Good Article by 37Signals on Credit Card Processing
Update: See the bottom of the post for some updates.
I was delighted to find this timely article by 37Signals on credit card processing. I’ve been facing the question of how to process payments online and it’s very helpful to hear reports from successful businesses in the trenches.
It’s noted in their approach that they are using Authorize.net as their gateway and Chase Bank for their merchant account. This bodes well, as I was already considering the same combination of gateway/merchant account – Authorize.net is the leading payment processor and Chase Bank sounds like a name I can trust:).
As for recurring payment processing, it also sounds like they are not using the recurring payments functionality of Authorize.net and instead just running a nightly job to take care of it. I’ve been looking at the recurring payments functionality provided by Authorize.net, but I’ve been slightly turned off by it because it looks like it would be tough to implement recurring payments using their API because of all the little business process exceptions (prorating months, etc.) that need to be handled. This gives me confidence that I can ditch the recurring payments API and just run a nightly job to take care of this aspect of the billing.
As for now, I recently had slated the implementation of SendAlong’s billing processing as part of my next two week iteration. However, I’ve been doing some thinking about this over vacation (the lines at Disney World give you a lot of time to think) and I’ve almost decided that I’m going to forgo automatic payment processing for the time being in the hopes of releasing version 1.0 earlier. I can handle the first few accounts on a manual basis (as long as Authorize.net or my merchant account provides an adequate web interface to do so) – this will minimize the wait for the 1.0 release and may give me more insight into what SendAlong’s billing system needs to do.
A couple other things to note:
- Credit card details are usually NOT stored by you, but instead held by the payment processor’s system (Authorize.net) – this is much safer and easier for you. The payment processor returns a unique token that can be used to identify that customer at a later date for more charging/crediting. You should probably store the credit card expiration date in your system if you’d like to proactively contact your customers to let them know their card will be expiring soon.
- Make sure to check the comments of the 37Signals post – there’s sure to be some good information in there too.
Update: After reading through the comments on the 37Signals post, I found that 37Signals actually stores all of the credit card information that they collect. This involves a fair amount of overhead, and from other readers’ comments, I can’t say I would recommend it for the average microISV. It also sounded like a few people are having good success with TrustCommerce’s Citadel.
Enjoyed this post? Click to get future articles delivered by email or get the RSS feed.
We don’t recommend using Authorize.Net. We’ve had to spend over an hour trying to reach a human customer support agent.
I agree with your recommendation, especially for small business. There’s not going to be a savings with going with Authorize.net, and like you said, customer support isn’t going to be as good as a personalized company’s, like Braintree.
Actually, I just realized I didn’t include Braintree in this blog when I wrote it. I’ve used them in the past and they are excellent – great customer service, friendly, attentive, good prices, etc. Check them out if you’re looking for someone to process your credit cards for you: http://www.braintreepaymentsolutions.com/
Jon – thank you for the kind words. We’ve enjoyed working with you as well.
Bryan Johnson
Braintree