(I work for Gluejar on unglue.it) We've struggled with the issue of finding the right payment processor. We went originally with PayPal, but 7 months after we submitted our application, we still don't have a decision (see http://blog.unglue.it/2012/05/03/unglue-it-payment-options-a...). Amazon FPS was easy to get started with, and we got what seemed to be approval very quickly. So it was a bit surprising to then get shut down by Amazon after running for a while and demonstrating unglue.it works in practice.
Can you not get a traditional merchant account provider to approve your business? If you accept credit cards yourself instead of through a 3rd party, just about every payment gateway supports storing customers' info to charge at a later time. You can also use something like SpreedlyCore to store the payment info and have the ability to switch to different payment gateways without losing the info.
I think you're referring to an Authorization, which is valid only for a limited time. To store enough details to re-bill a non-pre-auth transaction in the future will get you into PCI DSS Level D compliance, which is not cheap - to say the least. Full compliance with the PCI DSS with stored credit card data, including PAN and CVC generally requires a number of products/services from 3rd party vendors and a dedicated team to manage compliance.
Then, you have the issue as to whether or not the card has the amount available in the future when you intend to charge it...
No, you simply send the card details to the payment gateway which vaults them. You get back a token to reference to make the actual charges in the future. You don't have to do an authorization up front. Virtually every payment gateway has such a feature. There's no need to implement storage on your own and take on the compliance burdens.
If you use SpreedlyCore, for example, you point your signup/billing form to their server, which stores the card data then redirects back to your site, so the user never sees anything but your site yet the payment data never hits your server. If you use Stripe, for example, the form submission gets intercepted by JavaScript that sends it to Stripe instead of your server, then returns a token in a callback. If you use services like these, there's virtually no compliance burden at all.
> Then, you have the issue as to whether or not the card has the amount available in the future when you intend to charge it...
You'd have that issue whether you used a 3rd party processor or your own merchant account. Amazon Payments wouldn't have given them money when the customers' cards had no funds either.
BTW: There is no PCI-DSS or PA-DSS level that allows storing of verification codes, for either businesses or payment software companies. The whole point of that code is that it's never stored.
"just about every payment gateway supports storing customers' info to charge at a later time."
"No, you simply send the card details to the payment gateway which vaults them. You get back a token to reference to make the actual charges in the future. You don't have to do an authorization up front. Virtually every payment gateway has such a feature. There's no need to implement storage on your own and take on the compliance burdens."
Neither Authorize.net nor MES do. (Two of the largest in the US, that I've been using for the past few years.) I only know of a few specialized players that offer such functionality.
Huh? Both of them do. I've been using Authnet's vault for almost 8 years. I've also integrated with 8 other gateways that offer payment info vaulting. It's a standard feature for any competitive gateway at this point.
I'm surprised you've been using these gateways for years and didn't know about these features. CIM is prominently advertised on the first page you see every time you log in to the gateway.
I haven't had either of those features enabled in my UI, but that wouldn't surprise me as I've often had to ask them to re-enable basic features (like backoffice w/ MES) when they get accidentally turned off. I'm presuming these features need to be negotiated as part of the deal, and as I haven't needed them, they were never brought up.
I guess the issue is that you have to store the CC number?
With Braintree you could put customer CC numbers in their vault and then manually run the transaction later, but it'd cost you a flat fee plus a penny or two per/card/month. (They do support running validations without completing a transaction.) It doesn't seem like the end of the world, though. And the architecture isn't super complicated. I assume you already had to handle telling Amazon whether to go through with the charge or not after the time period? Maybe Amazon also was keeping track of the pledge amounts for you?
(Contrib Id or Card Id, Pledge Amount, Campaign Id) doesn't seem like that crazy of a thing to store on your own system.
When we were initially investigating the space Amazon and PayPal looked to be the only payment processors who supported pledges (as opposed to instantaneous transfers). PayPal actually had some advantages, but they were outweighed by the disadvantage that they have never actually processed our paperwork: http://blog.unglue.it/2012/05/03/unglue-it-payment-options-a...
If there are other processors that support pledges, we aren't aware of them (though we welcome suggestions!).
We're working on an alternative funding model that lets us deal with this, but that's a question of business logic as well as software. Mind you, we have a fair amount of both in place already, but there are a lot of moving pieces. We'll keep people posted via our blog, newsletter, Twitter, & Facebook page.
You could ask WePay. I don't know that they have pledges now, but maybe they could be persuaded to add them.
What you can do quite easily with WePay is to send bills by email, each including a link to the payment page with the amount filled in. This makes it pretty simple for people to pay at that point. But it isn't, admittedly, automatic, and some people could ignore the bill. I don't know how big a problem this would be in practice.
Most of the problems people face with PayPal are because they ran afoul of fraud concerns. In many cases (though not all), these issues could have been avoided if PayPal had been alerted before big changes happened at the account.
