Planning an online startup is tough. There’s many aspects to take care of and most of them can ruin your business, when left overlooked. If you’re monetising through online purchases, your whole business model will depend on your payments processor.
There are currently over 70 popular possibilities. What criteria should you be looking for, apart from their popularity and fees? I’ll shortly detail the aspects I found most important when implementing online payments for our projects.
You get what you pay for
Stripe is charging 2.9% +30¢ per transaction, Braintree is charging 1.9% + 30¢ per transaction (at the time of this writing), and other providers have even lower or higher prices. As long as it works, you should just go with what’s cheapest, right?
One online marketplace we built in the past was planned using Barclaycard payments, mainly because our client specifically asked for it (he managed to negotiate a 0.6% fee per transaction). Barclays is a huge bank in UK, and it seemed like a great deal. So what could go wrong? Oh, boy, so many.
Their usage documentation was so short and unclear, we had to call them several times so we could understand how to integrate their API. It took them 3 days to send us another documentation which wasn’t even publicly available on their website. As sample code, they provide ~50 lines for three old programming languages, which just confused us more. Their admin dashboard was lacking and they were only offering a simple, naive solution for one time payments.
In comparison, Stripe offers a documentation so vast with examples for their purchase flows, it takes a while for your browser to just load it. Unlike Barclaycard, it also offers mature open source SDKs for most popular programming techs out there, which greatly reduces the lines of code required for integrating their payment solution.
Another issue we had was the lack of community support for encountered bugs. This is because Barclaycard is unpopular among developers. Anytime we had a bug with our payment provider, we were on our own. If we were using Stripe or Braintree instead, most of our issues would have been solved with a simple Google search. Barclaycard ended up costing him more in software development time than Stripe would have costed in increased fees.
Get approved first
When we were ready to go live with RecoveryMT, we received a short email from Braintree telling us our business was refused for their live payments, with no further explanations. That small piece of text meant we had to delay our release schedule and reimplement all online payment flows. Luckily, Stripe accepted our business in the next few days and we were set back by only one week.
Payment service providers can reject you for any reason, and they might not even explain their decision. So making sure your business model complies with their terms and conditions is not enough. Make sure your business model gets approved by the payment processor before integrating their API into your product, so you’ll never risk reimplementing your online purchases.
Data leaks happen even to big guys. Marriott leaked 327 million of customers’ personal info, Equifax leaked credit card numbers of 209.000 users, Uber exposed the driver license numbers of 600.000 drivers, Sony’s Playstation leaked 2.2 million credit card numbers, Urban Massage exposed 309.000 customer’s personal info and thousands of complaints of sexual misconduct.
For approximately 327 million of these guests, the information includes some combination of name, mailing address, phone > > > number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival > and departure information, reservation date, and communication preferences. For some, the information also includes payment > card numbers and payment card expiration dates.
And the list goes on (and it’s pretty big). Despite being serious issues, you rarely hear of them because these companies do their best to keep the stories hidden.
Ok, we get it, data breaches happen and exposing customers’ credit cards is a huge legal and PR hassle. So how can you protect yourself from the possible event of a data breach? You can lower the chance of it happening by having an insanely good hiring process. A simpler method is to never send or store credit card information in your backend, and many payment service providers allow this.
Using this method, your customers’ financial information can only be leaked by your payment processor, and you will not be held responsible for it. Always double check that your clients’ raw card information never go through your backend, and avoid any payment provider that’s forcing it to.
Plan for the future
So your payment provider seems great for your current needs. There are other great options available, but they’re charging a bit more for some features you don’t need right now anyway. Not choosing them must be a no-brainer, right? Well, it depends.
Do you plan on supporting recurring payments in the future? If so, does your chosen payment processor support recurring payments?
What about becoming a marketplace later on and automating all payments between buyers and sellers in your platform? Stripe connect and Braintree marketplace allow this, but what about your payment processor?
Choosing your provider should also depend on all possible directions your business might take in the future. Implementing other purchase flows later on unnecessarily increases development time and costs.