
Stripe: instant payment processing for developers - pc
https://stripe.com
======
markbao
Stripe pretty much takes payment processing kicking and screaming into 2011.
Merchant accounts are a _serious_ drag. I've opened a few and they've been
nothing but headaches (especially if you're young—nobody trusts you.) Couple
that with getting a gateway account, dealing with credit checks, monthly fees,
monthly minimums, slow people in the payments industry, PCI compliance...

Stripe takes payments and put them behind a simple API. No crappiness and 1099
rules of PayPal. No more reconsidering the meaning of life like back when I
had a merchant account. The only downside I see is the 7-day rolling batch
(deposit to bank), versus the nightly batch from the merchant account, though
I assume that is for fraud protection.

Maybe if you're charging millions of dollars, you should use a regular
merchant account. If you aren't, I'm telling you now: don't even bother with a
merchant account. Just use Stripe.

~~~
barrydahlberg
I would love to see someone drag it kicking and screaming outside of the US.
:(

~~~
DaveChild
Also, it would be nice if there was somewhere I could drop my email address to
be notified when Stripe makes it to the UK.

~~~
iambot
Third'd (i reckon stripe should set up a UK notification email/landingpage)

------
physcab
Stripe is a game changer. I've been using it for a few months and honestly its
the best API I've ever used. The documentation is clear and concise. Its
customized to your account so you can literally copy and paste and see the
result. Just like it says, it gets out of your way. I was up and running and
accepting recurring payments in less than an hour or so. I actually began to
think of larger "swing for the fence" type of ideas that I would have never
considered if I were stuck to using Paypal because it was so painless. Looking
forward to them eating every other payment processor's lunch.

~~~
CeiII
Anyone know whether they used a documentation tool to generate the 'example on
right' style pages? E.g.
<https://stripe.com/api/docs?lang=python#delete_customer>. It's very clean.
The general layout and feel of the API doco is great.

~~~
boucher
It's mostly just a custom thing I wrote. The CSS is mostly taken (with
permission) from Jeremy Ashkenas' sites (see Backbone, CoffeeScript, etc.)

~~~
sgolestane
Navigation menu doesn't work in IPad.

~~~
boucher
I think it's fixed in iOS 5, but yeah not an ideal answer.

------
swilliams
"You don't need a merchant account or gateway."

That's a killer feature right there. I've been considering using Braintree for
a project, but seeing this is really making me reconsider.

~~~
seldo
As a beta customer, not having to deal with 95% of PCI and merchant accounts
etc. really made a huge difference to how fast we got going.

~~~
davidcuddeback
Sure, but other companies, e.g., Spreedly, let you outsource PCI compliance as
well. This is the first I've seen that let's you get away without having a
merchant account.

~~~
boucher
We're abstracting away the problem of having a merchant account, because we
generally believe there are too many complex moving parts.

~~~
dsrikanth
Wow! This feature is what I was looking at. Glad to have something processor
that doesn't need me to have a merchant account. Sweet!

------
marcamillion
Been a beta user for a while, and I love their Ruby API. I used to use
Braintree...while they were a good merchant account provider - it was overkill
for what I needed.

I much prefer only paying when I make money. I don't NEED a merchant account.
I just need to be able to collect money from my customers in an automated way.
Stripe makes that relatively easy.

Their API has a quick feedback loop, where you can execute a transaction from
the command-line very quickly (for Ruby anyway...I imagine it would be the
same for other languages).

Their support is also awesome - could be because they only had beta users. But
either way, awesome service so far and much better to deal with than a
'traditional' payment solution for those webappers out there (in my
experience).

Not affiliated with the company in anyway, other than a customer.

------
flixic
US only. Well, I kind of knew it before even hitting FAQ.

A bit of a rant here, but it's crazily difficult to do so many interesting
things when you don't live in top-20 country (Lithuania here)

Stripe? Nope.

BrainTree? Nope.

Recurly? Nope.

Something else... Likely, Nope.

And so, the only way to get paid is to deal with some of the most expensive
and oldest gateways and merchant accounts.

Oh, and:

Hulu? Nope.

iTunes? Nope, but we do have App Store.

Netflix? Nope.

Spotify? Nope.

Pandora, Rdio, ... Nope.

...Amazon? Mostly nope.

And so, the only way to buy or stream media is to buy CDs and DVDs for crazy
prices.

Sigh. Rant is over.

Stripe, I know that may take years, but please, don't forget the little guys.

~~~
pmjordan
Have you looked into incorporating in the UK? It's probably quite a bit of
hassle up-front but should solve this type of problem. Unlike in many (most?)
European countries, incorporating a limited company in the UK is pretty cheap
and straightforward in itself.

~~~
knotty66
I don't see what incorporating in the UK would buy you. Payment processing
here is a total clusterfuck.

------
psadauskas
Their signup process threw me for a loop. You just click into the dashboard,
then fill in a name and password later. It looks like just visiting the front
page gives you an account, because the sample code is already using some
generated API tokens.

I've considered doing something similar for my own side project, but went with
the more standard sign up because I was worried it would be confusing (as it
was to me, for a few minutes). Do you guys think this is becoming more
mainstream, at least amongst developers and the tech-savvy, that other
projects could get away with this? I'm curious how many support requests
Stripe gets because of this.

Edited to add: How does this work for the non-logged-in state? I already have
an account, and the browser cookie expires (or manually delete the cookies).
I'll go to the dashboard, and be logged in as "anonymous", and have to sign
out and sign in again as the right user. Seems like an extra incongruous step.

~~~
boucher
Yeah, it does sometimes confuse people. This is something we're considering
about changing (the flow worked differently when we were invite only), but we
thought it was worth experimenting with a little longer.

Mostly, I think it depends on the type of app you have. For something like 280
Slides (a previous project I worked on), it makes a lot of sense to get
started right away without having to sign up. We'll see how things go for
Stripe.

~~~
monological
This is extremely confusing. Thought it was just a test account. Left
depressed because I couldn't sign up.

~~~
axx
yep, i thought the same.

------
almost
US only at the moment. Anyone know if they have plans for the UK? I would
dearly love to say goodbye to PayPal forever.

~~~
boucher
We're definitely working on expanding to other countries. There's no definite
timeline just yet, but it's one of our top priorities.

~~~
keeran
I've held off developing / launching a few small biz ideas because of the
state of payment providers in the UK - ready and waiting to help you test when
you're over here :)

~~~
Silhouette
I concur entirely (and have spoken with my MP about it).

However, as far as I can tell, anyone using any of the more established "big
name" billing services to collect payments for a UK company is almost
certainly breaking at least one law on a "your business is at risk" scale.
Stripe would have to be very special to do better.

The usual culprits are VAT (I have yet to find a billing service that would
actually allow a UK business to comply with its basic statutory requirements
on this count, including several that claim to support VAT) and privacy
(exporting personal data, such as names and credit card details, outside of
Europe requires certain guarantees, which again I don't think would be met by
any of the services I've looked into so far). I imagine quite a few businesses
are getting away with using these services and not meeting their obligations,
but personally I wouldn't want to operate with that sort of risk, particularly
now Business Record Checks are becoming big news.

Stripe does seem to have a fairly clean API, but on the flip side, it also
seems very limited in features next to some of the more established
competition, so maybe it's just horses for courses. Again, I know that none of
the other billing services we've considered this year even got close to
supporting the _basic_ charging model we wanted, never mind all the bells and
whistles we've been considering, and if you wind up having to do a bunch of
financial legwork yourself, these services start to look like very poor value
for money pretty quickly.

IMHO, what small businesses in the UK really need is for the government to
stop hassling banks about lending lots of money (sometimes useful, but not to
many of us) and just get them to provide basic services like card payments in
a sane manner: no multi-month waits to get up and running, directly comparable
charging structures on some standard basis, transparent migration of customer
card data between all the vault services without causing a PCI nightmare so
there is genuine competition in the market, and so on.

And then I woke up. :-)

~~~
tablatom
I don't see the problem with VAT. Just keep rack of where your customers are
and pay the VAT on those in Europe. Where does the payment processor come into
it? If you owe VAT then pay it.

~~~
Silhouette
It is not as simple as that, at least in the UK, and the fact that so many
payment services seem to think it is explains why any UK business relying on
them for payment processing is probably breaking the law.

There are all kinds of rules on disclosure of VAT registration details on
invoices, sequential numbering of VAT invoices (across an entire company) for
audit purposes, etc. Any payment system that doesn't integrate with other
company procedures to meet these basic statutory obligations _can't_ be
sufficient.

~~~
speleding
I have an online business selling globally operating out of the EU and I now
know more about VAT than I care too. I agree that the rules can get quite
complex but as far as I can tell the payment processor does not need to be
able to do anything special other than the ability to store/display the
required information with each transaction (date, sequential invoice number,
and VAT number in the case of a B2B transaction). You can just put that in a
free format field (in PayPal for example), that's all they would need to add I
think.

Sure it would be nice if they stored tax (multiple rates possible on one
invoice!) and VAT numbers in a separate field, it would be even nicer if they
validated the VAT numbers for you, or the buyers location, but it can all be
done outside the payment processor.

~~~
Silhouette
Indeed, but you do need to be able to store and display that information in
the right places.

As you say, technically invoices are supposed to record the VAT against each
line item, because the rates can be different for different types of
product/service.

Regarding the serialised invoice numbers, if you as the merchant are having to
keep track of such things then you're still doing some of the tedious work so
the value of outsourcing the billing process is lessened. I agree that it
might be viable to record the extra information in a separate field for one-
off transactions, if the billing service allows that kind of annotation on
transactions and your systems can generate the appropriate number taking into
account any other sales channels you're also using.

Even then, for subscription services that renew automatically, there would
need to be some robust mechanism for the billing service to "claim" the next
invoice number when they collect a scheduled payment. Perhaps some of these
services could cope with this, but I have yet to see one personally whose
documentation explains how to set it up using their APIs and callbacks. And if
you get to the point where you have to handle scheduling regular subscription
payments on your in-house system to account for this, again you're defeating
the point of outsourcing the billing in the first place.

IME, it doesn't take long before you have to do so much in-house anyway that
you might as well do the lot and save yourself a signficant overhead and the
additional risk/dependency of involving another organisation in your billing
process. This sort of processing is tedious but not rocket science, so if you
can't just wrap _everything_ up and shove it out to a specialist service,
avoiding having to go near that sort of stuff in-house at all, I just don't
see how the cost/benefit of these services is going to make them attractive to
a business here in the UK. YMMV, of course.

~~~
speleding
Agreed, there are no services offering recurring payments (in Europe anyway)
that do the whole thing, and I would love to outsource more if I could since
billing is a nuisance that just detracts so much from the actual business. We
currently use PayPal but that doesn't even allow you to pro-rate subscriptions
when up- or downgrading. I noticed in the API docs that stripe.com at least
has that one covered already.

------
Sthorpe
Stripe, recently saved me. I am still fighting with my merchant processor
*First Data who is awful. I talked to Stripe via Sean Harper with FeeFighters
and I was up and rolling in 20 minutes. Yes, Jaw drop fast. Most payment
processors require at least two weeks to be setup. Their UI/UX is beautiful
and simple. When I need help I get it immediately. I love this company. :)

------
Erwin
I'm not sure about avoiding PCI compliance so easily. You're embedding their
JS library on your page. That page has to be secure, otherwise if someone can
inject malicious Javascript they can sniff the CC data as soon as they are
entered.

You might not be storing the data on your servers, or transmitting the data
directly, but security failures in your setup can cause the data to be leaked.

Compare this to sending the user to an external website via a redirect that
lets the user at least verify that they're really talking to PayPal or
whoever.

~~~
tptacek
PCI is absolutely schizophrenic about this point, and right now embedding your
provider's form within your own same origin domain is kosher with them.

You're right if you're thinking it shouldn't be.

~~~
Silhouette
> You're right if you're thinking it shouldn't be.

Why do you think it should not? AFAIK, doing so exempts you (legitimately)
from much of PCI DSS that applies if sensitive data hits your network, but
does not automatically exempt you from the rest.

Are you concerned that someone will be able to compromise the page on your own
server so it no longer embeds the payment service's form correctly, and then
capture card data that way?

~~~
tptacek
The exemption you are talking about is not legitimate, because of the way
browser security works.

~~~
Silhouette
Perhaps you could elaborate, rather than posting vague innuendo about "how
browser security works"?

What specific danger do you see in the embedding scenario that could not arise
anyway if the host system were compromised sufficiently to interfere with the
embedded material?

~~~
m0nastic
I'm obviously not tptacek, but I take his statement to mean that currently,
PCI finds the following scenario acceptable:

You have a site that takes payment info. Rather than process that information
directly and store it you decide to use a service like this to silo out
payment processing. This keeps your main environment outside of the scope of a
PCI audit (as the only systems in scope for PCI are systems which either
process or store payment card information).

You are now not under any obligation to ensure that your application isn't
riddled with security vulnerabilities, including vulnerabilities like cross-
site scripting which would completely undermine the security of using a third-
party javascript library to handle payment processing. This isn't some sci-fi
scenario either, I see this every day in the applications I test (mostly
e-commerce and online banking applications).

Using the library hasn't introduced any "new" vulnerabilities into your
environment, but it has given you an opt-out to actually trying to have a
secure system.

He seems to take exception to the fact that PCI doesn't see any problem with
this. It's basically a loophole to continue to deploy hole-riddled
applications that once hacked, you can say "We are PCI compliant, what are you
gonna do."

This gives credence to the people who argue that PCI isn't really a security
standard, but just a way to shift blame after a breach.

~~~
Silhouette
I'm not disagreeing with your example, but isn't that a much wider problem?
After all, _any_ business or individual can set up a web site, stick an
official-looking form on it, and harvest card details. They don't need any
sort of payment processing infrastructure to do that, and clearly nothing PCI
DSS says can protect against all malicious strategies for compromising card
details.

My understanding was that the parts of PCI DSS we're considering were intended
to cover carelessness where a legitimate business collects customer details
but then leaves them vulnerable due to internal security failings. If the
details don't hit the internal network, _those_ failings can't happen, so it
is reasonable to exclude them from the scope of the corresponding parts of PCI
DSS.

Beyond that, I'm not sure I see any difference between the embedding scenario
and the common practice of redirecting to a payment service's own web pages
when a customer reaches a certain point in the order process. If you're
exposing a vulnerability that lets an attacker compromise the embedding, they
can almost certainly compromise the redirect in the equivalent case as well,
and in reality it is unlikely that most customers would notice even if there
were clues to give away the attack in some cases.

I'm also not sure what you mean by keeping your main environment outside the
scope of a PCI audit. For the payment gateways we've been looking at that
offer both hosted and embedded integrations, it is common that the hosted one
has minimal audit requirements but the embedded one comes with certain audit
obligations for your web site even if you're relying entirely on their system
to handle the card details.

Now, if this isn't a mandated practice in PCI DSS, then I do see your point;
I've always assumed it is, since everyone we've looked into seems to do it,
but in fairness I haven't just looked it up today. However, if that is part of
PCI DSS then in fact sites using the embedding strategy are subject to more
rigorous scrutiny than those that simply redirect, even though essentially the
same attack vectors are probably available for both.

~~~
tptacek
If you're a single XSS vulnerability away from transparently capturing credit
card vulnerabilities, but there is no requirement anywhere in PCI DSS that
your application be in any way hardened against XSS vulnerabilities, all PCI
DSS has done is move the target slightly.

~~~
Silhouette
I completely agree, I'm just wondering how that's any different to any other
hosted integration.

Perhaps I misunderstood your original point as being too specific to the
embedding situation. Would you apply the same criticisms to the other common
integration strategy based on redirects?

If your intended point was that any legitimate business taking credit card
details via their web site should be subject to at least some basic level of
audit, then I think we are probably in agreement (though I do have a thing
about card companies imposing security rules on merchants but then trying to
leave merchants with all responsibility for any fraud anyway, which is a
totally one-sided deal).

[Edit: As an aside, I'm not sure how this would work in a case where the
merchant is using an end-to-end solution, which Stripe seems to be, and has no
direct relationship with any other financial services. Presumably the
responsibility then has to fall on the payment service, which would have to
impose some sort of reasonable audit procedure on all of its clients?]

~~~
tptacek
The disconnect I perceive here is that you seem to hope there's some technical
solution that can factor out an unhardened storefront from a hardened payment
processor. That would be nice, but I don't think it can be done today.

Fortunately for developers, PCI's response to this problem seems to be "LA LA
LA I CAN'T HEAR YOU".

~~~
Silhouette
> The disconnect I perceive here is that you seem to hope there's some
> technical solution that can factor out an unhardened storefront from a
> hardened payment processor.

On the contrary, I don't believe that can be done effectively within the
architecture we have today. I just don't believe it can be done effectively
for hosted integrations that redirect to the service provider either, so I
don't see that the embedding approach is any worse than what was already in
widespread use.

Moreover, given that it is unrealistic not to provide hosted payment services
(since the overheads of doing everything in-house are prohibitive for almost
any small business), I think the only useful response is to impose some basic
level of audit on any site that is integrating with an external card payment
system. But now you're more into economic/commercial/legal arguments than
technical ones, because you have to consider what level of oversight is
reasonable (given that any fool can set up a fraudulent site regardless of
what you do, how much extra burden is it really sensible to impose on
legitimate merchants), how it can be enforced (particularly if the site
visited by the end user has no direct legal/commercial relationship with the
card services companies), and whether there is a sensible balance between
functionality/security and actually being able to operate in the first place
as a merchant (which is a balance that the UK currently gets absurdly wrong,
though I don't think the scenario we're discussing is why).

------
wylie
In Patrick Collison's presentation at Startup Bootcamp last weekend, he really
brought home the social impact that a payment processing company can have in
the third world. Even though it's US only for now, this team has huge goals
and the experience and vision to back it up.

Their goal is to abstract away the complexity of payments, especially
internationally. I wish them luck, and can't wait to use it.

------
adriand
This looks really, really nice. Support for Canada would be wonderful and
pretty much essential for me to be able to use it. The other thing I'm
wondering about is ACH payments - will Stripe handle those; if not, is it
planned? Also, would Stripe be suitable for a card-holder present situation,
e.g. if you wanted to use it for web-based point of sale software?

~~~
boucher
We don't handle direct transfers between two ACH accounts yet, but it's
something we're thinking about and planning for down the road.

As for point of sale applications, Stripe isn't really optimized for that.
Have you checked out Square?

~~~
seiji
ACH payout to multiple endpoints would be killer (think App Store type 70%
payouts to users).

On another note, your markup is doing some strange things:

;var MrchComponent = Component.extend({});var MrchComponent =
Component.extend({});var MrchComponent = Component.extend({});var
MrchComponent = Component.extend({});var MrchComponent =
Component.extend({});var MrchComponent = Component.extend({});var
MrchComponent = Component.extend({});var MrchComponent =
Component.extend({});var MrchComponent = Component.extend({});var
MrchComponent = Component.extend({});var MrchComponent =
Component.extend({});var MrchComponent = Component.extend({});var
MrchComponent = Component.extend({});var MrchComponent =
Component.extend({});var MrchComponent = Component.extend({});var
MrchComponent = Component.extend({});;var SideboxComponent =
Component.extend({});var SideboxComponent = Component.extend({});var
SideboxComponent = Component.extend({});var SideboxComponent =
Component.extend({});var SideboxComponent = Component.extend({});var
SideboxComponent = Component.extend({});var SideboxComponent =
Component.extend({});var SideboxComponent = Component.extend({});var
SideboxComponent = Component.extend({});var SideboxComponent =
Component.extend({});var SideboxComponent = Component.extend({});;var
RecentPaymentsComponent = Component.extend({});var RecentPaymentsComponent =
Component.extend({});var RecentPaymentsComponent = Component.extend({});var
RecentPaymentsComponent = Component.extend({});var RecentPaymentsComponent =
Component.extend({});var RecentPaymentsComponent = Component.extend({});

~~~
boucher
Heh, indeed it is. This is part of a web framework we're using right now that
lets us push code updates to the page, but it just appends content. We're
reworking how a lot of this works right now.

------
sabalaba
I saw this on the front page and had to upvote-- I've been using Stripe since
early June and can say that it is the best payment platform to develop on,
period. It's just lightyears ahead in terms of development time, PCI
compliance issues, and overhead. Not only that, but the guys at Stripe are
_extremely_ responsive to customer service questions and issues.

These guys are trustworthy professionals and gentlemen.

------
kloncks
Amazing product. We're building an eCommerce platform (<http://www.kout.me>)
and have been building our payments on top of stripe.

Very amazing concept and something that we've needed for a long time. The best
thing is the developer focus behind it; it's clear from the beginning that
this came to fruition with fellow developers in mind.

------
PedroCandeias
I know this has already been stated and it doesn't add much to the discussion.
However, I feel it's important to add my little two cents just so the Stripe
team (and others in the same space) can hear it (again):

Please, please, PLEASE make a payments solution like this available outside
the US. Europe, for instance, still lives in the dark ages as far as online
payments are concerned and has plenty of startups who would jump at the
opportunity to use Stripe.

------
david5342
Sounds nice, but the bottom line for me is that a typical $47 credit card
sale, which always costs me $1.33 at PayPal, would cost me $1.66 at Stripe.
Not much difference, true, but discouraging. I have no need of a fancy API,
either--PayPal lets me specify the basics and fire off a simple Post from my
PHP code. PayPal takes care of receiving financial information so I remain
clean. Just my experience; yours may vary.

~~~
dangrossman
That's much how I feel as well. I accept credit cards and PayPal, and pay 2.2%
as well. Stripe gets added to the bookmark collection for "services to use
should I ever have a problem with PayPal" (which, knock on wood, won't ever
happen -- my account is 11 years old now).

------
whichdan
I'm comparing payment processing options for a very straightforward SaaS app.
I was heavily leaning toward Braintree, but Stripe and Samurai seem
easier/cheaper. Is there a strong reason to go with Braintree? I'm not sure if
having my own merchant account makes a big difference.

The pricing for 1,000 monthly users looks (roughly) like:

(edit: I did the % based on $9/transaction)

Stripe: $329/mo @ $3,948/yr

Samurai: $358/mo @ $4,296/yr

Braintree: $487.90/mo @ $5,854.80/yr

~~~
saikat
We work directly with Wells Fargo on our backend to make sure you end up with
all the normal benefits of a merchant account (the money will be held in your
name, you will be able to put whatever you want on your customers' credit card
statements, etc.). We just want to abstract the whole process here --
basically, putting you on the account or accounts that makes the most amount
of sense so you can start processing immediately and then continue processing
at high volume.

~~~
whichdan
Very cool. Is there no underwriting process then? That seemed to be one of the
biggest steps in getting setup with Braintree.

~~~
anurag
There is quite a bit of screening/evaluation behind the scenes, but one of our
goals is to not have legitimate businesses worry about any of it.

------
andrewingram
Even though the credit card details never hits the webserver of the host site,
does the fact that the fields are on the site rather than in a secure iframe
not mean that there's still a PCI issue? Namely that if a malicious party
manages to find a way to inject javascript into the page they can read any
form field they want, regardless of whether it's being submitted elsewhere.

This was true of Braintree (the form posts to a remote url rather than to a
server run by the site), how does Stripe alleviate this issue?

~~~
boucher
If someone injects javascript into your page, nothing you do will matter --
you are compromised.

This is why your site has to be served over SSL (to prevent MITM attacks), and
why you should be careful about what third party content you embed in your
site. In particular, you should never embed a non SSL resource on an SSL page
(also known as the mixed content warning in most browsers).

~~~
andrewingram
But say you have a untrustworthy employees (it happens), as long as they have
the ability to deploy code, they can compromise your site. So my question is,
to what extent can a solution like Slice (or Braintree) truly alleviate the
PCI burden, surely you'd still need a record of who has the ability to deploy
code, audit trail for deploys etc.

Obviously you should be doing all this stuff anyway. I guess the point I'm
making is that solutions like this make great claims about their ability to
solve all your PCI woes, and I'm wondering about the extent to which this is
actually true. PCI compliance is (normally) quite expensive to achieve, so
your solution is obviously very attractive. But is it enough?

~~~
mikey_p
>But say you have a untrustworthy employees (it happens),

Well that's still a PCI requirement, but many more of their requirements
wouldn't apply (i.e. rendering stored PAN unreadable, etc).

When in doubt: <http://www.youtube.com/watch?v=xpfCr4By71U>

~~~
boucher
Rumored cost of this video is over 1 million dollars.

------
rumpelstiltskin
My only concern is that Stripe will be such a hit that they'll be bought out
by someone like Paypal. Which would suck since the point was to move away from
Paypal to Stripe.

------
alexcoomans
Been playing with the API as a beta tester and the docs truly were written by
devs. Clean, concise, and gets straight to the point, and they have example
code in multiple languages. Plus some really awesome customer support -
overall Stripe really rocks.

------
weixiyen
Best API ever for a payments processor - period. It literally takes a couple
hours to set up begin collecting payments. If I could buy some shares right
now I would. I've convinced 2 people to use it and both are in love. This
startup is money.

------
pingswept
I mean this as a serious question: when Stripe has 10,000 customers next year,
why will they be less capricious and infuriating than Paypal?

Is there a fundamental difference, or does Paypal just have a ~15-year history
of sucking, while Stripe doesn't?

~~~
anurag
Good question.

A lot of PayPal's issues stem from the draconian fraud measures they need to
employ to handle user-to-user payments. Our business and fraud problems are
fundamentally different because we don't support this use case.

Additionally, we've been really careful to grow slowly, and to make sure the
experience for our users remains great. We've been in invite-only mode for
well over a year before opening up today, and intend to monitor (and, if
necessary, limit) our growth so that this doesn't happen.

We'd rather be small than suck.

------
PStamatiou
We've been using Stripe for Picplum.com since the middle of the summer. These
guys are insane -- they saw an error before we even did and emailed us saying
they were working on fixing it. Top notch team.

------
BSousa
First, I wish the folks from Stripe all the best, and the only thing I hoped
was International companies support.

But as anyone tried Saasy (<http://saasy.com/>) ? They are the subscription
service of Fastspring. They don't require a merchant account and support
international vendors. While I haven't tried them yet, when I used non-
subscription payments they were the best (www.fastpring.com). They are also
very well regarded by indie developers so their subscription service may be
quite good.

------
seanstickle
Does Stripe allow delayed payments? That is, people put in their credit card
details, Stripe authorizes the card but doesn't capture the amount charged,
then we can approve/decline the transaction, and then Stripe can capture or
void the transaction?

We have a situation where we need, for legal reasons, to verify that people
giving us money are allowed to do so, and we really don't want to have to
reverse the charge after the fact if we find out they're not eligible to pay
us.

Otherwise, the system looks great, and I want to use it right now.

~~~
boucher
We don't support what's typically known as separate auth and capture in the
payment industry (though we may in the future).

Typically, we recommend just capturing the card information by attaching it to
a customer object, and then making a charge later. If you're charging a really
high amount, or for some reason need a 100% guarantee that the charge will
succeed, then right now you'll have to make the charge and then issue a refund
in your situation.

~~~
jtheory
Note, though: when you refund the charge, the fees you paid aren't refunded to
you.

This was the one downside of Stripe for me, vs. PayPal (though it's pretty
minor -- I only have a handful of refunds a year... but I offer them all the
time, and I've always liked feeling free to do that).

------
ryanwaggoner
What about lock-in? This is awesome for getting started fast, but what happens
when you have 100,000 subscribers and you want to switch to Braintree or
someone to get some better pricing?

~~~
boucher
We don't like lock in either, and we'll never use it as a business tactic. If
you want to move your stored credit cards to another provider, we'll help you
out in doing so.

It's a bit tough to make this obvious, because we can't automate it
unfortunately. PCI requires that we work directly with the environment that
we're sending your data too, to ensure the transfer is also secure.

~~~
ryanwaggoner
Best answer, thank you.

------
acabal
Man... I literally just bit the bullet and opened a merchant account and
gateway at Auth.net last week, and the second I do, FeeFighters comes out with
their own superior gateway, and Stripe launches. Talk about bad timing for me
:(

~~~
martin1b
Makes 2 of us. Just finished integrating with Auth.Net. Yep, bad timing IF
this is as easy and secure as everybody says.

------
robflynn
Congratulations on your official launch. I've been using Stripe for a while
now and have chatted with several of you in the campfire room. You have always
been extremely helpful, no matter what wildass time of the night I may decide
to poke my head into the room.

I have nothing but good things to say about your service.

Thank you.

------
debaserab2
I'm guessing that the target audience is solo developers that don't qualify
for the volume discounts that every other payments vendor/gateway offers.

As lovely as this API looks, not offering a volume discount is a complete
dealbreaker for my business. There's no way I could justify eating an extra
~1% per transaction just so my API integration goes more smoothly and I don't
have to deal with the headaches of a merchant account (and while I would call
that process anything but smooth, I don't seem to have the awful experiences
of some of the commenters here -- just chance, I guess).

The cost/benefit to a business that does any significant volume online just
isn't there for this.

~~~
boucher
Volume pricing is something we'll think about in the future, but you're right
-- right now we're trying to focus on building the simplest possible payments
system on the web, even at the expense of maybe being less attractive to the
biggest merchants for a while.

------
kylebragger
Been using them for a while now on Forrst and Tinyproj and they're downright
awesome. Smart folks, super developer friendly product.

------
ednc
This is an amazing service. I've been researching all of this for a project I
am advising on. Merchant Accounts, gateways, fee here,fee there, PCI - it can
make your head explode.

It looks like these guys have done it right, and finally hidden the layers
friction, banking (and open palms) for us.

Nice Work!

One Nit if anyone from Stripe is reading - it was a bit hard to find the
answer to "How & When do I get paid". There is a small blurp on the pricing
page (still doesn't say how), but nothing in the FAQ or Docs. Please spell
this out a bit more.

~~~
metageek
The front page says "Earnings are transferred to your bank account on a 7 day
rolling basis.".

~~~
ednc
Thanks, I did miss that.

There are probably better specifics in the TOS or elsewhere, I guess I was
looking for something spelled out better in the docs. (Ex: "Use any standard
US Business or Personal checking account")

It's probably just me though :-)

~~~
boucher
Good suggestion, thanks.

------
phzbOx
Wondering when it will work in Canada? Also, how does it work "without
merchant account or gateway" ?

~~~
saikat
We're working on international support right now -- though we don't have an
ETA, launching in the US was definitely the first part of getting there (and
we care a lot about going international -- about half our team is from other
countries).

You don't need to make your own merchant account or payment gateway because we
abstract over those details. We'll make whatever accounts are necessary and we
work directly with the banks to make sure that your money is held in your
name, what you want appears on your customers' credit card statements, etc.

~~~
sesh00
Is there any chance you guys could set up a mailing list for people to be
notified when there is more international support? Merchant services in
Australia suck.

~~~
boucher
Just shoot an email to support@stripe.com

------
abcd_f
I was under the impression that if my website is asking for a credit card
number that is later used for a transaction, then it needs to be PCI
compliant. Perhaps, it is a Canadian specific, but this need for the PCI
compliance is the major selling argument in favor of hosted payment services.

And on a related note - is Stripe available outside of the US?

(edit) Ah, found it.

    
    
      > Do I need to be in the United States to use Stripe?
      > Yes.
    

Damn. Bummer.

~~~
boucher
The exact details of PCI are pretty complex, but, roughly the answer is that
any system that touches credit card numbers has to be PCI compliant.

This means that if you take credit cards on your website, you need to be PCI
compliant. But the exact requirements differ depending on your setup, and what
Stripe helps you do is ensure the credit card information never hits a server
owned by you. This drastically reduces the scope of your compliance to a
simple questionnaire.

As for being outside the US, not quite yet. We're working hard on that front
though, so stay tuned.

~~~
abcd_f
I was first going to say how's that the CC #s from my web form are not hitting
my server, but then looked at your Docs - and what you did is ingenious - the
form is mine, but it is submitted to your site.

The _curl_ example on the front page is rather misleading. It was the only
thing I actually _read_ through on that page and I walked away with an
impression that that code snippet needs to go to my server. Just the 2c worth
of UX feedback :)

~~~
boucher
Thanks for the feedback. We'll work on clearer examples.

~~~
bullcity
I'm not sure I understand the PCI implications of using the API. If I use the
Create a New Charge example on the homepage in my code, aren't the credit card
details going through my server?

*Edit: Nevermind. After reading through the API, I learned you can use a token instead of the card details.

------
BrandonDC
Looks like a great service. Too bad I can't use it, since I'm a Canadian.

It gets really tiring to see interesting new services launch that _refuse to
take my money_ because I live in a different country. I'm hoping that it's
something non-trivial that is preventing them from operating in countries like
Canada and the UK, and I look forward to using the service once they are able
to offer it to me.

------
seanharper
Respect. Stripe is a very smart company solving a big problem.

------
destraynor
This is an incredible product built by a team of amazing developers, solving a
serious problem.

I will enjoy watching their success.

------
frankdenbow
Awesome that the payouts are now much faster. That was the one thing keeping
me on the fence but will be using it right away for StartupThreads.com

------
Bartlet
I operate in what the credit card processors consider to be a "high risk
industry". It's nearly impossible for myself or my competitors to get a
merchant account without a reserve. In other words, for every $1 we charge,
the merchant bank holds X% in reserve (until we hit a certain threshold).
Thus, if we tried to defraud customers by selling bad products and then
"disappearing," the merchant bank could use the reserve to refund customers.

So, with that as a preface, how will Stripe deal with chargebacks? It seems
like it would be very easy to set up a scam, e.g. a merchant sells phony
inventory and then "disappears" when customers complain.

~~~
boucher
Yup, dealing with risk is a hard problem that we're giving a lot and thought
and effort to. We rely a lot on online info to verify identity, which gives us
some advantages. But yes, we're working hard on mitigating the risks involved
with fraud.

------
prayag
Stripe is simply amazing. We've been using them for many weeks now and things
just work. Setting up payments was so much easier.

------
smilliken
We've been using Stripe at MixRank, and refreshing how easy it was to set up.
This is how easy accepting payments _should_ be. The team is excellent too;
they've been extremely helpful so far.

------
carsonm
Wow. Excited. After watching PintPay toy with my emotions, I'm glad someone
did it up right. I hope they've got a viable model. The market is positively
starving for something like this.

------
seanmccann
I got this awesome handwritten letter in the mail today from Stripe.
<https://p.twimg.com/AaoSX5BCQAAx4T9.jpg>

------
alexpogosyan
I was very excited reading their faq until I realized it's US only service.

Can't wait to see you guys expand internationally. Best of luck.

~~~
tomelders
Stripe looks so good, I think I'm going to try and open a US account.

------
rick888
I have a problem with using merchant startups. If they go out of business,
what happens to my clients? If I have thousands of clients, I would not want
to be forced to get all of their credit card info again (since I wouldn't be
storing any of that info).

Although I hate using the big guys, at least I know they will be around in 5+
years.

~~~
pc
We'll happily export your card data to another provider if you ever want to
move away.

~~~
rick888
Are you legally allowed to even do that? Do you store card data yourself?

~~~
anurag
Yes and yes. We are a PCI Level 1 Service Provider. More information on our
security practices: <https://stripe.com/security>

------
megaman821
Can you fetch any meta data on a customer's saved card? For example if a
single customer has four saved cards you might want to present it as: * Visa
ending in 1234 * MasterCard ending in 5678

Also, when a customer's card is expiring how are they prompted to enter an
non-expiring card?

~~~
boucher
You can get the type and last 4 digits of the card. Right now, we only allow
you to store one card for a customer -- something we'll probably change in the
future.

Since we aren't putting ourselves anywhere in the front end of your app, we
can't notify your customers when they have cards that are about to expire --
it's something you'll have to choose how you want to communicate.

------
old-gregg
Awesome company, we're at Mailgun have been using them for a long time and
couldn't be happier.

------
avree
Stripe looks awesome for small scale business. At large scale, Braintree still
has cheaper pricing (<http://www.braintreepayments.com/pricing>) and the
monthly cost is negligible.

~~~
boucher
Pricing is pretty hard to compare directly between something like Stripe and
Braintree. In particular, there is no one clear answer, because it depends on
your own mixture of AMEX cards, international cards, rewards cards, etc. We
have some medium sized businesses on Stripe who have run the numbers and come
out cheaper with us, but that won't be true for every merchant.

Part of what we believe to be valuable here is the simplicity of knowing
exactly what your fees will be on every transaction, and in aggregate. There
aren't any surprises.

------
bherms
Quick suggestion... I tried to share on Facebook and didn't get an image. Set
this in your <head> so it looks better when shared:

<link rel="image_src" type="image/png" href="PATH TO IMAGE" />

<link rel="image_src" type="image/jpg" href="PATH TO IMAGE" />

------
drtse4
Something that is really needed, looking forward to the availability outside
the states.

------
DanBlake
Does Stripe let us take our data with us if we want to leave for another
processor? If I build a recurring revenue business on Stripe, am I screwed if
they hike up their fees by not being able to move the credit card #'s
elsewhere?

~~~
boucher
Yup, we do. Checkout my other answers in these comments.

------
ww520
Interesting. Is there an end-to-end demo from the user's perspective? Do the
users know they are storing the CC info on Stripe? Or they think my site
handles everything and is responsible for everything (privacy, etc)?

~~~
anurag
We are completely transparent to your users - it's a conscious design choice.
You can always choose to tell them about Stripe and link to our security page
if it makes sense. <https://stripe.com/security>

------
mschen
Not to take away from the product, which I think is pretty awesome, but I do
foresee a rather sticky issue should the company blow up somewhere down the
line; the logo is rather reminiscent of that of my former employer Deutsche
Bank's, and I wouldn't put it past the multinational financial behemoth to
take notice, with potential financial consequences, especially as Stripe
pushes its product internationally. For reference:

[http://www.oraclefusionnews.com/wp-
content/uploads/2011/07/d...](http://www.oraclefusionnews.com/wp-
content/uploads/2011/07/deutsche-bank.jpeg)

~~~
boucher
Stripe does not currently have a logo, other than the word Stripe.

~~~
mschen
Sorry about that, I was basing my comment off the Crunchbase profile
(<http://www.crunchbase.com/company/stripe>) and assumed that was the logo.

------
smoyer
I've been watching Stripe for a future project that is looking more and more
likely ... but this looks so good, I might do the project just to have a
reason to use Stripe! (j/k)

Can't wait to see how the international version works.

------
peanutus
Is there a processing volume limit? Will Stripe be verifying customer orders?

~~~
boucher
There are no volume limits. What kind of verification are you talking about?
Stripe does offer address verification: if you send the address with your
requests, we'll return the AVS response from the credit card network, which
tells if that the billing zip codes and street number are a match.

~~~
peanutus
What about sales receipts? Are those generated by Stripe and sent to the user
or is it up to the merchant to deliver them?

~~~
boucher
We don't offer support for emailing your users right now.

~~~
peanutus
How long does it take for a refund to be re-credited to the user's card?
What's the chargeback threshold before an account gets put on hold? Is there a
refund threshold? Eg. 1 out of 4 of our customers are dissatisifed with our
product, so we refund 25% of all transactions.

Also, you've created something absolutely amazing. ISO Sales agents across the
country are going to be trembling.

Speaking of which, will you have a partner program?

~~~
saikat
The amount of time it takes fro the refund to be re-credited usually depends
on the issuing bank. When a refund happens, we send the refund over
immediately and settle it at the end of the day. There are currently no
chargeback or refund thresholds, but we'll have to see how that evolves as we
grow.

We don't currently have any partner program, but it's definitely something
we're talking about. Lots of things are in the pipeline!

------
geek777
Amazing product, just curious about which font was used in the stripe logo?

------
mariust
Hope you go international as soon as possible there is a lot of good potential
around this. I just hate the way paypal has recurring billing setup, the
documentation is not 100% completed in paypal and I had to loose a couple of
hours to ge around an error that was saying basically: " there are 1000 things
that could go wrong ", the problem is that I was missing a field that I had to
submit to them, the docs war not saying anything about it, but with the help
of good old Google. Go stripe

------
chexton
Awesome. I have been waiting to have a better look at Stripe, it sounds so
great.

I have a question for someone who might know: how can Stripe operate without
requiring it's users to sign up for a merchant account? Do they hold what is
known as a 'master merchant account'?

I am just curious as these sound notoriously difficult to get and might
explain why it's US only for now, not to mention the AML considerations of
letting users sign up and accept payments so simply.

This all just makes what they are doing even more impressive :).

~~~
saikat
We basically are trying to abstract away all the pain of creating merchant
accounts and setting up with separate payment gateways. On the backend, we are
partnering with Wells Fargo and First Data to set up whatever accounts are
necessary to both get you started immediately while making sure you get all
the benefits of a full-fledged merchant account.

~~~
chexton
Cool. I'm not a US citizen but it's great that you can do this and that Wells
Fargo is on board as this is a killer feature in my opinion :).

------
gwoo
Excellent API and fast support. These guys are gonna go far.

------
Iv
Good to see an alternative to paypal, but instead of paying 3% to a
transaction central, I'll still offer a 5% discount to anyone who pays me
through bitcoin.

------
wheelerwj
I tried stripe a couple months ago and I was unimpressed. Mostly it was the
pricing ( i think at the time it was 3.9% + 30 cents ) because I was looking
to do smaller transactions $4.99 a month subscription.

But I got into the beta anyways and started playing with it. Within 10 minutes
a rep was emailing me trying to get more information and that I wasn't ready
to give out.

I ended up going with Paypal's micro transaction processing.

~~~
boucher
Our account application asks for your personal information (thinks like bank
account details, home address, etc.) as part of our automated verification
process. Once it gets submitted, we try to verify and approve the application
as quickly as possible, hence the quick contact.

Of course, you don't have to submit this application until you're ready. You
can save your account on Stripe without filling out the account app, and do as
much testing as you like, forever. Once you're ready to process real payments,
that is when we'll require some of this information.

Hope that helps explain things.

------
jules
This is awesome. The big question is: how are you going to deal with fraud?
Fraud policies false positives is largely what makes people hate PayPal.

~~~
boucher
I think the difference is customer service, not fraud per se. Customer service
will always be our highest priority -- and that means when we do end up in
situations where fraud is a concern, we'll work with our users to resolve
things quickly.

------
MrMike
I don't have anything to contribute other than a thank you to the folks behind
Stripe for trying to fix this seriously broken system.

------
BadiPod
This is exactly what I have been looking for. I only wish you guys had a
micropayments model as well. Any future plans of that?

~~~
boucher
It's something people are asking for, so we'll be looking into it.

------
city41
If a Stripe employee is reading this, tiny suggestion: I just shared the URL
to stripe on both Facebook and G+. On G+, the nice little blueprint icon
showed up as the thumbnail. But on Facebook, no icon at all making the post
far less noticable in people's feeds. Just a tiny thing that will help the
spreading of the word.

~~~
anurag
Thanks, fixed.

------
jfruh
I'm not a developer, but I am considering selling things through my website
and maybe also selling things in person outside any shop. Is there any
particular reason I would pay a developer to build this into my site rather
than just using Paypal (which I've used for years and had no big complaints
with) and/or Square?

~~~
saikat
You would use Square for your in-person payments (Square, so far, is for
brick-and-mortar stores whereas we are doing online payments). But we
definitely are targeting developers more currently, so can see why we may not
be as easy of a choice for you. We do offer quite a bit of analytics around
what you are making and being paid out, and we also give you a viable way to
get set up easily with minimal PCI compliance without having to use a hosted
payment solution (so customers checking out wouldn't be sent to another
website, which I believe PayPal's hosted solution does), so these features may
appeal to you.

------
lvh
We're incorporated in Hong Kong. I'm beginning to think we should launch a US
subsidiary just to take credit cards...

------
phatbyte
Stripe was like love at first sight, it was exactly what I was looking for a
loooong time, but I can't use it for now apparently :(

Two questions: My company is an LLC and I have a valid SSN, however my bank
account is in Portugal, can I still apply for stripe ?

If not, do you have plan to support EU countries like Portugal ? thanks

~~~
boucher
You should email support@stripe.com for specific things like this.

------
julian37
This looks amazing. @boucher, sounds like support for Canada and the UK is in
the pipeline, how about other EU countries such as Germany?

In the meantime, can somebody recommend a (vaguely) similar service in/for
Germany, or otherwise an old-fashioned payment processor that's less painful
to deal with than others?

~~~
boucher
Germany is definitely on our list, thanks!

~~~
markokocic
Can you share list of countries you expect to be supported "real soon now"?

It would be helpful to know if I should keep an eye on your service, or just
forget about you fro another year or two.

------
mise
Can someone please explain to me how 2checkout couldn't do this? For example
they claimed to be pushed by the card companies to become a "reseller",
resulting in the fact that their checkout pages cannot be customized. What
gives?

------
brandong
I see the Getting Started developers intro, but I'm having trouble visualizing
what this can look like purely from the customers side. Do you have any live
implementations you can link to as an example of a Stripe integration?

~~~
boucher
Stripe doesn't communicate directly with your users, so there is no standard
look from a customer's perspective. We're providing the tools to build your
own payment forms hosted on your own website. Perhaps in the future we'll look
into helping by communicating more directly to customers.

------
neovive
Stripe looks great and is definitely at the top of my list. Does anyone know
what name shows up on the customers statement? Is it customizable to something
that includes your company name (e.g. Stripe __your_name_here)?

~~~
boucher
Stripe doesn't appear at all. You have full control over what appears on the
statement.

~~~
ericd
These little touches are awesome. With Auth.net it seems I ran into a
character limit with my (not very long) company name, and the beginning was
truncated - TopHat became Phat... I tried to get it changed once upon a time,
but I gave up due to the pain.

The old 1 month payout schedule was one of the few things holding me back from
switching, but now that's it's more frequent, count me in!

One question, can one charge from multiple URLs with a single account?

~~~
saikat
You can charge from multiple URLs, but all your data will show up together as
if it were for one account. If you want to have multiple accounts for
different websites, your best bet currently is to just sign up multiple times
(we're working on having subaccounts).

~~~
ericd
Great, that's fine for my purposes. Thanks!

------
neovive
Stripe looks great and is definitely at the top of my list. Does anyone know
what name shows up on the customers statement? Is it customizable to something
that includes your company nane (e.g. Stripe __your_name_here)?

~~~
collision
It's entirely up to you: there's no mention of Stripe. Most of our customers
simply put their domain on the statement.

------
csallen
Been using Stripe for Taskforce for a few months now. Stellar API, stellar
service.

------
showkhill
Well done lads! Just on their customer service - really great. I'm a novice
developer hacking together my first webapp and the people I dealt with at
stripe were excellent, very patient and helpful. Best of luck with it.

------
robjohnson
Goodbye recurly and chargify. You're no longer the prettiest girls at the
dance.

------
arisey
Will strip offer hosted page in the near future? We are currently using
Spreedly's hosted page for customer to input their credit card info so that we
don't have to worry about SSL and other security issues?

~~~
boucher
We may at some point in the future, but it's unlikely to be one of our short
term priorities. Stripe.js does make things easier for you, but you'll still
need SSL.

------
Kilimanjaro
Just curious, how does the gambling industry manage payments? I've been
thinking about building a poker saloon and would like to know how to get
players to put their money on the table, so to speak.

------
kilink
Any plans for supporting a DBA (doing business as) field as part of the API?
Having only one identity associated with the Stripe account wouldn't cut it
for us.

~~~
boucher
For now, we recommend just setting up multiple Stripe accounts; it's a feature
I'm sure we'll add in the future.

~~~
kilink
In our particular case we would need somewhere between 50 or more accounts, so
it's just not feasible. Having it as part of the charge API would be ideal.
Glad to hear you're considering adding it as a feature.

------
_corbett
echoing the excitement for the international expansion.

------
rednaught
Is the TOS(Terms of Service) a work in progress? Currently "not found."

<https://manage.stripe.com/tos>

~~~
pc
Sorry about that. <https://stripe.com/tos> is the correct link. We'll get it
fixed.

~~~
rednaught
Thanks for the update. I did have one other question and wasn't sure where to
post it here. What's your timeline for a Perl API binding?

~~~
pc
We're not working on it right now, but would love to discuss. I'm
patrick@stripe.com -- want to drop me a line?

------
llch
Having the sample code right there on the landing page is the most compelling
thing for developers, when the customers are developers.

------
BryanB55
Anyone here use WHMCS? (Whmcs.com) I'm curious if Stripe will work with it
since it doesn't send the CC# through the server.

------
eoghan
Stripe is going to be huge. Theirs is a MASSIVE market, waiting too long to be
disrupted. Can't wait to use the service.

------
mcantor
Is this real? Am I dreaming? This sounds too good to be true. Someone pinch
me, please. (Is there an app for that?)

------
krosaen
looks great, though recurly has met my needs so far, not sure what would make
me consider porting over to something new

~~~
boucher
The difference between Stripe and Recurly is that Stripe is dealing with the
full payments stack for you. You don't need a separate merchant account or
gateway, and it's just one flat fee of 2.9% and 30 cents per successful
charge, including our subscription billing services. As a result, it's often
quite cheaper than combining several separate services.

~~~
krosaen
Thanks for the details. Merchant account setup with intuit through recurly was
very easy though, we had that setup within a few hours. At this point, sounds
like stripe would be cheaper though (~50 paying customers at $40 a month).

------
thepumpkin1979
off-topic: Stripe looks really nice and I wish I could use it but sadly I'm
outside USA. Does anyone knows a service like this that doesn't require a bank
account? Let's say I want to charge people in USA but I don't have a bank
account in USA, then I would transfer the money to Paypal or something. Any
thoughts?

~~~
kalleboo
If you're transferring the money into Paypal anyway (and exposing yourself to
"the paypal risk"), why not just use Paypal Website Payments Pro?

------
BadiPod
Are you guys looking for investors?

------
snorkel
Question for boucher: Can stripe be used for affiliate payments, perhaps by
issuing credits?

~~~
boucher
Probably best to send an email to support@stripe.com to figure out specific
cases like this.

------
lsh123
Just make sure you still do your PCI compliance audit if you use Stripe.

~~~
saikat
You actually don't need to do anything beyond what we tell you to do for PCI.
Check out stripe.js. No need for an auditor.

------
blckcld
this looks amazing but i cant use this until you support
european/canadian/australian payments. both of the e-commerce stores i run get
international orders every week.

------
theseanstewart
I'm all over this as soon as Freshbooks supports it.

------
becomevocal
Thank you Stripe. We will become good friends.

------
DistortedRhymes
Please come to Australia! We need you!

------
damir
I really wish I could use this in EU.

------
ThaddeusQuay2
It seems great, until you read the fine print, which I did, in its entirety,
and what I saw is quite chilling, in terms of fees, fines, and other undefined
costs incurred when things go horribly wrong.

"When a Chargeback is issued, you are immediately liable to Stripe for the
full amount of payment of the Chargeback plus any associated Fees, fines,
expenses or penalties (including those assessed by the Networks or our payment
processors). You agree that Stripe may recover these amounts by debiting by
means of ACH debit of your Bank Account associated with your Stripe Service
Account, debiting your Reserve Account, or setting off any amounts owed to you
by us. If we are unable to recover funds related to a Chargeback for which you
are liable, you will pay us the full amount of the Chargeback immediately upon
demand. You agree to pay all costs and expenses, including without limitation
attorneys’ fees and other legal expenses, incurred by or on behalf of us in
connection with the collection of any unpaid Chargebacks unpaid by you."

<https://stripe.com/tos>

I >do< like the positives of Stripe, but I'd feel more comfortable if I knew
how Stripe would handle specific extremes, such as the one about which I had
recently asked.

<http://news.ycombinator.com/item?id=3039782>

~~~
boucher
As you noted in your post, these terms are standard (and, essentially,
required of us) in this industry. And as people suggested, chargebacks are not
a big deal. They are far less common than people think, and usually they are
resolved quite easily; all it takes is good communication.

~~~
ThaddeusQuay2
I appreciate the answers given to my question from several days ago. I
appreciate that all of the loopholes need to be covered, using >standard<
legalese, most of which will never be needed, but when it is, the situation
will be resolved entirely in Stripe's favor, not mine. I appreciate that
chargebacks are >usually< not a big deal. My concern is about extremes,
particularly those which come out of malicious intent, perpetrated against me,
through no fault of my own. With the way that these "one-sided" agreements are
structured, it appears to be quite easy for me to launch an attack against a
small startup's credit processing account, with the likely result being
termination of said account, mostly due to the perception of risk which I will
have created in the minds of the people who implement the TOS to which the
startup agreed. If I can do this to someone's startup, then someone can do it
to mine, and I can't be the only person who has thought of this kind of stuff.

~~~
boucher
And yet, have you ever heard of this happening? I don't mean to minimize your
questions; I think there is some amount of trust involved. We're able to tell
the difference between someone running a fraudulent business and someone who
is being essentially DOSd. Simply having chargebacks is never going to
automatically cause your account to be terminated.

~~~
ThaddeusQuay2
"Simply having chargebacks is never going to automatically cause your account
to be terminated."

False: "WePay reserves the right to close or put a hold on any account that
has generated a ["a", as in "single"] chargeback." -
<https://www.wepay.com/about/terms>

No one talks about the ugly fine print. It's always "just a formality", until
they need to use it against you, and that's exactly the kind of leverage a
competitor or an enemy will seek out.

~~~
boucher
Well, to be clear, I'm only speaking about our own service, not WePay. Anyway,
I think we've covered the issue here but if you feel like you need further
discussion I suggest reaching out to support@stripe.com.

~~~
ThaddeusQuay2
"I'm only speaking about our own service, not WePay."

Really? See: "We can terminate this agreement at any time (especially if you
do something bad). Termination is effective immediately. Termination does not
alter your liability for processed payments or related chargebacks." at the
top of <https://stripe.com/tos>.

I won't bother with support, because you have not given me any real answer to
the scenario which I presented. Your system thus appears to be just as easy to
defraud as any other, possibly even easier, so I have no reason to trust an
entity which can, and likely will, dip into my bank account to extract all
sorts of fees and fines when things do go bad.

------
pitdesi
EDIT: removed so as to not hijack another announcement. Was not the intention,
just wanted to offer something people thought was useful.

~~~
marquis
Do you do recurring billing? It's not clear with a quick view of the
documentation. Or do you expect that individuals are provided sufficient
information to build their own (easy?) recurring systems? If you do, we'll
look at moving immediately. We'd not only be saving money but your API doesn't
confuse the hell out of my like what we're currently using.

~~~
pitdesi
You got it. We don't handle the recurring stuff for you, but we give you back
a token that lets you bill your customer cards on a recurring basis. We have
other customers who are doing this on their own.

~~~
marquis
Thanks, that's probably fine as we'd get better control over integration.

------
Hisoka
Just wanted to say you guys were one of the few "startups" I actually gave my
email to in the beta page when you announced it. I could care less about the
next social app, or next reminder app but as soon as I saw your value
proposition, I KNEW I had to be notified when it was out. Thanks for making
something that actually solves a crucial problems. This is much much needed,
and you guys are definitely on your way to success

------
zealoushacker
I think that aside from the lack of support for marketplace, like
<https://www.wepay.com/developer/usecases/marketplace> Stripe is awesome.

Any plans to add marketplace support in the near term?

Also are you guys PCI compliant yet?

~~~
boucher
We're certified as PCI Level 1 Compliant (the highest level). You can
definitely build a market place on top of Stripe. We don't, at the moment,
have an easy way for you to take money and then pay it out to other people,
but if you're able to handle that step on your own then Stripe can be a great
way to collect payments for your marketplace.

~~~
zealoushacker
Is it on the roadmap for the near future?

~~~
saikat
Possibly -- it's something we're still talking about internally.

------
clistctrl
Thank you. Pay pal should be obsolete now.

------
tonio09
Bitcoin charges 0.01% @:)

------
kentf
CANADA!!

------
kaushalc
Looks like the site is down??

------
rshm
2.9% and 7 days. if you are still using it, you are infant in this entire
thing.

