Payment Processing Basics
Jump Start Credit Card Processing PDF
PeepCode’s ActiveMerchant PDF
Boosts conversions (> 10%)
More seals the better?
Card Veriﬁcation Value (CVV)
It’s optional, i.e. merchant can decide whether to honor
Useless for recurring transactions as it’s illegal to store
Interesting trivia: Amazon AWS doesn’t require it
Address Veriﬁcation Service
Like CVV, also optional
Not supported by all banks
Street Address & Zip
For Street Address, usually only checks the ﬁrst
Flaky for non-US addresses so billing logic should
account for that
Fairly large % of recurring transactions will fail because
of credit card expiry, over card limit etc
Have an automated process in place to communicate
with customers (dunning)
Provide a secure page for customers to update their
PCI DSS Compliance
Don’t try to store credit card information on your own
servers. It’s not worth the legal hassle. You’ll be a ripe
target for hackers!
Outsource the problem - use Authorize.net’s CIM and
you’re 75% on your way towards PCI Compliance
When you hit a certain threshold of transactions
annually, your compliance requirements will get stricter;
success comes at a price!
Misc Dev Notes
Store the last 4 digits and expiry date - lets you save on
API calls and lets you get smart with declined
If you’re using Ruby, use the ActiveMerchant gem.
One-Click Purchasing - Authorize.net CIM
Try multiple merchant processors when one fails
(Chase PaymentTech, TSYS etc)
SaaS vs Roll Your Own
Chargify, ChedderGetter, Recurly, Spreedly, Zuora.
PayPal Website Payments Standard?
Negotiate lower merchant account fees; it really
matters when you have volume