Context
Me and my team are developing solutions to allow merchants with an online store to more easily deal with in store payments.
At the moment we are also considering the option to develop our own POS terminal integration (based on off-the-shelf EMV L1&L2 Certified rebranded terminals) to give a more coherent user experience to our customers.
On our online solution we support recurring payments using Stripe as our payment gateway therefore we would like to extend this option to physical stores as well.
Of course we could make it possible in the same way we do for online customers but we would like to make the payment experience as similar as possible to the one customers have when purchasing a one time payment product.
Questions
Can a POS terminal setup recurring payments?
Maybe through some trickery that allows to authorize a payment on the spot but capture it in a second moment?
End if it isn't possible and we have to rely on Stripe for this:
Is it legal to capture from an ordinary reader (without special specifications) information as Card Number, Card Holder end expiration date from a card magnetic stripe or other medium to prefill those fields?
I'm not talking about storing those information of course, just reading them to more easily add this card to Stripe.
Thank you in advance and any quality material or alternative suggestion is welcome.
A general answer is that it is possible to initiate original transaction over POS channel and issue subsequent transactions in another (like recurring ecom). The original transaction needs to perform strong cardholder authentication and its details (Transaction ID / TraceID from authorization response) have to be indicated in subsequent authorizations.
What you are describing is referring to features and services offered by one of the companies. You should refer to their support for answer if they support it and what are conditions to do it.
My problem:
Currently in my project it's required to keep a payment in an uncaptured state for more than 7 days which is the maximum for stripe.
What I came up with atm:
I see that it can be done by remembering customer's card (using stripe's api for this of course), creating an uncaptured payment, refunding it when the 7-day period comes to an end and creating it again until we choose to finally capture it.
I guess this 'hack' will be used only once per a payment as usually we have to hold the payment for about 10 days.
Questions:
Are there any pitfalls besides that a customer will see a second payment?
Any other ways to handle this?
Thanks in advance :)
So we ended up sticking to this method described in the question, but #korben's point is true, it's still hard to handle because even if a bank can release the funds fast, we still don't know when exactly does it happen as stripe can't inform us when the customer actually got his money back whether it's two minutes or two days.
It still works for us, because the payment is not that big and happens in person, so customers can choose whether they want to give a deposit in cash or use this method which seems more comfortable.
For context (because I was recently solving this problem and came across this thread), a number of websites recommend if you have a payment that wasn't captured within seven days, then cancel the order and create a new one. For example, Shopify recommends this and the authorization expiry date is displayed on the Orders page.
However, for all of the reasons #korben mentioned, it's best practise to avoid holding authorizations for over 7 days. Additional fees are also charged when collecting charges after the standard authorization period (depending on the issuing bank of a credit card).
I'm working on a project where we collect payments from users using credit/debit/PayPal payments.
The service is taking payments from users on behalf of a 3rd party organisation.
Once we take the payment, minus fees, we want to transfer the amount to the organisations bank account.
For now, what we can do is pay the organisation using Online Banking BACS bank transfer.
But I would like to know if there is a way to do this automatically using an API.
If we need to somehow register the 3rd parties bank account details before making transfers, this is fine.
We just want to automate the whole process, since at the moment the transfer is a manual step.
Are there any gateways or APIs I can use for this? In the UK?
As this is still un-answered I'll throw my hat into the ring.
For the benefit of non-UK users, the UK has a central clearing system called Bacs, which is run by the major banks in the country. However, companies can also makes submissions directly to that clearing system, by using Bacs Software.
There are a number of companies that sell on-premise and online services/APIs that allow you to send money directly via Bacs (and collect Direct Debits).
DISCLAIMER: I currently work for a software company (Bottomline Technologies) which sells a Bacs API - I won't mention the product name and to see alternative companies you can simply Google for 'bacs software api'
Hope this helps
You are going in the wrong direction. You should talk to payment processors (which may or may not include your bank) about the business considerations, which probably are more important than the technological considerations. Generally you can expect something somewhat reasonable that you will (after fiddling with it enough) be able to convince to work. It doesn't matter whether this involves some sort of api library, soap calls, or other communication method.
If you honestly consider having the technological considerations more important than the business considerations, then just go with Paypal and don't write your own shopping cart stuff at all. This is easier to use and will do more of the heavy lifting for you, but which will also probably charge you more.
Once you create a real shopping cart and start handling payments yourself (i.e. taking in CC information and sending it to a payment processor), you start getting into a mess of legal and technical concerns involving PCI compliance and the like, which will apply regardless of your choice of payment processor*.
*This is US-specific, but I bet the UK has something similar.
It would be very useful to have feedback on the various API and services that let you bill the customers, so it's possible to compare :
Security;
Quality of API;
Commercial reliability;
Number of languages that can use it;
General usage of them;
Ease of set up;
Economic price;
Technical price.
I thinking here of course of PayPal, Google Checkout but bank credit card based systems as well.
Braintree (and to some extent, other lesser payment gateways)
Pros
You're in complete control of the billing system
You can do more complex payment setups
Widely supported for multiple programming languages; ActiveMerchant support
Some of the best support you'll ever see for e-commerce
Cons
You probably have to deal with PCI DSS security compliance
Potentially a lot of extra work (which may very well still be worth it)
Google Checkout
Transaction Fee: 2.9% + $0.30
Pros
Very low transaction processing fees
Fantastic if you're already using Google for advertising
Google handles a lot of the messy stuff involved in billing, like chargebacks
There's now support for subscriptions (in beta though)
Cons
Google's API is different enough from other systems that you usually have to use a library specifically designed for Checkout (e.g., no ActiveMerchant support)
Paypal
Transaction Fee: 2.9% + $0.30
Pros
Widely understood API; tons of stuff available for dealing with it
Essentially supported by everything
Cons
Lots of people are very vocal about not wanting to do business through PayPal due to bad experiences
Neutral
Tends to be popular with the young adult demographic who don't have credit cards and with eBay users
Amazon FPS
Transaction Fee: 2.9% + $0.30, lower for bank accounts and balance transfers
Pros
Probably your best bet for micro-transactions
A good choice for payments for physical goods
Cons
I don't know enough about the system to say for sure
If you want to accept credit/debit card payments online, you're going to need two things:
an Internet Merchant Account (a business bank account which can accept such payments; there's usually quite a bit of business compliance, risk and anti-fraud attached, but if you're a serious business with an existing business account, talk to your bank)
a Payment Services Provider (who provide you with, for example, an API or a hosted checkout solution, and who act as the go-between for your web site and your IMA, which will typically only provide very limited options)
There is, of course, a fast growing trend of alternative payment services; PayPal, Envoy, MoneyBookers, Neteller, uKash, etc. Those are definitely worth exploring, because they tend to provide a certain degree of risk-free/guaranteed payment, and they dramatically widen the numbers of customers you can reach - think in terms of people who aren't old enough to have cards, or who aren't able to get them due to debt problems or the like.
Perhaps the easiest combination is to find a Payment Services Provider who can handle the whole lot - set you up with an IMA (or rather, underwrite your risk with a bank so they'll be happier to give you one), provide payment processing services, maybe a bit of fraud protection and risk management on top, chargeback management, and then handle all those possible payment methods, including things like 3D Secure (Verified by Visa/Mastercard SecureCode) which can be a real headache to integrate with.
If you're going to be getting into the business of handling online payments, even if it's just an occasional thing, then you'll need to knuckle down and do a bit of serious research into what you need, what you don't need, and what you're willing to pay, 'cause payment service providers obviously charge for this stuff, and it'll be a serious business partnership.
For once, Wikipedia seems to have an appallingly lightweight list, so you may want to Google "payment services provider".
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 11 years ago.
Should be available to non-U.S. companies, easy to setup, reliable, cheap, customizable, etc. What are your experiences?
You can't really answer this kind of question with a "I like 'insert provide name here'" type answer because like so many things it is a balance and the reasons for choosing a payment processing solution tend to be complex.
Volume / Value
The most important factor in choosing a secure payment clearance service (the people who will connect to the banking networks and clear the money for you - will refer to them as SPCS) is how many widgets will you be selling at what cost. The pricing models of all the SCPS providers is based around this equation. This dictates the economics of using the service, which is nearly always the most important factor.
For example, in the UK securetrading.net have a large annual fee and high minimum transaction values (been a while since I've seen the exact numbers and they don't make it immediately obvious on the site, but this is for illustration only anyway) making it one of the most expensive solutions to use if you are selling high value low volume. Most smaller clients will fall into this model. High value is really anything over a couple of dollars. Low volume is typically anything less than tens of thousands of units per month. However, if you are running a donations service in the aftermath of an international environmental disaster (relatively low value very high volume) then they become one of the cheapest.
Factor in to this the setup costs (relatively high), and the cost to tie the service into the site (in SecureTrading's case it's very easy to do, but still a lot harder than adding a PayPal button) and you start to build up a true picture.
On the flip side, a service such as PayPal has very low setup costs (no fee to pay, and trivially easy to integrate), but relatively high transaction costs. It is great for high value / low volume transactions.
The Bank
There are two main categories of payment clearance service - Bureau and Bank Acquired.
In the UK at least NetBanx, SecureTrading and WorldPay offer both bank acquired and bureau services. ProtX and SecPay offer only bank acquired services. PayPal and its ilk operates slightly outside both definitions (see Protection below).
A Bank Acquired service plumbs into your normal banking merchant account and clears the funds straight into it. As well as charging you for this service, your bank will also take a slice, typically this is more than the SPCS provider will charge and so it actually is the bank that becomes the deciding factor.
Some banks will only work with their preferred provider. In the UK, most banks want you to have a separate Internet Merchant Account even if you already have a Merchant Account with them.
I always tell clients to shop around, as this will make a huge difference to how much their e-commerce venture can bring in. All banks are not created equal.
Bureau services effectively act as your bank at the same time as providing the clearance service. They were popular in a time when banks hadn't grasped the concept of the Internet and would prefer transactions be chiseled into stone tablets if they got their way. Often the choice between a bureau service and a bank acquired service is made for you based on circumstances.
Trading History
In many countries (including the UK), most banks won't give you a merchant account until you have been trading for a particular period of time (2 years in the UK). Your only option is then a bureau service.
Cash flow
Most bureau services will hold onto your cash as security against "charge backs".
If you sell me a Ferrari and I am horrified to learn that you've sold me a small metal toy rather than the 1.5 tonnes of Italian automotive passion I was expecting, I will complain to my credit card company who will refund me and then chase your merchant services provider for a refund. They will have to give them the refund and then chase you for the money.
It's therefore in their interests to hold on to your money for a period of 4-6 weeks to protect against this. If you sell services or goods with no capital outlay (software for instance), then you can afford this. If on the other hand, you really are having to pay your luxury car importer to provide you with stock, then cash flow becomes very important and you're going to need a bank acquired service where you can be paid immediately.
Protection
One major downside to PayPal and similar services is that it is not covered under the same regulations that govern credit cards.
Simply put, if you buy something on a credit card your card provider is liable for ensure you get what you paid for (broadly speaking, in most countries, does not constitute legal advice etc.) and if you have a problem with your purchase they will refund you very quickly and then will go and chase the person that you paid.
This is the kind of protection you hear about when Leo Laporte advertises American Express on his podcasts. It is a "Good Thing"TM. You don't have that protection with PayPal because when you use your credit card on PayPal, you are actually buying PayPal's service. So, even if you are mis-sold a product, the person you paid for the service (PayPal) didn't mis-sell, they provided the service you paid for. This breaks the chain.
PayPal don't have a legal obligation to protect you in the same way, and their record on refunding ripped off customers is less than spangly. I'm guessing they have "Caveat Emptor" writ large on the walls of their head office. :)
I'm not dissing PayPal, they are way ahead of the curve on many other security features, but just another factor to bear in mind.
End to end integration
Different services differ in their ease of integration. Oh boy do they differ. I'm sitting on some work right now to do an HSBC integration. I'd rather have a root canal. Some of the systems make big assumptions about the way you have to work with them, and are poorly designed or inflexible. Retro-fitting them to an active site can be very painful. Some of them are beautiful and easy to work with (and not necessarily less secure). The biggest difference is how you choose to integrate though.
Most services integrate by allowing you to redirect to a secure site where your customer fills in his / her details. They are finally redirected back to a page on your own site with the results of the transaction. This works well in most cases and is easiest to integrate.
When you buy something on Amazon, you don't get redirected to WorldPay, or PayPal however. If you want end-to-end integration, most services now will let the communication happen behind the scenes. Your own site has to have a decent secure server certificate of course, and the integration is necessarily more complex.
Reputation
It used to be that PayPal was used on dinky sites. You wouldn't catch Amazon using it. That perception has changed a lot, and in fact in some senses PayPal does security better than most. If your audience expects to see PayPal and you give them some other service then you may lose custom, or vice versa. These days many merchants offer a choice to customers.
UK Providers
WorldPay. Well established. Bureau and bank acquired. Relatively high transaction costs and annual costs. Fairly easy to integrate. Owned ultimately by Royal Bank of Scotland.
SecPay. Bank Acquired. Low per transaction cost and low annual cost and flexible payment models.
ProtX. Bank Acquired. Low per transaction cost and low annual cost, flexible payment models. Can be quite demanding to integrate.
HSBC. Bank Acquired. Low per transaction cost. High set up and annual costs. Very inflexible to integrate.
SecureTrading. Bureau and Bank Acquired. Low per transaction cost but high setup and annual costs. Was a doddle to integrate last time I used it (9 years ago!)
NetBanx. Bureau and Bank Acquired. Haven't used since 1996 so can't comment!
And of course PayPal, Google Checkout and Amazon FPS are well worth looking at and worth a whole answer on their own!
Summary
Told you it wasn't that simple! Usually, as developers, we're not in the position to choose for ourselves, and these decisions should be driven by the business needs of our employer / client.
Most e-commerce projects would start with PayPal or similar. When the business gets enough orders that they could save money by switching to another service, then they've got enough money to pay for the switch.
Disclaimer: I am UK based, and have performed many integrations with a whole slew of these services over the years, however the market changes all the time and things may have changed and your mileage may vary! I am not a lawyer or accountant, and if you take my advice it's not my fault :)
I'd say paypal or GoogleCheckout.
Google Checkout is either 2% + .20USD or free depending on how much you spend on adwords. If you spend a dollar on adWords, your next $10 on Google checkout is free.
Paypal is 1.9% to 2.9% + $0.30 USD (2.9% for up to $30,000/month, 1.9% for more than $100,000/month)
Without factoring in the 20/30 cents, Paypal is just barely cheaper if you sell more than $100,000 per month, and spend nothing on adwords.
http://www.authorize.net/ works well. This type of solution would allow your customer to enter his/her credit card directly.
I've been researching Google Checkout. If you require subscriptions (recurring payments) like I do - Google Checkout has it but it is still in beta. So depending on when you want to go live and your needs - you may want to use something else.
esellerate
if it is Digital stuff that you are selling, I recommend http://www.esellerate.net/ .
they have nice support for website payment, delivery of serial numbers upon sell and even have API so you can integrate the buying process into your application in case it is a desktop application.
Well by cheap do you mean processing fees or month fees? Also is this for micro or normal transactions? PayPal in my experience is an all around good choice because it offers both starter to professional level payment processing services that fit most needs.
I've looked at WorldPay and SecPay in the past; you need to know your onions to use them competently, I think - if you want really nice integration, at any rate.
Google Check-out isn't available to non-US companies. I didn't realize this until the last stages of my research, so I found it quite annoying (considering it was very easy to work with and very well documented).
Unfortunately in order to make things as convenient as possible for your end users, you're pretty much stuck with having to support Paypal. No one else comes close in terms of registered users.
I've used CyberSource in the past, and had a good experience.
They support several interfaces including SOAP, work internationally and have a pretty good web interface.
I'm not sure whether it's cheap though.
http://www.cybersource.com/products_and_services/global_payment_services/credit_card_processing/
Epoch is pretty large and available in US and EU:
http://www.epoch.com/en/index.html
I have no idea about their conditions though.
I'd have to go with paypal. I've used it in the past, and its really quite painless. All you need to do is create an account, and it's automatically available to you.
Try AlertPay, they have very competetive fees.
alertpay looks great low fees (compared with paypal), supports more countries , developers center