Hacker News new | past | comments | ask | show | jobs | submit login

Now let us talk about recurring billing. I have not used any recurring billing service, so can't comment on how those work, but here are some thoughts on handling it yourself.

First, there is the obvious way. Store credit cards yourself, and then you can run new transactions through when it is time to re-bill someone. You don't want to do this. This gets you all the way into the PCI cesspool. In fact, if you are a single developer, and there is no one else in your company, I'm not even sure it is possible to do this. PCI requires that for key operations on the encrypted credit cards that you use some kind of scheme that requires more than one person to authorize any operation. (We use Shamir's cool secret sharing algorithm to make it so no one person has access to the keys). Hard to do this when there isn't another person!

The second way is to use something called a "reference transaction". When you do a transaction, there is a transaction ID associated with it. Subsequently, you can do new transactions and instead of supplying the credit card number, you can tell the PAYMENT GATEWAY that you want to use the same credit card as a prior transaction, and supply the transaction ID of that prior transaction. (I believe you have to also supply the amount of the referenced transaction with some gateways). So, if you just keep track of the transaction ID of the last successful charge on a card and the amount, you can use that for your re-billing transactions. (Keep track of the last success, because you generally can't use a transaction more than a year old as reference transaction).

The main downside that I see for reference transactions is that you are stuck with that PAYMENT GATEWAY for subsequent transactions on that card. (Open question: if you use the same PAYMENT GATEWAY for more than one MERCHANT ACCOUNT, is the reference transaction tied to the original MERCHANT ACCOUNT, or is it just tied to the PAYMENT GATEWAY. I think it is just tied to the GATEWAY, because the way I've read it works is that the PAYMENT GATEWAY actually stores the credit card). For some businesses, you want multiple MERCHANT ACCOUNTS, and you want the ability to decide on a per transaction basis which one to use to bill or re-bill a customer, and so reference transactions won't work unless you have a suitable transaction at each gateway. (The reason for this is ACQUIRING BANKS can get skittish--remember they are the ones assuming the risk that you are going to stay around. If anything unusual happens to your business, ACQUIRING BANKS sometimes suddenly slap harsh limits on you).

The third way is to use Braintree and use their "vault" service. That costs $20/month plus $0.01 per card stored/month. Basically when you put a card in the vault (which you can do by setting a flag when you charge the card), they remember it for you. They give you a token that you can use on subsequent charges to represent the card.

You might wonder how this differs from using reference transactions at other PAYMENT GATEWAYS. After all, if PAYMENT GATEWAYS normally keep the full card information for each transaction, and let you do reference transactions, why should it cost extra for that service at Braintree. I think the key is that Braintree will let you get the cards out of the vault if you want. That's one of their big selling points--nothing you do with them locks you in.

As I said, we don't use any third party recurring billing service. When we got started, there really weren't any services specializing in that like there are now. There were recurring options at some of the gateways, but they were pretty simple, and unfortunately we had complicated plans, and let customers upgrade and downgrade between them leading to all kinds of ugliness that didn't fit in with any sane recurring billing system.

One other thing to be aware of with recurring billing (whether handled yourself of via a third party). Both VISA and MasterCard a service that allows MERCHANTs to get updated information on credit cards. For instance, suppose you try to re-bill someone, and it is declined. The last expiration date you had for their card was six months ago. You can query the updater service, and if the card has a new expiration date, or if the account has a new card with a new number, they might tell you the new information. They don't always tell you--the possible responses are (1) here's the new expiration date!, (2) here's the new card number and expiration date!, (3) the account is closed, or (4) no information is available. It costs nothing to submit a batch of cards to the update service, and something like $0.12/card for which updated information is returned, and they require you to run your entire database of stored cards through the service periodically.

I believe there are some restrictions on who can actually use this service, as it would obviously be a great boon to people who are doing credit card fraud. Ask any recurring billing service you are considering if they have any support for the updater service. If you can get access to it, it should easily pay for itself. We've found that it increased our success rates for recurring billing by around 2% or so.

Finally, let us consider foreign currency. Braintree offers a truly impressive number of currencies that they can accept payments in, and an impressive number of currencies you can have your settlements in. Unfortunately, you have to be doing something like $3 million a year (I assume they mean in the particular foreign currency you want to accept) before they will deal with you. (You need a separate merchant account for foreign currency, and the MEMBER BANK providing the foreign currency merchant accounts isn't interested in us small guys).

We use WorldPay for foreign sales (specifically the part of them that was once a separate company called Bibit). They will deal with much smaller companies than Braintree, but they have some pretty high fixed monthly fees--high enough that you'd almost surely want to get your business going well in the US before considering adding foreign support with WorldPay.

Based on all I've seen so far, I'd go with Braintree, for three reasons:

1. Assuming they are telling the truth on their site (and they get mentioned enough that if they were not on the level, surely someone would have posted about it), their prices are both very reasonable and actually understandable. You will pay one of the two tier percentages per transaction plus $0.30 + $75/month + $20/month (for the vault) + $0.01/month (per credit card in the vault) + $0.10 per recurring subscription billed. The only unknown in your costs will be what percentage of your transactions get the 2.29% rate and which percentage get the 2.89% rate.

You can find places that advertise less than 2.29%, but that will be just for the bottom tier of their tiered billing, and most will also stick on a ton of other fees (recall my example earlier from one of our bills from one of our ACQUIRING BANKs).

2. They offer both MERCHANT ACCOUNTS, PAYMENT GATEWAY, and a recurring billing system, so you will only have to deal with one company.

3. If you decide someday that you'd rather be elsewhere, you aren't under a contract so can quit with no penalty, and you can get your CUSTOMER's card data out of their vault to feed into whatever other provider you switch to (or to store yourself if you have gone insane).

Good luck!

tzs, your write (tomb) was unbelievably helpful... just finished reading all of it.

As you walked through all the examples I was slowly leaning towards BrainTree and as you kept going through the reasoning I felt like I concluded at the same place you did by the end; sounds like the perfect thing to launch with and if I want better sub handling I can always add something like Recurly later.

I have no love for merchant account banks after reading all that.

I had no idea where the "points" on reward cards were coming from, very sneaky!

Fascinating read, I can't imagine how long it took to write up. I really appreciate that.

I'm glad it helped. Keep in mind that I don't know if I have it right. I marked several open questions, and I probably missed many. I'm still hoping someone with better information will offer corrections.

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact