Related
I'm working on a project where we collect payments from users using credit/debit/PayPal payments.
The service is taking payments from users on behalf of a 3rd party organisation.
Once we take the payment, minus fees, we want to transfer the amount to the organisations bank account.
For now, what we can do is pay the organisation using Online Banking BACS bank transfer.
But I would like to know if there is a way to do this automatically using an API.
If we need to somehow register the 3rd parties bank account details before making transfers, this is fine.
We just want to automate the whole process, since at the moment the transfer is a manual step.
Are there any gateways or APIs I can use for this? In the UK?
As this is still un-answered I'll throw my hat into the ring.
For the benefit of non-UK users, the UK has a central clearing system called Bacs, which is run by the major banks in the country. However, companies can also makes submissions directly to that clearing system, by using Bacs Software.
There are a number of companies that sell on-premise and online services/APIs that allow you to send money directly via Bacs (and collect Direct Debits).
DISCLAIMER: I currently work for a software company (Bottomline Technologies) which sells a Bacs API - I won't mention the product name and to see alternative companies you can simply Google for 'bacs software api'
Hope this helps
You are going in the wrong direction. You should talk to payment processors (which may or may not include your bank) about the business considerations, which probably are more important than the technological considerations. Generally you can expect something somewhat reasonable that you will (after fiddling with it enough) be able to convince to work. It doesn't matter whether this involves some sort of api library, soap calls, or other communication method.
If you honestly consider having the technological considerations more important than the business considerations, then just go with Paypal and don't write your own shopping cart stuff at all. This is easier to use and will do more of the heavy lifting for you, but which will also probably charge you more.
Once you create a real shopping cart and start handling payments yourself (i.e. taking in CC information and sending it to a payment processor), you start getting into a mess of legal and technical concerns involving PCI compliance and the like, which will apply regardless of your choice of payment processor*.
*This is US-specific, but I bet the UK has something similar.
Ok, so I'm building "Web 2.0/3.0" sites to make extra money. I currently run my own personal project sites with some advanced technology in the backend (AI stuff, recommendation system) that I've developed over the years. It's a subscription site for me to make money on the side.
Now, my company (they do web application/software technology, ad network) somehow found out I run several websites. They were like, "Hey Joe, you run so and so websites! Why not put them on our ad network?? The stuff you're doing is a threat to our technology -- we don't want you competing with us on the side. Let us have your websites and put it on our portfolio/ad network."
Ok, basically it seems they want the rights to my technology and personal project. Somehow they must've googled my name and linked it to some projects I'm working on on the side. Is this ethical for a company to do? Trying to own my personal project since it's got some cool technology and trying to own the rights to it? Just because I work for the company doesn't mean I'm gonna make an offer to them, right?
You probably need to consult a lawyer. What were the terms of your employment that you agreed to when you were hired? Was there a non-compete clause? Was there a required disclosure clause?
Depends on your employment contract. Your contract might say something like "anything you do, while in the employ of company XYZ, be it during work or non work hours belongs to us". It's time to talk to a lawyer, not ask StackOverflow, this isn't a technology/programming question.
Ethical? Yes, why not. If you're putting stuff out on the web and they can find it via Google, then why shouldn't they? If you don't want people to find stuff you've done on the web then don't put it on the web or use a robots.txt to hide it from Google. It's not completely unreasonable for them to at least wonder if you may be using technology that you developed while you were working for them.
Legal--maybe so, maybe not. Depends on the employment agreement that you signed when you joined the company. I'd consult an employment lawyer for real advice rather than asking here.
They may have web logs that demonstrate that you were working on your private web sites during work time--if you did so. I'd be very careful in how I proceed if I were you.
check your contract, and/or your state laws and case precedents. Talk to a lawyer.
IMHO it is unethical for them to attempt to take your intellectual property without compensation, even if you have a 'all your codez are belong to us' kind of work-for-hire agreement. But talk to a lawyer, and be prepared to walk, get sued, and countersue, if necessary. Someone trying to steal your lunch money is a bully and a thief, but they may just have a legal claim.
Unfrotunately, this is not a joke. Talk to a lawyer right away.
If what you do in any way competes with what your company does or uses technology, intellectual property, information or contacts that you gained because of your employment with your company, then you may have issues and should check your contract and see a lawyer.
The other side is: did you ever work on your sites (and this can include sending emails and the like) your personal projects at work? If so, you may be in trouble there too.
IANAL so that's all I'll say on the legalities.
You need to consult a lawyer to get a definitive answer to this question. The answer might depend on your employment contract, and the laws in your locale. Don't rely on anything people say on the internet regarding legal matters.
Regardless of whether or not it's within their rights to do so, I think it's unethical and foolish of them to pressure you like this. I imagine they have just lost any employee loyalty you might have had.
I think a proper response could be, "if you think there's ad revenue potential in my websites, make me an offer that reflects their value, and I'll consider it." After all, you started those sites to make money, right?
But first talk to a lawyer, to be sure you're in a position to negotiate.
Well a friendly way to go about it, and that they should probably be willing to accept if they are a reasonable lot, is to buy/lease your technology. This way you can get a nice sum of money for your work (since you mentioned the purpose of this site was to make extra money in your question).
Otherwise (if its a pet project first and foremost) you might as well tell them in a friendly manner that you keep that site as a hobby, and you'd prefer to not share it if thats ok, unless they let you work full time on your and a cut in the earnings, etc... (something most people would love to do, work on their pet projects and get paid a stable salary for it).
As always first try to reason with the other party in a civilized and friendly matter, it'll likely make both parties happier, and it'll be better than taking the legal route most of the time.
I am Not a Lawyer, and the laws almost certainly vary by country/state/province. But if you are working on a side project on your own time, on your own equipment, using only your own network resources, etc., then in my opinion, they have no right to your work.
If you signed some sort of vague non-compete contract, or something that says all the stuff you do on your own time is theirs, then you have less of a leg to stand on.
Your best bet is to ask a lawyer, if there's enough revenue from your subscription base to justify it.
Consult a lawyer! Regardless of your contractual obligations, any company has a right to be concerned if one of their employees is running a direct competitor on the side, especially if they can demonstrate that you have access to privileged information which you are using to compete (knowledge of their technologies, marketing strategy, customers etc).
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
This question has been asked before (link) but I have slightly different requirements. First, I'm in Canada so that rules out Google Checkout and probably a few others. I just need a basic service that provides "Buy Now" functionality, no shopping carts or anything like that. The site isn't super high volume, so I'd like to avoid any site with crazy monthly fees. I also need the ability to setup "discount codes" (or whatever you want to call them) for special promotions. The site must also have some sort of payment notification service (IPN). I am currently using PayPal, but their lack of discount codes is really starting to restrict what I can do.
What have you used, or what would you recommend I investigate further?
I have used Beanstream in Canada. They provide a hosted service, where you provide a link to a custom Beanstream page in your site; they do all the payment processing and deposit the funds in your bank account. You can edit the checkout page to make it match your site, and create shopping carts or provide charges on a case-by-case basis. I know you said you don't need a shopping cart, but it is only $10/month more.
They also provide a gateway API if you want to accept credit cards yourself, but I find the hosted service far more convenient.
I've had good luck with eMetrix. Also I've heard good things about Plimus too.
Has anyone had any experience with eSellerate?
Plimus looks good, although I've heard some horror stories from the customers point of view related to their phone verification.
On TeamMentor we use Payflow Pro and have had a good experience with it. The SDK is straightforward and easy to use especially if all you need is a quick "buy now" option. They support international processing, although no paypal processing outside of the US.
I saw the usage of Moneris at a client site.
I have used the Payflow Pro and the Paypal Payments Pro. I found them easy to use from an API standpoint, although Payflow's php API worked well, it required a recompile of php and that meant less ease for patching our servers. After the server setup each was equally okay. The biggest drawback to using the Paypal products was the customer support and set up. Setup was a nightmare and the "salesman"/account rep that we dealt with was less than helpful.
Maybe You should add some details about Your requirements:
If sufficient, try bank transfers. They are not known or free in all countries and I do not know about Canada, but it is the best payment system in Europe: You just tell Your bank to transfer the money to the destination account.
Advantages:
Cannot be undone.
The customer has a proof of the payment.
Free of charge (most banks in Europe)
Disadvantage:
Cannot be undone ;)
The customer has to order his/her bank to transfer the money.
It takes up to three days before the money appears in Your account.
Do You need "instant" payment?
International payments?
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I didn't know I would be getting too many replies so fast. I can provide more details. It is definitely for use within the company. I was looking for some info on whether I should be more careful or anything to watch out for...
My boss is asking me to put some tracking info on what users do with their application. It is not about collecting sensitive data but there might be some screenshots involved and I am not sure if this is a breach of privacy.
Would love to hear any thoughts on this or if you handled something similar.
At work, there is no privacy. Think of it this way, if you work for a financial institution, or a government one, monitoring users may be the difference between keeping sensitive information secret and not. (I want my personal information kept private). They are paid to do work at work. If they are afraid about what they are doing is wrong, then they shouldn't be doing it.
A comment brought up a good point. If you are selling the product and spying on end users, that is totally different. That is highly unethical to take screen shots and report them back to the company. Actually where I work, we'd have you arrested for it if we found out. (yes, you'd be violating a federal law, and I guarantee we'd go after everyone and sort out the mistakes later.) That is a very slippery slope.
If you mean users at large, yes it's a breach of privacy.
If you mean users internal to your company (workers), then no -- there should be no expectation of privacy in the workplace.
Sometimes it is good to collect some metrics and will help in enhancing the user experience. Once, we were able to prove that a certain functionality was never used and we were able to remove support for it. For screenshots, you should be careful to take only the required window instead of a full screen.
If the application is used internally within your organization, and you have a corporate policy that states "no expectation of privacy" that has been communicated to and signed by your users then there is no issue.
Monitoring the actions of employees within a business in the US is very common practice.
Legal issues aside, do you want to work at a company that takes screenshots of your desktop?
Even if legal, this behavior is sure to drive away developers. Remember, in a bad work environment often the best developers leave first; they have the best job prospects.
Here's a corollary example: would you want your boss taping and listening to phone calls you made from the office? You don't give up every right you have just by cashing a paycheck.
Even if this screen capture methodology is legal, it certainly isn't ethical and will absolutely damage the morale of employees by demonstrating that they cannot be trusted.
It's just a bad idea. There have got to be better ways of accomplishing your goals than this.
Screenshots? If it's not opt-in, I'd say that's a pretty clear breach of privacy.
I made a simple CMS in PHP and I had to store all actions of users, but it's a completely different situation. In my opinion what is asking your boss is a bit out of privacy, especially if in your application you don't mention to the user this kind of behavior.
On a work machine? Absolutely; as long as the users know the extent to which they are being monitored. It's their choice to work for the employer, and they are using the employer's equipment.If you don't notify them that they are being watched, then that is kind of a "grey area"....depending upon state lawss, it may even be illegal - depending on what sort of information you are monitoring.
Something that would help on clarification would be is this an internal company application or something that will be on user's personal computers.
Typically when it comes to computers that are owned by the company, if the company decides to do monitoring, it is their choice. Disclosure of the monitoring is often encouraged in an effort to be open and honest, but is not mandatory. A user should not have any expectation of privacy when using equipment owned and managed by the company.
This is not just a matter of custom built applications, but also web browsing, email, phone conversations, etc. If you are using company resources then you are releasing your privacy.
If this is an application going to users outside of the company, then yes it is wrong without permission by the users.
That is greatly depending on the country you are in and what information you are collecting and what you do with it.
There is a huge difference between the US and EU for instance.
The Law, jurisprudence, union contracts and company policy (when not in contradiction to the above) are what determines what is acceptable.
If its for an internal app its completely ethical.
Beyond disclosing to all users that their use of the apps is monitored there is no other obligation of disclosure(excepting federal contracts and union contracts).
What is most important about capturing this kind of data is to focus on capturing the absolute least amount necessary - capturing screenshots of all open windows plus any adjacent data streams does in fact incur liability issues (think HIPPA) as well as producing a mountain of data that no one will ever look thru until a lawyer requests it with a subpoena and you're asked to go thru it and redact all Names, DOB, and SSNs in 160GB of data.
Seems this has already been answered, but it should be noted that there are countries where this is illegal, even at a place of work.
For instance, in Switzerland it is illegal to track which websites each user has been visiting.
Other than specific laws to the contrary, I would agree that it is acceptable to do, since there should be no reasonable expectation of privacy at the workplace. That said, informing the users is the right thing to do.
One other caveat, if the data you are collecting is sensitive enough that an attacker would have use of it (say, the screenshots include CC numbers), then you must ensure that this information is well protected. (I'm not referring to the user's information, but say the bank's clients' account details.)
If it is done without the user's consent, then it is definitely a breach of privacy. Even with the user's consent, it must be made clear exactly what information is being passed back. If the screenshot was to grab the whole screen, not just a window, then you could potentially get all kinds of private info.
Is this an internal app or a something for the public? If it's internal, it's not unethical, even if it's scummy, to monitor users.
If it's something for the public, in order to not be sleazy:
the user has to be able to opt-out
no personally identifying data can be collected
only data about your app (not screenshots of the entire screen) can be collected
It really depends on exactly what is being collected, the disclosure, and if the program could be opted out of. If that passes the smell test, then ensuring the reporting does not provide an attack vector and the data is appropriately safeguarded becomes your concern. If things seem shady get some written 'feature request' to CYA. The basic idea, if done right, is nothing new. Microsoft, for instance, does it with some of their products.
In a work environment, I think it is OK as long as all employees know that they may be monitored. I've seen places (Intuit was one) where employees are tracked all day. Not my cup of tea, however.
In government facilities, there is typically some sort of login screen that states that anything and everything done on that machine is subject to monitoring.
If these are applications that are run by the general public, I'd say that it better be crystal clear that you are collecting data on them. Personally, I'd rather not have programs 'phoning home' with info about my activities, boring as they may be.
If the client is external, this should be disclosed to the client. Actually, if the client is internal OR external, if you do not disclose it, it is totally unethical.
An employment agreement that states that there can be no expectation of privacy constitutes disclosure.
Screenshots? If it's not opt-in, I'd
say that's a pretty clear breach of
privacy.
you've opted-in by cashing your paycheck :)
as many indicated, informing the user is the best the company can do. Informing, not asking to Opt-In.
I would suggest reading:
Privacy. My interpretation is that people will expect some things to be kept private such as their personal information. By interacting with your sites, users are sharing information with you that you should be able to use but not distribute or abuse as if it was your own.
Screen shots is obviously the hot button issue here. While users entering information into a text input field are knowingly giving you information, screen shots go beyond what a typical user would expect and therefore should be disclosed to the user through a privacy policy.
Collecting anonymous usage should be doable without screenshots.
If your app collects any data that is meant to be protected by privacy laws, then you will have to treat the screenshots as containing sensitive information and protect them accordingly. Data protection laws are pretty strict in most countries.
Unless you have a really really small company, privacy laws vary a lot between countries, and the feature is probably more trouble than it's worth. In any country I've even lived in, that idea would never fly.
But don't ask a bunch of hacks on a site like stack overflow. Seriously, ask a lawyer.
I think the question is still a bit vague as to who is going to be monitored for what. From what I understand who'll be monitored are the end users who are using the application and the gathered data will be used internally. Assuming this is the case, I think, I can contribute the following answer:
If you are going to monitor end users to see how they are using your product, you are in human factors/user experience business and what you want to do is really an experiment. Doing such an experiment requires consent of the subject (the end user). In an academic setting (and I think the same goes for industry as well), there is an Institutional Review Board (IRB) which grants permission for such experiments. I believe in the industry scene there are similar organizations (just not sure what they are called). A request for permission for such an experiment is accompanied by a report which details the user experiment in a very specific manner. The IRB than decides whether to issue a permit or not.
The important point is the consent here and users should know about the experiment and agree to be subjects. I think, in the absence of a user consent the experiment is neither ethical nor legal. Again, I approached this based on an assumption and tried to summarize my experience in such experiments.
Collecting screen shots may be illegal even if employees are notified. This is an issue of local law and federal law. You haven't said which country you are in. In California, for example, monitoring screens might violate both workplace privacy laws and wiretap laws. You should get an opinion of your corporate attorney before implementing this.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 11 years ago.
Should be available to non-U.S. companies, easy to setup, reliable, cheap, customizable, etc. What are your experiences?
You can't really answer this kind of question with a "I like 'insert provide name here'" type answer because like so many things it is a balance and the reasons for choosing a payment processing solution tend to be complex.
Volume / Value
The most important factor in choosing a secure payment clearance service (the people who will connect to the banking networks and clear the money for you - will refer to them as SPCS) is how many widgets will you be selling at what cost. The pricing models of all the SCPS providers is based around this equation. This dictates the economics of using the service, which is nearly always the most important factor.
For example, in the UK securetrading.net have a large annual fee and high minimum transaction values (been a while since I've seen the exact numbers and they don't make it immediately obvious on the site, but this is for illustration only anyway) making it one of the most expensive solutions to use if you are selling high value low volume. Most smaller clients will fall into this model. High value is really anything over a couple of dollars. Low volume is typically anything less than tens of thousands of units per month. However, if you are running a donations service in the aftermath of an international environmental disaster (relatively low value very high volume) then they become one of the cheapest.
Factor in to this the setup costs (relatively high), and the cost to tie the service into the site (in SecureTrading's case it's very easy to do, but still a lot harder than adding a PayPal button) and you start to build up a true picture.
On the flip side, a service such as PayPal has very low setup costs (no fee to pay, and trivially easy to integrate), but relatively high transaction costs. It is great for high value / low volume transactions.
The Bank
There are two main categories of payment clearance service - Bureau and Bank Acquired.
In the UK at least NetBanx, SecureTrading and WorldPay offer both bank acquired and bureau services. ProtX and SecPay offer only bank acquired services. PayPal and its ilk operates slightly outside both definitions (see Protection below).
A Bank Acquired service plumbs into your normal banking merchant account and clears the funds straight into it. As well as charging you for this service, your bank will also take a slice, typically this is more than the SPCS provider will charge and so it actually is the bank that becomes the deciding factor.
Some banks will only work with their preferred provider. In the UK, most banks want you to have a separate Internet Merchant Account even if you already have a Merchant Account with them.
I always tell clients to shop around, as this will make a huge difference to how much their e-commerce venture can bring in. All banks are not created equal.
Bureau services effectively act as your bank at the same time as providing the clearance service. They were popular in a time when banks hadn't grasped the concept of the Internet and would prefer transactions be chiseled into stone tablets if they got their way. Often the choice between a bureau service and a bank acquired service is made for you based on circumstances.
Trading History
In many countries (including the UK), most banks won't give you a merchant account until you have been trading for a particular period of time (2 years in the UK). Your only option is then a bureau service.
Cash flow
Most bureau services will hold onto your cash as security against "charge backs".
If you sell me a Ferrari and I am horrified to learn that you've sold me a small metal toy rather than the 1.5 tonnes of Italian automotive passion I was expecting, I will complain to my credit card company who will refund me and then chase your merchant services provider for a refund. They will have to give them the refund and then chase you for the money.
It's therefore in their interests to hold on to your money for a period of 4-6 weeks to protect against this. If you sell services or goods with no capital outlay (software for instance), then you can afford this. If on the other hand, you really are having to pay your luxury car importer to provide you with stock, then cash flow becomes very important and you're going to need a bank acquired service where you can be paid immediately.
Protection
One major downside to PayPal and similar services is that it is not covered under the same regulations that govern credit cards.
Simply put, if you buy something on a credit card your card provider is liable for ensure you get what you paid for (broadly speaking, in most countries, does not constitute legal advice etc.) and if you have a problem with your purchase they will refund you very quickly and then will go and chase the person that you paid.
This is the kind of protection you hear about when Leo Laporte advertises American Express on his podcasts. It is a "Good Thing"TM. You don't have that protection with PayPal because when you use your credit card on PayPal, you are actually buying PayPal's service. So, even if you are mis-sold a product, the person you paid for the service (PayPal) didn't mis-sell, they provided the service you paid for. This breaks the chain.
PayPal don't have a legal obligation to protect you in the same way, and their record on refunding ripped off customers is less than spangly. I'm guessing they have "Caveat Emptor" writ large on the walls of their head office. :)
I'm not dissing PayPal, they are way ahead of the curve on many other security features, but just another factor to bear in mind.
End to end integration
Different services differ in their ease of integration. Oh boy do they differ. I'm sitting on some work right now to do an HSBC integration. I'd rather have a root canal. Some of the systems make big assumptions about the way you have to work with them, and are poorly designed or inflexible. Retro-fitting them to an active site can be very painful. Some of them are beautiful and easy to work with (and not necessarily less secure). The biggest difference is how you choose to integrate though.
Most services integrate by allowing you to redirect to a secure site where your customer fills in his / her details. They are finally redirected back to a page on your own site with the results of the transaction. This works well in most cases and is easiest to integrate.
When you buy something on Amazon, you don't get redirected to WorldPay, or PayPal however. If you want end-to-end integration, most services now will let the communication happen behind the scenes. Your own site has to have a decent secure server certificate of course, and the integration is necessarily more complex.
Reputation
It used to be that PayPal was used on dinky sites. You wouldn't catch Amazon using it. That perception has changed a lot, and in fact in some senses PayPal does security better than most. If your audience expects to see PayPal and you give them some other service then you may lose custom, or vice versa. These days many merchants offer a choice to customers.
UK Providers
WorldPay. Well established. Bureau and bank acquired. Relatively high transaction costs and annual costs. Fairly easy to integrate. Owned ultimately by Royal Bank of Scotland.
SecPay. Bank Acquired. Low per transaction cost and low annual cost and flexible payment models.
ProtX. Bank Acquired. Low per transaction cost and low annual cost, flexible payment models. Can be quite demanding to integrate.
HSBC. Bank Acquired. Low per transaction cost. High set up and annual costs. Very inflexible to integrate.
SecureTrading. Bureau and Bank Acquired. Low per transaction cost but high setup and annual costs. Was a doddle to integrate last time I used it (9 years ago!)
NetBanx. Bureau and Bank Acquired. Haven't used since 1996 so can't comment!
And of course PayPal, Google Checkout and Amazon FPS are well worth looking at and worth a whole answer on their own!
Summary
Told you it wasn't that simple! Usually, as developers, we're not in the position to choose for ourselves, and these decisions should be driven by the business needs of our employer / client.
Most e-commerce projects would start with PayPal or similar. When the business gets enough orders that they could save money by switching to another service, then they've got enough money to pay for the switch.
Disclaimer: I am UK based, and have performed many integrations with a whole slew of these services over the years, however the market changes all the time and things may have changed and your mileage may vary! I am not a lawyer or accountant, and if you take my advice it's not my fault :)
I'd say paypal or GoogleCheckout.
Google Checkout is either 2% + .20USD or free depending on how much you spend on adwords. If you spend a dollar on adWords, your next $10 on Google checkout is free.
Paypal is 1.9% to 2.9% + $0.30 USD (2.9% for up to $30,000/month, 1.9% for more than $100,000/month)
Without factoring in the 20/30 cents, Paypal is just barely cheaper if you sell more than $100,000 per month, and spend nothing on adwords.
http://www.authorize.net/ works well. This type of solution would allow your customer to enter his/her credit card directly.
I've been researching Google Checkout. If you require subscriptions (recurring payments) like I do - Google Checkout has it but it is still in beta. So depending on when you want to go live and your needs - you may want to use something else.
esellerate
if it is Digital stuff that you are selling, I recommend http://www.esellerate.net/ .
they have nice support for website payment, delivery of serial numbers upon sell and even have API so you can integrate the buying process into your application in case it is a desktop application.
Well by cheap do you mean processing fees or month fees? Also is this for micro or normal transactions? PayPal in my experience is an all around good choice because it offers both starter to professional level payment processing services that fit most needs.
I've looked at WorldPay and SecPay in the past; you need to know your onions to use them competently, I think - if you want really nice integration, at any rate.
Google Check-out isn't available to non-US companies. I didn't realize this until the last stages of my research, so I found it quite annoying (considering it was very easy to work with and very well documented).
Unfortunately in order to make things as convenient as possible for your end users, you're pretty much stuck with having to support Paypal. No one else comes close in terms of registered users.
I've used CyberSource in the past, and had a good experience.
They support several interfaces including SOAP, work internationally and have a pretty good web interface.
I'm not sure whether it's cheap though.
http://www.cybersource.com/products_and_services/global_payment_services/credit_card_processing/
Epoch is pretty large and available in US and EU:
http://www.epoch.com/en/index.html
I have no idea about their conditions though.
I'd have to go with paypal. I've used it in the past, and its really quite painless. All you need to do is create an account, and it's automatically available to you.
Try AlertPay, they have very competetive fees.
alertpay looks great low fees (compared with paypal), supports more countries , developers center