I guess the question is more toward the Canadian HN entrepreneurs. Since Authorize.Net require you to have a merchant account in US, we, Canadians, can't use it. What are your choices for merchant account/payment gateway (in terms of building a web app)?
We use Beanstream for our Toronto based company. One nice thing about them is they support something like authorize.net's CIM feature, so you can do recurring billing without having to store CC numbers yourself.
One thing to be aware of, though. It is nigh impossible to get a USD American Express merchant account in Canada. If you plan to charge exclusively in USD, this can be a real problem, as you won't be able to take AmEx. We're soon going to go through the hassle of setting up an account at authorize.net or Braintree so we can take AmEx -- too many of our customers insist on paying either by AmEx or cheque.
Note that it is possible to use a US payment processor for a Canadian company. The two things you need to do are:
a) Get an EIN (we haven't yet done this, but apparently it isn't too difficult, even for foreign corporations)
b) Open a chequing account at a US bank. We've done this using Harris Bank (http://harrisbank.com). Since they are a subsidiary of BMO, they are used to opening accounts for Canadian businesses.
wow, I did not know about the AmEx problem in Canada. Looks like there's more battling to do after setting up my merchant account/payment gateway. Did you guys look at PSIGate at all or did you just go with Beanstream?
> Since Authorize.Net require you to have a merchant account in US, we, Canadians, can't use it.
Actually we can. The do however require that you open an account with Global Payments Inc and these guys have seriously sleazy sales tactics. They break down their fees into a multitude of categories and groups, and it is fairly unobvious what combination of these fees you are going to hit most frequently. It took me literally a week of back and forth emails with them to get an idea of what the average transaction fee would look like. It was really like pulling a tooth.
I have also dealt with Moneris. Extremely arrogant. They are really big and they basically do not care. They are also the most expensive of all that I have talked to.
Lastly I spoke with VersaPay and they first quoted me fees that were frankly exorbitant. Only after I told them the Global Payments fee level, they brought theirs to the comparable level.
In the end I haven't gone through with any of these, but if I were to pick one now I would probably give VP a try.
We use Braintree. They have a secure vault similar to Authorize.net CIM for storing credit cards safely without PCI concerns. Also, they were the only payment gateway that could give us true multi-currency support. Apparently in most cases you need revenues at least in the 7-figures to swing that, but Braintree set up USD, EUR and GBP for us on the cheap. Note that some payment gateways will claim to support multi-currency, even though what's really happening is they are just doing an exchange rate conversion and the customer gets nailed with an unexpected conversion fee from their bank.
I just looked at the Braintree site. It looks like they provide very developer friendly services which is rare in the industry. The listed rates are high though. If anyone goes with them, keep in mind it's the industry norm to heavily negotiate those.
Our (Braintree's) pricing is actually very competitive. It probably looks higher because we disclose all our fees. Nearly every provider we know of obscures fees both during the sales process and in the monthly reporting statements so merchants never really understand what they're paying. Here's an example of pricing trickery http://bit.ly/9NSZCa . Prospective customers regularly do thorough pricing comparisons and we are consistently among the most competitively priced. Our objective has always been to provide the best value in the industry for a fair price.
I work at a provider (PowerPay) and completely agree about obscured fees. The rates I was referring to are posted on your site and do seem a bit high to me. With that being said, there are a ton of variables involved in pricing an account, so it was a bit unfair of me to bash your prices. I suppose that is why most providers don't list rates on their sites.
We (Braintree) are currently only set up to provide merchant accounts for businesses with a legal U.S. presence. We do however have some international customers that work with our partners for the merchant account and us for the gateway, vault and recurring billing. Our partners don't maintain any hard and fast volume requirements but instead evaluate opportunities based either on current or expected volumes.
I've used them in Australia and they aren't bad. It was for payment processing of a pre-integrated shopping cart so I can't say much beyond it works, fees are straightforward and they answer the phone and will answer questions (especially sales questions) quickly via chat.
Wirecard is a good option for Europe and parts of Asia. Not sure if they support India. Recurly also supports Wirecard APIs via the ActiveMerchant API.
Based in the UK, we use a Barclays merchant account and SecureTrading as our payment gateway. SecureTrading is great as they provide excellent customer service. Their payment gateway set-up is a bit funny (involves setting up a java gateway), but it works.
I am trying to figure out if I want to accept credit cards on my site, instead of sending the customer to a different site, how I can become PCI Compliant. It sounds like for a low volume of transactions you just have to answer a questioner and keep decent security precautions. Is that true? Also does your host have to be PCI Certified or can it be any VPS host like linode?
I was about to post the same Ask HN yesterday, but for other UK. Anyone have any recommendations?
We usually use PayPal or Google Checkout, but our clients often want to use their business bank's merchant service e.g. Barclays EPDQ. This can sometimes pose a problem, as we use Ubercart and have to find/develop the necessary adapter modules.
Wish we were using BrainTree, as evidenced by a coworker exclaiming that he found a bug in their dev sandbox, and they fixed it in a few minutes and sent him a nice email thanking him. So, anecdotally, they sound great.
Authorize.Net is otherwise stable, though poorly documented, and works when their datacenter isn't on fire.
In the US, but we've used PayPal's direct payment gateway (Websites Payment Pro) for a number of client sites, and its been great.
The rates are very reasonable ($30/month, 2-3% + $.30 per transaction), and the only weird requirement is that you have to offer PayPal as a checkout option (and we would anyway).
My experience with payment gateways (note: I have not tried the new subscription services: Chargify, Spreedly, etc) was that their recurring billing support was rather inflexible.
We had to implement it ourselves to get the customer experience we wanted (30 day free trials, that kind of stuff).
So this may be less of a downside than you suppose.
If you're looking at doing subscription stuff, check out spreedly, http://spreedly.com/. They'll handle all of the subscription and billing stuff for you, and abstract away whomever you end up using as a gateway. They do support Paypal as a backend.
AFAIK this is not available through their gateway - you have to send the user to PayPal.com and even then I believe they have to use a PayPal account to subscribe.
If there's a way around this I would love to know.
subscriptions are available through the direct api (your site) and express api (paypal hop) if using websites payments pro. however, if you offer direct, paypal requires that you offer express as well.
payments standard only supports something similar to express, although it's a totally different beast.
I use these guys:
http://www.paysimple.com/
They walked me through getting a merchant account and charge $30/month for the gateway with an API, credit card vault, subscription billing on credit card or ACH
We use Amazon FPS at Mixpanel and it's okay. The fees are certainly low.
However, you have to send your users offsite to a co-branded page to get them signed up, which is a pain in the ass. They also have to have an Amazon account, which many businesses don't (if you're a B2B startup).
I'm in the process of setting up Beanstream - seem like nice guys out there! And they give test accounts, etc. Very friendly. When you call the 1800 number, someone answers the phone!
Back in AU (I now live in Canada) I was able to get a pretty good deal and system from my local bank. I have no idea why it was not promoted online but their merchant facilities did the trick!
My business bank account is with BMO, so I tried to contact their own solution called Moneris. Their sales rep didn't know what I was talking about. They tried to push me to use virtual terminal and other stuff that usually retail uses. In the end, the sales rep said she'd have to talk to the manager to see if they have anything like what I want. So that pretty much failed.
We use Moneris. The product that covers what you want is eselectplus. You can get info on their API here http://www.eselectplus.ca/en/downloadable-content. They are pretty clueless. We went with them because at the time (2006) they were the only company we could find that would support Canadians that had recurring billing. Their API isn't complete. We actually have to do screen scraping against their virtual terminal to compensate for missing APIs.
Although I still did not build any web app, for my software I'm using FastSpring and, if I'm not mistaken, they should be usefull also for subscription based web apps.
Very good support and very good interface. It works very well.
Is there anything like Authorize.net CIM in Canada? The CIM piece is awesome because you don't store any credit card information on your server, which takes all the PCI hassle out of the equation.
Solutions like CIM only simplify PCI compliance. You're still handling the card info, just not storing it. To completely get away from handling card data you have to send your customer over to another site like PayPal to enter their payment info. A sub-optimal user experience.
That being said, it's less likely for someone to sniff the info as it passes through your server's RAM than if it was stored on disk.
This is true but if you use Recurly you can swap merchant accounts as you need as they store your CC numbers. That plus TransFS is a powerful combination.
e-xact: ruby on rails based group out of Vancouver, check out their hosted checkout product which is what we use so we don't need to store credit cards ourselves and avoid all that PCI BS:
I've used e-xact for a few different projects. Never had any problems with them, and they're relatively developer friendly (I wrote the Business::OnlinePayment::Exact module on CPAN).
One thing to be aware of, though. It is nigh impossible to get a USD American Express merchant account in Canada. If you plan to charge exclusively in USD, this can be a real problem, as you won't be able to take AmEx. We're soon going to go through the hassle of setting up an account at authorize.net or Braintree so we can take AmEx -- too many of our customers insist on paying either by AmEx or cheque.
For more info about the USD-AmEx-in-Canada problem, see: http://www.freshbooks.com/blog/2008/09/25/freshbooks-now-acc...
Note that it is possible to use a US payment processor for a Canadian company. The two things you need to do are:
a) Get an EIN (we haven't yet done this, but apparently it isn't too difficult, even for foreign corporations)
b) Open a chequing account at a US bank. We've done this using Harris Bank (http://harrisbank.com). Since they are a subsidiary of BMO, they are used to opening accounts for Canadian businesses.