrastructure. Stripe is built to push a wide variety of information to you; polling the API yourself is just overcomplicating things for most purposes.
I have a client who has content that he wants to publish on the web (and potentially for iPad). He wants the viewer to pay to subscribe for the content.
Is there a service out there I can integrate with to for handling the accounts and collecting the monthly subscription fee (using credit cards or something else)?
There are several services out there that can help you with this - Recurly (where I work), Chargify, CheddarGetter, Spreedly, etc. These services handle the recurring billing aspect, customer management, email communication, following up with failed payments, etc. You'll also need a payment gateway (to process the cards) and a merchant account (for the payment gateway to deposit the funds into).
Authorize.net and PayPal both have recurring billing features, but the logic for upgrading/downgrading accounts is not there or difficult to use, and you'll still need to handle customer communication for failed payments and other actions.
You need to use a payment gateway here, which will be responsible for handling the transaction between your site and the many different payment networks. There are a lot of operations happening in between, so you might want to check out the wikipedia article for a step by step information on that.
We personally use authorize.net in our company for many of its advantages, some of which are:
It has an API that makes it easy to integrate with any language.
It is a trusted brand already, proven by the number of merchants that use them.
It is secure.
It provides the service with a reasonable price.
Most of major payment gateway providers do support recurring billing or subscription plans, paypal,authorize.net etc, most of the time you have to log in to your account admin console and configure a plan, and send the payment plan id with the payment request to the payment gateway. some payment gateway providers, like Braintree supports to create recurring billing plans dynamically and assign users to that plan at the run time it self, how ever it's always better to go for a local payment gateway provider or a payment gateway which provides low fees, if your preferred payment gateway provider is not supporting recurring billing anther options is to store cc details on the server and and handle it your self but it's a great risk to store cc details on the server, and you will have to follow PCI standards and it's hard.