If you’re going to be charging money for a product or service, you’ll probably want to give your customers the opportunity to use credit cards on your site. While the basic PayPal only route is always available, it’s not the most professional-looking approach sending customers to another url in order to complete a transaction. My friends, what you need is to start processing online payments the big boy way and get yourself ready to learn about payment gateways, merchant accounts, and safety.
Payment Gateway
A payment gateway is the application you’ll use to run your transactions through. Think of it as the machine used in stores to swipe a physical credit card. Gateways also provide other great services like allowing you to monitor transactions, authorize refunds, run reports, etc. For Wufoo, we went with Authorize.net because their API was extremely easy to understand, very friendly, and contained an interface that was relatively easy to use. Their prices are reasonable, and so far, their customer support has been fantastic.
Two competitors with some name recognition that we didn’t go with are Verisign and PayPal. I’ve heard good things about Verisgn, but their prices seem to be a little high and their Payflow Pro service allows for only 1000 transactions before charging an additional 10c per transaction. I don’t know exactly when we’ll be running 1000 transactions a month, but chances are I really won’t want to worry about it when we do.
Now, we did try to go with PayPal’s Website Payments Pro service since Ryan had experience with PayPal’s API for Treehouse Magazine’s checkout system. Lucky for us, PayPal initially rejected our application for some unknown reason and then accepted us mysteriously after we had the Authroize.net system already up and running. I say lucky because Authorize.net’s API turned out to be a lot easier, and as I’ll explain in the next section, ended up saving us some money too.
Merchant Account
After you decide on a gateway, you’ll need a merchant account, or someone who can actually process the credit card transactions. If it’s starting to sound tricky, don’t worry because obtaining a merchant account is easy. Authorize.net has a list of approved resellers for you to choose from. We went with United Bank Card because they had a respectable-looking web site, a solid reputation, friendly customer service reps, and competitive pricing. The application process consisted of filling out and faxing some basic business information and waiting a couple days for approval. Once approved, they provide us with an Authorize.net login and transaction code to get our store up and running.
Some vendors such as PayPal are all-in-one solutions and provide a merchant account along with a payment gateway. This might seem more attractive and less of a hassle, but tends to come at a cost. With Paypal, you’re charged between 2.2% to 2.9% plus .30c per transaction. With the merchant account/Authorize.net combo, you should be able to negotiate somewhere around 2% plus 20c per transaction. All of the merchant account providers are selling the same product, so don’t be afraid to haggle a little. In the long run, every cent counts.
Be Safe
If you’re going to be processing credit cards, make sure your credit card transactions are as safe as possible. To help out, here are some links to get you started on securing your transactions.
Godaddy SSL - You’re going to want SSL and Godaddy has great prices and top notch customer service to get you through it.
Authorize.net Security WhitePaper - “Maintaining tight security, including using both standard and advanced fraud detection and prevention tools, is crucial to maintaining a successful business. No merchant can afford to overlook the need for protection against fraud and other types of abuse. This document details tools and security best practices that are recommended to merchants for detecting, preventing, and managing online transaction fraud.â€
Visa Cardholder Information Security Program - When customers offer their bankcard at the point of sale, whether its over the Internet, on the phone, or through the mail, they want to be sure that their account information is safe. That’s why Visa USA has instituted the Cardholder Information Security Program (CISP). Mandated since June 2001, CISP is intended to protect Visa cardholder data-wherever it resides-ensuring that members, merchants, and service providers maintain the highest information security standard.
Cautious Advice for Accepting Online Payments - Great article by Duncan Davidson on accepting online transactions.
Thanks for the great information. A few questions:
For your monthly subscription charges, do you have to store credit cards on your side and then submit those to their API every time you need to charge a customer? Or can you tell the API it’s a subscription and you’re hands free from there until someone cancels/upgrades their plan?
Were there setup fees for your merchant/gateway accounts?
Very informative info - some day ill get into online transactions - when i learn more about it.
Awesome write-up. I’m currently working on an online store for our apparel line and am going to go with Authorize.net because I like their API and pricing isn’t bad. I still need to pickout a merchant though ;-).
While on topic, any word about Google Checkout? I’m still going to use Authorize.net, but being Checkout is new and they have an API with code samples and all that jazz, I’m interested in what it has to offer. Takes less percentage then PayPal too. Have you heard anything about it? Does it require users to be registered with Google first before making a transaction? Thanks!
I haven’t tried out Google Checkout yet, but if anyone has, I’d love to hear about your experiences.
Thank you very much, i was looking for this kind of topic for my future icon shop.
Joe,
It looks like Authorize.net handles the storing and processing of customer data through a process they call Automated Recurring Billing.
See this quote:
“Improve Security - Eliminates the need to store sensitive data on computer systems, reducing the risk of compromised customer information.”
From this page:
http://www.authorize.net/solutions/merchantsolutions/merchantservices/automatedrecurringbilling/
Great info. If I would have found this simple explanation of eccommerce, I would have saved months of stress a couple of years ago. We use e-xact and Moneris for our processing, and have a heck of a time reconciling our bank account at the end of each month. This is probably the #1 pain we experience with online payments. We are looking to move to a new system that simplifies this. Currently we are looking at TD Online Mart / Beanstream. Has anyone had experience with them?
I work for a payment gateway company based in Tulsa, OK and this article will be very helpful for those who do not understand the merchant account aspect of accepting payments online. Great article!
I have been using google checkout for about 2 weeks now (signed up the day it came out I think). It’s great. My only complain is that it’s geared toward selling set priced items (such as dvd’s, movies, etc) and I like paypal because you can just send someone a specific amount of money vs. having to use a checkout button.
However, the interface is very clean and alot less confusing than paypal. It takes less than 5 minutes to sign up and there are no confirming accounts like paypal.
Google checkout is very cheap to, they have a 2% + .20¢ per transaction fee, which is one of the lowest I’ve ever seen.
I spoke with a rep at Authorize.net just this week regarding their support of recurring payments. I found out that while they do allow recurring payments through their “virtual terminal” they don’t allow them through their API.
That is, the only way to set up a recurring payment is for the merchant/developed to log in to the Authorize.net website and manually enter the info or manually convert a previous transaction into a recurring one. Obviously, this isn’t an option for those that want an automated solution. The only other option I see is to store credit card information for future processing, but that opens up all sorts of security problems.
Other gateways (like VeriSign PayFlowPro and TrustCommerce) however, say they allow recurring transactions through their APIs or allow the merchant to store a customer’s credit card info on the gateway’s servers through their APIs for later “referenced” transactions.
If anyone knows of a solid way of processing recurring transactions through the Authorize.net API that I’m missing, I’d love to hear it!
Ben, I’m doing the same research… It’s weird that authorize.net’s rep says this because reading their SIM doco here: http://www.authorize.net/support/SIM_guide.pdf
They have a x_recurring_billing flag you can set on the transaction you send them. I’m going to try sending them an email about it.
Dan
Hey Dan,
I too thought the same thing about x_recurring_billing a while back. We had a client that requested recurring payments each month of the point of membership signup. We soon learned that with Authorize.net, the x_recurring_billing field actually is pretty pointless and I believe is simply just something to say, “Hey.. this transaction is supposed to be recurring.” You’ll notice that you can set that flag, but you can’t set any amounts, timeframes, or anything for the recurring. So…
Ben’s got it straight where the only method of recurring payments with Authorize.net, that I know of atleast, is going into the system and adding a recurring payment manually. It’s a pain.
Brian and Ben - thanks…..Authorize.net confirmed this via email as well.
Guess I’ll be forced to look elsewhere. Anyone using TrustCommerce for recurring billing?
Dan
Dan,
I’ve used TrustCommerce for recurring billing, and I’ve also used them for storing CC info for future billings. They have a great product with great service, and I recommend them (based on my experiences with them) in my e-book on building e-commerce apps with Ruby on Rails at http://www.agilewebdevelopment.com/book/.
Hey Folks I have been researching this for my company for the past few days and its been frustrating. My company does reoccuring billing but the dollar amounts change every month. So far the only company who has had an even remotly capable system is Pay Simple. They will allow me to upload the updated information through excel. Every other company wants me to manually change the amounts for all 1000 customers. If anyone has any advice I would love to hear it.
I’ve just found http://www.shopify.com. I love it.
I am just a you can say newbie so I may write something stupid, in that case please delete this post :) I think the only benefit paypal has is that it covers a large number of courtries, including india, and others such as authorize may sound cost effective for US and Canada but might not be the case for Australia and England, I dont know if authorize even support other countries besides US and Canada. well I am from Pakistan so even paypal is not for me :(
I have heard good things from fellow coaches regarding PracticePay Solutions. http://practicepaysolutions.com/ma_rates.php They do offer an autorecurring option, but not clear if this would cover your requirements.
While TrustCommerce can do recurring transactions with the API, it’s far more expensive than most authorize.net solutions.
For my app, I can’t justify the cost of Trust yet - so auth.net is fine until I have a ton of transactions to worry about.
Everyone needs a hug.
We have a subscription program where we store customer data on a secure server and process charges for our customers each week based on the product selection they have signed up for. We use Authorize.net. My question is: Does anyone know of any study or information on the best day of the week or month or (week in a month) to process the credit cards to get the most successful approvals on the transactions?
It is a great article about what happens with online paying by credit cards. The major problem of this issue is transaction security but using the card in a properly way this thing can be warranted.
If you want a strong recurring payment API and/or Virtual Terminal - consider the Cybersource Small Business Package from either Wells Fargo or Bank of America. They include a recurring payment engine for free in their already well priced gateway. You can get the same thing from CYBS themselves. You can also store the credit card information at CYBS and change prices through the API or the Virtual Terminal using the On-Demand features. Prices are easily comparable to Auth.Net and in some cases cheaper. Most important - their system uptime is better than Auth.Net or TrustCommerce.
I just wanted to create an API program for recurring billing subscription in Authorize.net. In the sample code of Authorize.net, there is only one variable is sets for recurring billing, ie. x_recurring_billing. I think there is no use with it in the program. If any can help me, I’m greatful to you?.
Thanks.
Everyone needs a hug.
Thanks for an idea of article. Hope for continiose partnership.
Everyone needs a hug.
Good piece, thanks for putting it together!
Am just posting a followup, as the stated amount that Authorize charges does not seem accurate.
The article above says $5.00 / month and .05 / transaction, but the application they sent today (October 12 2006) specified a $299 setup fee, $20 / month and .10 / transaction. Adding fraud protection is an additional $5 / month, but there’s no clear indication it would work outside the U.S.
Found this site looking for a gateway that could address match internationally. Currently on YourPay but they only do U.S.; we sell a fair amount overseas (Europe & Japan, mainly, but other countries as well), would be nice not to get that “Potential Fraudulent Activity” email every time someone from the E.U. buys a guitar…
I am looking to set-up aompany as a payment processor. Can someone help me on how to go about this. The company is well backed financially. Thanks!
pdeconti@assurantgs.com
Everyone needs a hug.
I am looking for a gateway that allows store the customers information for me to access and just use an identifier in order to fill all the credit card or debit card information in every transaction.
miguel.palizada@extendsolutions.net
I recently wrote an article that follows the same basic outline here, but focuses on the details of Ruby on Rails and the Active Merchant plugin. Hopefully it can be of use to anyone getting started:
Processing Credit Cards with Ruby on Rails
(sorry for the dupe, with a working link this time)
I used PaySimplefor my credit card processing because of their robust functionality both through their gateway interface and their API. Credit Cards, eChecks, recurring billing, storing customer info and charging multiple times via a customer ID#…it has it all. Very competitive pricing too.
PayPal Pro drove me nuts with all their limited functionality in order to get lower rates.
BTW - LOVE the Wufoo forms!!!
Question for author, Chris Campbell. You said that you used Authorize.net as a payment gateway. From reading comments I found that Authorize.net does not accept recurring payments. How do you deal with recurring transactions?
What is the best solution if you have BAD credit and don’t want to apply for a merchant account with credit check? Paypal does not run a credit check but the merchant can not put the customers credit card information in. Is there ANY online merchant account that allows the merchant to put in the credit card info without a credit check?! pls
Everyone needs a hug.
Everyone needs a hug.
Everyone needs a hug.
Everyone needs a hug.
The Google checkout is a great system but it lacks the recurring feature which a ton of businesses need. I found a true merchant account without any monthly fees that includes a ton of fraud prevention features like Verified by Visa, etc. It has a bit higher transaction fees than Google, but with built in support for recurring transactions and a true merchant account, it is the way to go. I have been using CDG Commerce for a few years now, and I have had a great experience with them. CDG Commerce Promo
I would vote for Google checkout and PayPal. First stands for its name and develops trusted applications fast. Second is probably the oldies service provider and that means experience, extended network and capabilities. However the most important is a consumer - the more options consumer have the more satisfied he/she will be. So the bottom line is I would install both in my site. Julius
I have been investigating on the net on how to operate transactions online without credit card, but with a debit card accepted wherever visa is accepted i do no know is somone can help me to locate a trusworthy company making it possible for those who have no credit card to pay in advance and have a credit card to be use on any web site ny contact
any one with paypal account or cc in full
Everyone needs a hug.
I need some problem solving questions on credit card transactions. I am a business maths student
I need to ask how to register in marchant account and what is your charges and how i access my marchant account if i develop my credit card base website. what is you exactly charges of per transaction?
can you pl. suggest me the link i can get on comission for online sales for processing credit cards?
i am looking for credit card processors with fast transfer of processed funds