Good Article by 37Signals on Credit Card Processing
Posted by jonchase
Update: See the bottom of the post for some updates.
I was delighted to find this timely article by 37Signals on credit card processing. I’ve been facing the question of how to process payments online and it’s very helpful to hear reports from successful businesses in the trenches.
It’s noted in their approach that they are using Authorize.net as their gateway and Chase Bank for their merchant account. This bodes well, as I was already considering the same combination of gateway/merchant account - Authorize.net is the leading payment processor and Chase Bank sounds like a name I can trust:).
As for recurring payment processing, it also sounds like they are not using the recurring payments functionality of Authorize.net and instead just running a nightly job to take care of it. I’ve been looking at the recurring payments functionality provided by Authorize.net, but I’ve been slightly turned off by it because it looks like it would be tough to implement recurring payments using their API because of all the little business process exceptions (prorating months, etc.) that need to be handled. This gives me confidence that I can ditch the recurring payments API and just run a nightly job to take care of this aspect of the billing.
As for now, I recently had slated the implementation of SendAlong’s billing processing as part of my next two week iteration. However, I’ve been doing some thinking about this over vacation (the lines at Disney World give you a lot of time to think) and I’ve almost decided that I’m going to forgo automatic payment processing for the time being in the hopes of releasing version 1.0 earlier. I can handle the first few accounts on a manual basis (as long as Authorize.net or my merchant account provides an adequate web interface to do so) - this will minimize the wait for the 1.0 release and may give me more insight into what SendAlong’s billing system needs to do.
A couple other things to note:
- Credit card details are usually NOT stored by you, but instead held by the payment processor’s system (Authorize.net) - this is much safer and easier for you. The payment processor returns a unique token that can be used to identify that customer at a later date for more charging/crediting. You should probably store the credit card expiration date in your system if you’d like to proactively contact your customers to let them know their card will be expiring soon.
- Make sure to check the comments of the 37Signals post - there’s sure to be some good information in there too.
Update: After reading through the comments on the 37Signals post, I found that 37Signals actually stores all of the credit card information that they collect. This involves a fair amount of overhead, and from other readers’ comments, I can’t say I would recommend it for the average microISV. It also sounded like a few people are having good success with TrustCommerce’s Citadel.
Leave a Reply
Subscribe to Jon's Blog