Skip navigation
All Places > In the News > Blog
1 2 3 4 5 Previous Next

In the News

163 posts

These days, payments can be done multiple ways: EMV, credit, mobile wallets (Apple Pay, Android Pay, etc.), to name just a few.

 

This flexibility of payment options is great in most respects, but it creates challenges for developers. How can they write a single app that integrates all payment options? And how can they keep transactions secure, no matter which type of payment method their applications use?

 

The triPOS Cloud API is a tool that can help answer these questions. It provides access to a turnkey payment processing solution that supports all major payment methods, including EMV, credit, PIN debit and mobile wallets (Apple Pay, Android Pay, etc.). The triPOS Cloud interfaces with custom business management software via a REST API.

 

This tutorial provides an overview of integrating with triPOS Cloud payment processing and Express, a server-side web service. You will learn how to quickly process a payment transaction using a specific REST API.

 

The Payment Processing Environment

The triPOS Cloud payment processing environment contains the following elements, as illustrated in Figure 1:

 

  • triPOS Cloud - the API
  • Merchant environment - POS, router and PIN Pad
  • Express Gateway - API gateway

 

By using the API during certification, a physical PIN pad is not necessary. A null simulator can replace the PIN Pad. However, you still need an Express test account to interact with the Express Gateway.

 

Figure 1

 

We will now discuss how you can process a sample sale request within minutes.

 

Step 1: Apply for an Express account

First, apply for an Express test account at http://www.elementps.com/Create-a-Test-Account. This will give you the account information to add to the headers of your API request.

 

After your application is accepted, you will receive the following account information to add to the headers of your API request:

 

  • AccountID
  • AccountToken
  • ApplicationID
  • AcceptorID

 

You will also receive the Express test URLs and other important documentation for working with the triPOS Cloud and Express gateway.

 

Step 2: Build your API request with a REST client

 To build the API request, we will use a third-party REST client: the Advanced REST client (ARC).

 

The triPOS Cloud accepts JSON-formatted request messages and returns responses in the same format as the request.

 

Each request is identified by a transaction type and is accompanied by data elements belonging to the request. Keep in mind that a typical triPOS Cloud request is simpler than an Express request because card information is not included. Card information is obtained downstream via direct interactions between triPOS Cloud and the PIN pad.

 

Each request requires a header with specific fields:

  • If the request is a POST/PUT request, it needs parameters to be sent in the request body.
  • For GET and DELETE, any parameters will be sent up in the URL’s query string.
  • For any type of request, some values such as PaymentType may be sent in the URL. For more info, see the API documentation.

 

In Step 1, you received the values for building the API request header. Build the header as shown in Figure 2 under the ARC Headers tab.

 

 Figure 2

 

To build the API body, you have to switch to the ARC Body tab as shown in Figure 3.

 

Figure 3

 

Construct the request as shown in Figure 3.

Step 3: Run your API request with the REST client

 Run your API request by simply clicking the Send button in the upper right corner.

 

Step 4: Analyze the response

If everything is successful, an HTTP-200 response is returned, as shown in Figure 4.

 

 

Figure 4

 

Now run the request a second time.

 

You will get an HTTP-400 response as shown in Figure 5, because your request-id should be unique with every request you make.

 Figure 5

 

But how can we make a valid request-id/UUID?

With the Online UUID Generator Tool (use version 1) we can retrieve a valid UUID. When adding this in the request it will give a successful response.

 

Let’s change the request URL to the production URL (https://tripos.vantiv.com/api/v1/sale) and run the request again.

 

The response will be an HTTP-401 as seen in Figure 6.

 

Figure 6

 

This is expected because you have a test account, not a production account, and you are therefore not authorized to use the API in production.

 

Conclusion

We successfully processed a sample sale request and also discussed the main error messages you can expect when the sample sale request is not correct. This quick review showed you just a small bit of the triPOS Cloud API. The triPOS cloud API is further described in this Swagger specification.

 

About the Author:

Cordny Nederkoorn is a software testing and marketing consultant with over 10 years of experience in finance, e-commerce and web development. He is also the founder of TestingSaaS, a testing and marketing agency for companies related to Software as a Service (SaaS).

 Adopting a P2PE solution is a great start to securing your retail payments, but it isn’t the end of your security responsibilities as a merchant organization. You still need to enforce best practices for developing in-house applications that interact with the P2PE system, and control the in-store retail experience to ensure security at every level.

 

Here is a checklist that can help merchant organizations and their developers ensure the key parameters are in place when building apps that involve P2PE payment processing: 

 

1. Be familiar with the PIM

The P2PE implementation manual (PIM) is an important document that is provided by a P2PE solution provider to their customers. Across the P2PE lifecycle, the PIM is the key responsibility of the customer. The P2PE provider is responsible for every other step of the payment cycle. Being familiar with the PIM will come in handy not just to troubleshoot minor day-to-day issues that arise, but to also respond quickly in an emergency. Knowing your way around the system is key to responding appropriately to an attack, and the PIM makes this possible.

 

2. Compliance needs real-time monitoring

There are many regulations to adhere to when handling payments. It takes a dedicated compliance process to ensure these regulations are enforced at every point of interaction in the app.

 

This is a challenge in today’s distributed cloud-native apps. There are numerous API-based integrations, and each of them should be reviewed to ensure they are secure. The system is dynamic, with integrations being added and removed on a daily basis. As the system changes, these events should be monitored for compliance. This requires real-time monitoring that takes into account new components as they’re added. Every event and activity that occurs in the app should be reviewed to enforce compliance and stored in an archive for auditing at a later point.

 

3. Update to the latest versions

Security patches are the main reason to keep your application components and PCI-P2PE version updated. With new threats arising frequently, the best thing you can do to enforce security is to keep your system updated. This includes software updates and replacing outdated hardware like PEDs.

 

4. Never store customer information in plain-text format

 

Never ever (ever) store customer data in plain text format

 

The whole point of P2PE is that it enforces strong defaults for encryption and decryption of card data and customer data starting from the PED (PIN Entry Device) and every step thereafter. If by any chance customer data or card data enters your system at any point of the payment cycle, or in any part of the application, it’s important to not store this data in plain-text format. This makes the data open for misuse. Instead, set up a way to monitor these events in real-time, and either encrypt the data or erase it automatically. Remember that these events should also be recorded for auditing purposes.  

 

5. Get certified by an external QSA

Though P2PE systems put the onus of security on the P2PE vendor, you still need to do due diligence to examine your system regularly. An external QSA (Qualified Security Assessor) doesn’t just help to catch potential vulnerabilities, but can also advise on optimizing system performance to quicken transactions, simplify workflows, and reduce the scope of PCI DSS audits.

 

6. Exercise caution with new payment types

With the advancement of mobile technologies, new payment methods like NFC are emerging. They are opportunities to enrich the customer experience, but they also need to be monitored for new types of security threats. Emerging technologies are prime targets for hacking, as there may be loopholes that are yet undiscovered. Appropriate defense requires monitoring with the help of machine learning.

 

7. Leverage machine learning

 

How machine learning algorithms help detect fraud

 

Combating payment industry fraud is all about the use of data. To come out on top, merchant organizations and vendors need to be able to use data better than the criminals. The only way to counter today’s complex attacks is to use machine learning.

 

Machine learning lets merchants and vendors identify attacks from patterns and anti-patterns that emerge from data — which could be a new transaction from a strange location, suspicious IPs, a sudden rise in the number of transactions on a card, and numerous other parameters.

 

ML algorithms can help spot threats and identify the sources as well. When considering a payments vendor, assess their machine learning capabilities and consider using a third-party security solution if required.

 

8. Separate retail and online payments

P2PE is specifically designed for managing retail payments. It is not meant for eCommerce transactions. It’s important that you enforce clear separation of concerns here. If the same product is available in-store and online, you’ll need to maintain inventory status in real-time and system-to-system communication to avoid conflicts between the two channels. Additionally, a data breach in the eCommerce portal may just affect retail, and vice versa. Hence, security measures should be compartmentalized when needed, and comprehensive at other times.

 

In conclusion, P2PE greatly assures security for retail payments, but simply opting for a P2PE vendor doesn’t automatically guarantee security. It takes a shared responsibility between you as a merchant organization and your P2PE vendor. By following this checklist, you can ensure your P2PE lifecycle is compliant and secure end-to-end. 

 

Related: 

Browser frames — also known as iframes — have been around since Netscape introduced them in 1996. Back then, iframes were sometimes used in ways that appear wacky by modern standards, such as for the structuring of content on a web page.

 browser iframes have been around since 1996

 

As a result of practices like these, iframes have gained a negative reputation in some quarters. Some developers dismiss iframes as “the web programming equivalent of the goto statement” — a hack that you use when you have to, but not an elegant solution or a best practice to follow.

 

some developers dismiss iframes 

But such criticisms of iframes are not really fair. It’s true that, like any technology, they can be abused and misused. That does not mean, however, that iframes do not have legitimate uses — some of which make them the best solution to a given web programming challenge.

 

One ideal use case for iframes is the integration of a hosted payments page into a website. Let’s take a look at why iframes are a good solution in this scenario.

 

What is a hosted payment page?

A hosted payment page is any type of web page that allows a user to make a payment online.

 

Hosted payment pages typically have to do three main things:

 

  • Accept payment information from a debit card, credit card or other payment method
  • Pass the payment information securely to a server that processes it
  • Receive and display information about the transaction to the end-user

 

Benefits of using an iframe for hosted payments

What do hosted payments have to do with iframes? The basic answer is that iframes provide an easy way to integrate a payment page into a website with minimal fuss and security risk on the part of the developers who are implementing the website.

 

More specifically, using iframes for hosted payments provides several distinct benefits for developers and end-users alike:

 

  • It’s easy for developers to implement. Typically, they only need to include a small amount of code within their website to insert the payment page within an iframe. They simply set up the iframe; the payment provider handles the rest.
  • End-users never leave the main website. Although they technically pay via a different website (the one running inside the iframe), from their perspective, they remain on the same page and site. This helps to keep users confident about the security of the payment they are issuing, since navigating to a different site could leave them concerned about whether they can trust the payment site. It also simplifies the overall payment experience.
  • Iframes mitigate the risk of users navigating away from a page before payment is complete. If you move users to a new website to submit a payment, they may become confused and press the back button or otherwise navigate away from the new site. Doing so can interrupt the payment process — and it poses an especially greater challenge if the payment is already in progress. By keeping the payment within an iframe on your site, you avoid unintended navigation issues.
  • You can update your website without worrying much about how the changes will impact the hosted payment page. As long as you leave the iframe in place, changes to the rest of the site are unlikely to impact payments processing.
  • Iframes are flexible and easy to configure. A few lines of CSS or element property definitions suffice for defining the size, layout and other features of an iframe. You can therefore easily customize how a hosted payment page appears within your website.
  • You can have the payment page time out without disrupting the overall site. This is useful in cases where a customer starts a payment but does not complete it in time. You don’t want to leave the payment page open indefinitely, because that would be a security risk. But you also don’t want your entire website to time out and shut down automatically, because that would reduce the likelihood that the customer will come back later and complete the payment. By placing the payment page inside an iframe, you can easily have just that element time out, but keep the rest of the site running and ready for the customer to use.
  • Iframes make it easy to support different screen sizes and layouts, without having to worry about the specifics of the payment page content. If your iframe is not large enough to display the entire payment page at once, or your end-user’s screen is too small, the browser will automatically create scroll bars to make content visible. In this way, iframes make it easy to integrate hosted payment pages that work well with a variety of different devices and screen types.

 

The bottom line: Iframes provide an easy, flexible and secure way to make hosted payment pages available with minimal effort on the part of your developers — and they simplify transactions for your customers.

 

About the Author:  

Chris Tozzi has worked as a journalist and Linux systems administrator. He has particular interests in open source, agile infrastructure and networking. He is Senior Editor of content and a DevOps Analyst at Fixate IO. His latest book, For Fun and Profit: A History of the Free and Open Source Software Revolution, was published in 2017.

Why You Should Share Code on GitHub

GitHub is a massively popular tool among developers these days — and with good reason. It offers all of the functionality of Git, and much more to boot. Indeed, GitHub has become so important to modern software production that if you’re not using it, you’re likely making a mistake.

 

Let me explain. In this article, I’ll discuss all of the benefits of sharing code via GitHub. This will illuminate why many open source projects (plus some non-open source projects) are hosted on GitHub and why the platform has become the default code-sharing solution for software projects.

 

The Sheer Number of Developers and Projects

 

GitHub has over 31 million developers around the globe

 

Let’s face it — Most programmers are already familiar with GitHub. It is, therefore, imperative to share code on a platform most contributors are familiar with. Currently, GitHub has over 31 million developers around the globe (more in 2018 alone than GitHub’s first six years combined), 2.1 million organizations, and 100 million repositories. The stats are only getting better each year.

 

The benefits that come with this is that a project is open to contributions from developers all over the world. Some projects on GitHub start with only a few contributors, but rapidly grow to having hundreds, if not thousands, of developers working on them. This way, bugs get fixed quicker, updates are released frequently, and project continuity is ensured.

 

Available Integration Options and Apps

One thing that makes GitHub very powerful and attractive to developers is the integration options it provides with apps and other services via the GitHub Marketplace. Integrations allow developers to supplement the functionalities provided by GitHub. You can possibly connect GitHub to your existing tooling and work without having to exit first. But it doesn’t stop there — GitHub also allows developers to create custom apps for their own needs using GitHub’s API.

 

Code hosted on GitHub can easily be linked and used on other platforms. With the click of a button, you can effortlessly turn a GitHub repository into a fully functional application on platforms like Heroku, Azure, or AWS. GitHub provides far better integration support than many other similar hosting platforms.

 

Catch Vulnerabilities with Security Alerts

Many projects have dependencies. Dependencies sometimes introduce vulnerabilities. And vulnerabilities, if not patched early enough, expose us to serious security risks. GitHub helps developers catch vulnerabilities in dependencies by notifying them of known vulnerabilities. Admins receive vulnerability notifications and can add others to the list. Additionally, fixes to some vulnerabilities are proposed, and sometimes safer versions are selected automatically using machine learning.

 

The GitHub security alert feature is very useful, and ensures that developers build quality applications that are safe. As a programmer, you can enjoy the benefits of being notified of vulnerabilities and possible solutions.

 

Resolve Issues and Improve Code Quality

Another feature that makes GitHub very appealing to developers is Issues. Issues is GitHub’s own bug tracker. It helps note ideas, bugs, tasks, and enhancements for a project. Once code is shared on GitHub, that’s not the end, as software is rarely ever written once. Code evolves, and Issues enables its evolution by allowing contributors to suggest ideas to projects and report bugs.

 

GitHub Issues takes collaboration to a different level. Because ideas and bugs can be suggested with Issues, contributions to projects are not limited to only the code-savvy. With millions of developers on the platform, project ideas can quickly be turned into features, and bugs can be completely eradicated.

 

The list could go on and on. GitHub is truly a boon (for open source projects especially). With Microsoft now owning the platform, we can expect even more from GitHub.

 

Closing Thoughts

For the record, GitHub may not be the perfect fit for every developer or every situation. For example, if you’re developing code that is not open source and that has high security or privacy needs, you probably don’t have anything to gain by putting it on GitHub, even in a private repository.

 

By and large, however, it’s hard to think of situations where GitHub is not advantageous. It’s easy to see why there has been a surge in the number of companies embracing the open source approach. The integration choices, the number of developers on the platform, security features, and issue reporting system (to mention just a few main items), make GitHub the first-choice platform for sharing code. 

Sick of hearing about New Year’s resolutions you know you won’t keep because they’re too darn hard? Here’s an easy one for you: make your bed.

 

Make Your Bed: Little Things That Can Change Your Life ... and Maybe the World

 

If you want to know why I make that recommendation, read my notes from Make Your Bed by Admiral William H. McRaven. The book is an expansion of the commencement speech Adm. McRaven gave at the University of Texas in 2014. (You might have seen it on YouTube; it has over 7 million views.)

 

Below are insightful excerpts from Make Your Bed: Little Things That Can Change Your Life … and Maybe the World that I hope will steer you and your team towards a more productive and rewarding future.

 

The 10 lessons I learned from Navy SEAL training

 

  1. Start your day with a task completed. Making my bed correctly was not going to be an opportunity for praise. It was expected of me. It was my first task of the day and doing it right was important. It demonstrated my discipline. It showed my attention to detail.
  2. You can’t go it alone. It takes a team of good people to get you to your destination in life. You cannot paddle the boat alone.
  3. Only the size of your heart matters. SEAL training was always about proving something. Proving that size doesn’t matter. Proving that the color of your skin wasn’t important. Proving that money didn’t make you better. Proving that determination and grit were always more important than talent.
  4. Life’s not fair — drive on! Life isn’t fair and the sooner you learn that the better off you will be.
  5. Failure can make you stronger. In life you’ll face a lot of failures. But, if you persevere, if you let those failures teach you and strengthen you, then you will be prepared to handle life’s toughest moments.
  6. You must dare greatly. The British Special Air Service’s motto was “Who Dares Wins.” To me the motto was more than about how the special forces operated as a unit; it was about how each of us should approach our lives.
  7. Stand up to the bullies. Courage is a remarkable quality. Without it, others will define your path forward. Without it, you are at the mercy of life’s temptations.
  8. Rise to the occasion. “No matter how dark it gets, you must complete the mission. This is what separates you from everyone else.” Somehow those words stayed with me for the next 30 years.
  9. Give people hope. If that one person could sing while neck deep in mud, then so could we. If that one person could endure the freezing cold, then so could we. If that one person could hold on, then so could we.
  10. Never, ever quit! If you quit, you will regret it for the rest of your life. Quitting never makes anything easier.

 

If you do these things, then you can change your life for the better … and maybe the world!

 

For more On the Edgecontent, please visit the Worldpay Partner Advantagewebsite.

 

Jim Roddy is a Reseller & ISV Business Advisor for Worldpay’s PaymentsEdge Advisory Services. He has been active in the POS channel since 1998, including 11 years as the President of Business Solutions Magazine, six years as a Retail Solutions Providers Association (RSPA) board member, and one term as RSPA Chairman of the Board. Jim is regularly requested to speak at industry conferences and he is author of Hire Like You Just Beat Cancerand On The Edge with Jim Roddy.

The New Year is just around the corner – hooray! Before we douse ourselves in optimism and egg nog, allow me to share with you insights from a book that’s bound to make you temporarily less cheery. Acclaimed business author Jim Collins wrote How The Mighty Fall “to offer a research-grounded perspective of how decline can happen, even to those that appear invincible, so that leaders might have a better chance of avoiding their tragic fate.” He continued, “It’s a bit like studying train wrecks — interesting, in a morbid sort of way, but not inspiring.”

 

Clearly this isn’t the subject you’d raise at a New Year’s Eve party, but it’s something every ISV management team should contemplate, even if 2018 was your best year ever. Wait – let me rephrase. You should contemplate these lessons especially if 2018 was your best year ever. Collins writes, “There is no law of nature that the most powerful will inevitably remain at the top. Anyone can fall and most eventually do.”

 

Here are 20 additional insightful excerpts from How The Mighty Fall that I hope motivate you to appropriately adapt your business for next year and beyond:

 

Never give in, except to convictions of honor and good sense.

 

  1. I’ve come to see institutional decline like a staged disease: harder to detect but easier to cure in the early stages, easier to detect but harder to cure in the later stages.
  2. Stage 1: Hubris born of success. Stage 1 kicks in when people become arrogant, regarding success virtually as an entitlement, and they lose sight of the true underlying factors that created success in the first place.
  3. Stage 2: Undisciplined pursuit of more. When an organization grows beyond its ability to fill its key seats with the right people, it has set itself up for a fall.
  4. Stage 3: Denial of risk and peril. Internal warning signs begin to mount, yet external results remain strong enough to explain away disturbing data.
  5. Stage 4: Grasping for salvation. How does its leadership respond? By lurching for a quick salvation or by getting back to the disciplines that brought about greatness in the first place?
  6. Stage 5: Capitulation to irrelevance or death.
  7. Organizational decline is largely self-inflicted, and recovery largely within our own control.
  8. Circuit City left itself exposed by not revitalizing its electronic superstores with as much passion and intensity as when it first began building that business two decades earlier.
  9. Great companies foster a productive tension between continuity and change.
  10. There’s nothing inherently wrong with adhering to specific practices and strategies but only if you comprehend the underlying why behind those practices, and thereby see when to keep them and when to change them.
  11. The best corporate leaders have an incurable compulsion to vacuum the brains of people they meet.
  12. From 1994 to 1998, Rubbermaid raced through the stages of decline so rapidly that it should terrify anyone who has enjoyed a burst of success.
  13. Packard’s Law states that no company can consistently grow revenues faster than its ability to get enough of the right people to implement that growth and still become a great company.
  14. Any exceptional enterprise depends first and foremost upon having self-managed and self-motivated people — the number one ingredient for a culture of discipline.
  15. Whether a company sustains exceptional performance depends first and foremost on whether you continue to have the right people in power.
  16. Reorganizations and restructurings can create a false sense that you’re actually doing something productive.
  17. The very moment when we need to take calm, deliberate action, we run the risk of doing the exact opposite and bringing about the very outcomes we most fear.
  18. If you want to reverse decline, be rigorous about what not to do.
  19. Not all companies deserve to last.
  20. Never give in, never give in, never, never, never, never — in nothing, great or small, large or petty — never give in except to convictions of honor and good sense. Never yield to force; never yield to the apparently overwhelming might of the enemy. Be willing to change tactics, but never give up your core purpose.

 

Be willing to change tactics, but never give up your core purpose.

  

For more On the Edgecontent, please visit the Worldpay Partner Advantagewebsite.

 

Jim Roddy is a Reseller & ISV Business Advisor for Worldpay’s PaymentsEdge Advisory Services. He has been active in the POS channel since 1998, including 11 years as the President of Business Solutions Magazine, six years as a Retail Solutions Providers Association (RSPA) board member, and one term as RSPA Chairman of the Board. Jim is regularly requested to speak at industry conferences and he is author of Hire Like You Just Beat Cancerand On The Edge with Jim Roddy.

I usually let book titles stand on their own, but I had to include the subtitle “Resolving the Heart of Conflict” along with The Anatomy of Peace or you might have just scrolled right past this article. I mean you’re an executive/software developer, not an army general, so what does “peace” have to do with you, right? But resolving conflict involving employees, customers, and vendors – well, that’s something you encounter most every day.

 

If you are the mess, you can clean it. Improvement doesn't depend on others.

 

The Anatomy of Peace doesn’t outline communication tactics for resolving conflicts as you might expect. Instead, the book digs below the surface and addresses our attitudes and misconceptions which cause disharmony in the first place, hence the “Heart of Conflict” subtitle. If you’re still thinking this book isn’t for you because your company culture is hunky dory because nobody yells or throws staplers, this passage from the book might change your mind: “Most wars between individuals are of the ‘cold’ rather than the ‘hot’ variety – lingering resentment, for example, grudges long-held, resources clutched to rather than shared, help not offered. These are the acts of war that most threaten our homes and workplaces.”

 

heart of peace vs heart of war

 

Here are 26 excerpts from The Anatomy of Peace that I hope bring harmony to you and everyone you engage with:

 

  1. Parties in conflict all wait on the same solution: they wait for the other party to change. Should we be surprised, then, when conflicts linger and problems remain?
  2. When they spoke, it was a kind of a verbal wrestling match, each of them trying to anticipate the other’s moves, searching for weaknesses they could exploit to force the other into submission. With no actual mat into which to press the other’s flesh, these verbal matches always ended in a draw: each of them claimed hollow victory while living with ongoing defeat.
  3. In the way we regard our children, our spouses, neighbors, colleagues, and strangers, we choose to see others either as people like ourselves or as objects.
  4. Lumping everyone of a particular race or culture or faith into a single stereotype is a way of failing to see them as people.
  5. Heart at Peace – Others are People: Hopes, needs, cares, and fears as real to me as my own.
  6. Heart at War – Others are Objects: Obstacles, vehicles, irrelevancies.
  7. Seeing an equal person as an inferior object is an act of violence. It hurts as much as a punch to the face.
  8. No conflict can be solved so long as all parties are convinced they are right. Solution is possible only when at least one party begins to consider how he might be wrong.
  9. If we are going to find lasting solutions to difficult conflicts we first need to find our way out of the internal wars that are poisoning our thoughts, feelings, and attitudes toward others. If we can't put an end to the violence within us, there is no hope for putting an end to the violence without.
  10. As painful as it is to receive contempt from another, it is more debilitating by far to be filled with contempt for another.
  11. When I see others as objects, I dwell on the injustices I have suffered in order to justify myself, keeping my mistreatments and suffering alive within me.
  12. If I think I am superior, I can excuse a lot of sins.
  13. I may not be responsible for the things he's done. But I am responsible for what I've done.
  14. Whenever I dehumanize another, I necessarily dehumanize all that is human – including myself.
  15. The question for you as the leader is whether you are going to create an environment that is as enjoyable for your people as it is for you – a place that they are as excited about and devoted to as you are.
  16. If you are the mess, you can clean it. Improvement doesn't depend on others.
  17. Five questions that will help you to ponder your situation anew:
    1. What are this person's or people’s challenges, trials, burdens, and pains?
    2. How am I, or some group of which I am a part, adding to these challenges, trials, burdens, and pains?
    3. In what other ways have I or my group neglected or mistreated this person or group?
    4. In what ways are my better-than, I-deserved, worse-than, and need-to-be-seen-as boxes obscuring the truth about others and myself and interfering with potential solutions?
    5. What am I feeling I should do for this person or group? What can I do to help?
  18. When we have recovered those sensibilities towards others, we must then act on them. We need to honor the senses we have rather than betray them.
  19. What would be a problem is to insist that others need to change while being unwilling to consider how we ourselves might need to change too.
  20. Correction alone rarely gets others to change.
  21. Correction is by nature provocational.
  22. When our correction isn't working, we normally bear down harder and correct more.
  23. Teach and communicate: It is no good trying to teach if I myself am not listening and learning.
  24. Learning keeps reminding us that we might be mistaken in our views and opinions.
  25. Peace is invited only when an intelligent outward strategy is married to a peaceful inward one. If we don't get our hearts right, our strategies won't much matter.
  26. May you have the honesty and courage to do what our homes, our workplaces, and our communities most need: to see all as people — even, and perhaps especially, when others are giving you a reason not to.

  

For more On the Edgecontent, please visit the Worldpay Partner Advantagewebsite.

 

Jim Roddy is a Reseller & ISV Business Advisor for Worldpay’s PaymentsEdge Advisory Services. He has been active in the POS channel since 1998, including 11 years as the President of Business Solutions Magazine, six years as a Retail Solutions Providers Association (RSPA) board member, and one term as RSPA Chairman of the Board. Jim is regularly requested to speak at industry conferences and he is author of Hire Like You Just Beat Cancerand On The Edge with Jim Roddy.

when you are at a party - and no one wants to talk payments meme
 
In your mind what would be the outcome if a crowd of 500 payment geeks spread out in a large banquet room in Vegas for 36 hours? Do we truly understand the problems we are being asked to solve? Do we have visions of grandeur and want to pitch something revolutionary to get some coin? Or are we really anxious to see the actual APIs that the sponsors will be revealing that can be tied into our product for the ultimate win?
 
For the past five years; developers, designers, and entrepreneurs flock to Vegas late October to mingle with their peers and accept a themed challenge relating to payments and FinTech. This is Money2020 Hackathon.
 
Some are serial hackers that make the circuit, eager to win so they can pay for a future tank of gas to get them to a future hackathon. Some are students looking to test their skills and get real-world experience and rub elbows with key industry players. While others just want to get away and spend a nice sobering weekend freaking out and stressing over what the hell to do to make payments rad. Can you guess which category our team fit?
 
I won’t bore you with what Money2020 is, you can look it up. I won’t drone on about what a hackathon is either, you can figure that out too. What I will talk to you about is what we learned and in turn ask you to give feedback on innovation and FinTech in the comments below.
 
The Story 
It was a warm Colorado afternoon in early October when a group came together over a working lunch to put aside the day-to-day talk of payment-processing, back-office application sprint planning, and the usual dev chatter around all things relating to individual technical work as a payment geek and engineer. It was time to secure our war-room, erase the spaghetti and database diagrams from the whiteboard, and get a jump start on collectively ideating for the annual pilgrimage to the Money2020 hackathon.
 
"For good ideas and true innovation, you need human interaction, conflict, argument, debate."   - Margaret Heffernan
 
Have you ever tried to loosen a machine bolt and find that you just can’t get enough leverage to break free? This is generally the way our annual ideation meetings begin. At home I have penetrating oil that I can spray the bolt head with, wait a few minutes and generally it will loosen up. After 5 years, we still don’t know what our favorite penetrating oil is, but after a couple of lunch-time meetings we somehow manage to get that rusted bolt loose and can start ideating.
 
Our team is very intelligent and capable of implementing and designing just about anything, and now that we had our idea we needed to determine our technology stack. Do we go-for-broke and attempt to learn something new or do we stick to our wheelhouse and forgo any language-centric or environmental gotchas. Knowing that there would still be gotchas. There are always gotchas. 
 
So after some debate, the team decided to stick with what we knew best and start building out a test environment. The goal was to make sure when we access those infamous APIs come game day, we could easily hook into them and get the information we needed back to help drive our solution. 
 
“There’s a way to do it better—find it.”   - Thomas Edison
 
Our idea was still evolving, but the basic foundation was in place, and we knew what we were going to build it in. The next step? Well given that we all have families and lives outside of work; plus the fact that we only had a handful of working lunches to ideate and test environments the next step was - to board the plane of course. 
 
After landing in Vegas we headed over to the meet and greet, had a few appetizers, Goose Island IPAs, and chatted with the four sponsors. Our idea still held up when pitching to peers and sponsors alike at the party, so we headed to our rooms to prep a little bit and get a good nights sleep before coding was to begin around 11am the next morning. 
 
"Ideas are like rabbits. You get a couple and learn how to handle them, and pretty soon you have a dozen.”   - John Steinbeck
 
After very little sleep due to a wild party in the hotel room next door, the team met in the banquet hall the following morning and secured our table and checked in with the sponsors. Once the clock started we began our coding and we certainly ran into challenges and had to pivot some along the way. Many hours into the code we found that one of the original ideas that we glossed over in one of our "rusted-bolt" war-room meeting the week before came to surface and we decided to pivot and work on that idea alongside our original plan. 
 
Confident then that we could pitch to (2) sponsors, doubling our chances of failure. 
 
“I want to put a ding in the universe.”   - Steve Jobs
 
I love innovation and I love working with people I don’t get to everyday in order to learn and grow not just professionally but as a human as well. Each year there are new faces that go with us to the hackathon and it is such a great experience. My advice is to get out of your comfort zone on occasion, it really can do wonders. 
 
Code Or It Didn't Happen
 
So you notice I didn’t talk at all about our idea or what we pitched. I first wanted to give you inside access to the repo and see the code for yourself. We will do a followup article if there is interest, but until then let us know what you think and ask questions below in the comments or tell us perhaps about a payment or hackathon experience you have had in the past. Also, should Worldpay do a hackathon for you guys as payment developers? Could be virtual or would you like to all met in Denver and code to some of our Worldpay APIs? We would like to know your thoughts.

 
“99 percent of success is built on failure.”   - Charles Kettering
 
We didn’t get to pitch our idea on the main stage or win any foam-core board checks that would not have fit in the overhead bin anyways. What we did come away with some great new ideas and will be spending some working lunches over the next few months bringing them to life and hope to share with you sometimes soon.


Next week, Money20/20 is putting on the best Fintech hackathon in the world, and Worldpay is sending 5 of our own to compete. The challenge: to design solutions for a simpler, fairer, and more inclusive financial system for businesses and society as a whole. 

 

The team will be competing for $100k in cash prizes as well as for fame and glory.

 

Meet our team: 

 

The Worldpay ONE Money20/20 Hackathon team

 

(From left to right) 

 

Arjun Balaji, Worldpay Senior Software Engineer, and Francophile

 

Specialty: Clean coding enthusiast

 

What are you looking forward to at the Hackathon? 

I'm looking forward to the exciting discussions and all the crazy ideas that come out of it.  

 

What is your favorite thing in the world right now? 

I'm trying to learn French, so most things French. 

 

Andrew Harris, Worldpay Senior Product Marketing Manager and flaky pastry fanatic

 

Specialty: the developer experience

 

What are you looking forward to at the Hackathon? 

This is THE hackathon for finTech and payments - My fifth year participating at some capacity and I really get stoked watching the finalist on stage present their ideas at the end of the event with little to no sleep. The passion and technical talent wafts though the air and energizes me, making me realize payments is far for boring. I guess that is what I look forward to the most from this event, oh and I can’t wait to get a pastry for Paris Baguette in The Venetian. 

 

What is your favorite thing in the world right now? 

My favorite tech thing in the world right now are chatbots. I know, most consider them wack but I think bots will turn the virtual corner and be in the face of all of us before we know it. I remember a time when people didn’t like Amazon either. Bots can come in many forms and as a designer, no-UI has always intrigued me.

 

Alec Paulson, Worldpay Senior Software Engineer and Ghost Protocol team member

 

Specialty: Full Stack Man

 

What are you looking forward to at the Hackathon? 

Getting some sleep since I ain't gonna be there #ghostprotocol

 

What is your favorite thing in the world right now? 

My favorite thing right now is find amazing ideas in emerging areas of tech like AI, machine learning and blockchain. 

 

Scott Sievers, Worldpay Database Administrator and team player

 

Specialty: Purveyor of Data

 

What are you looking forward to at the Hackathon? 

I look forward to ideating through new product/app ideas with teammates and seeing what we can come up with.

 

What is your favorite thing in the world right now? 

Spending time with family and cycling. 

 

Jeremy Buikema, Worldpay Software Engineer and miniature donkey rider

 

Specialty: Writing simple and clean code

 

What are you looking forward to at the Hackathon? 

I'm looking forward to learning/creating something new and hanging out with the crew.

 

What is your favorite thing in the world right now? 

My favorite thing right now is hanging out at home with all 7 of my animals (2 cats, 2 dogs, a bunny, a horse, and a miniature donkey). We just got a new cat and he has fallen in love with our bunny. Watching them play is terrifying and one of the cutest things I've ever seen.

 

Will you be at Money20/20? Let us know in the comments!

Congrats to the winners of the Developer Survey drawing!

 

We randomly selected 3 winners from our Developer Survey participants. These lucky, lucky winners will receive a sweet $100 Amazon gift card!  

 

Congrats to:

ajohnstone

frank

jodi@vinbalance.com

 

Haven't entered the survey yet? There's still a chance to win $500. Increase your odds by taking all 3 surveys: 

 

Stay tuned to this space for the survey results! 

Naysayers never built a great enterprise.

 

A conversation I had with the owner of a Worldpay ISV partner three months ago went something like this:

  • ISV: “There’s this great salesperson I’ve known for years – he’s the kind of guy who could open lots of doors for us. I’ve been trying to convince him to join our team for six or seven weeks now, but he’s still not sure.”
  • Me: “Wouldn’t you prefer to have someone who might have less relevant experience but really wants to work for you? Wouldn’t you prefer to have someone who’s excited about the job and your company? If you’re begging someone to join you, you’re probably going to have to beg them to stay.”
  • ISV: “I hadn’t thought of it that way. I’ll have to think about that.”

 

I reconnected with that same ISV executive just a few weeks ago, and our chat went something like this:

  • ISV: “I hired a salesperson. I’ve known her for a while and she always spoke highly of our company, but I hadn’t considered her because her experience wasn’t in our industry. But when I mentioned the job, she jumped at the opportunity. She said, ‘I would love to sell software. I would love to work with you guys.’ What was supposed to be a dinner turned into a four-hour conversation about strategy and growing my business.”

 

Because passion can’t be found on a resume, many hiring managers don’t go looking for it. But if you hire someone without a passion for your company, your values, your culture, your product, your industry, etc. you’re likely going to be disappointed in their performance and will be looking for their replacement soon.

 

Instead of me haranguing you more about passion, let’s hear from former Starbucks CEO Howard Schultz in excerpts from his book Pour Your Heart Into It: How Starbucks Built a Company One Cup at a Time:

 

(Note: These 36 excerpts have been whittled down from the original list of 120 quotes I highlighted in the book when I first read it in 2010. In other words, the summary below is a Tall, not a Venti.)

 

  1. Care more than others think wise. Dream more than others think practical. Expect more than others think possible.
  2. If people relate to the company they work for, if they form an emotional tie to it and buy into its dreams, they will pour their heart into making it better.
  3. My story is as much one of perseverance and drive as it is of talent and luck. I willed it to happen. I took my life in my hands, learned from anyone I could, grabbed what opportunity I could, and molded my success step by step.
  4. I’d encourage everyone to dream big, lay your foundations well, absorb information like a sponge, and not be afraid to defy conventional wisdom.
  5. Every company must stand for something. Starbucks stood not only for good coffee, but specifically for the dark-roasted flavor profile that the founders were passionate about. That’s what differentiated it and made it authentic.
  6. You don’t just give the customers what they ask for. If you offer them something they’re not accustomed to, something so far superior that it takes a while to develop their palates, you can create a sense of discovery and excitement and loyalty that will bond them to you.
  7. As boss, if you close your ears to new ideas, you may end up closing off great opportunities for your company.
  8. Naysayers never built a great enterprise.
  9. If you stop being the scrappy underdog, fighting against the odds, you risk the worst fate of all: mediocrity.
  10. Even the world’s best business plan won’t produce any return if it is not backed with passion and integrity.
  11. Whether you are the CEO or a lower level employee, the single most important thing you do at work each day is communicate your values to others.
  12. If you share your mission with like-minded souls, it will have a far greater impact.
  13. If I sense that a person lacks integrity or principles, I cut off any dealings with him.
  14. A business plan is only a piece of paper, and even the greatest business plan of all will prove worthless unless the people of a company buy into it. It cannot be sustainable, or even implemented properly, unless the people are committed to it with the same heartfelt urgency as their leader.
  15. Who wants a dream that’s near-fetched?
  16. People are not a line item.
  17. When companies fail, or fail to grow, it’s almost always because they don’t invest in the people, the systems, and the processes they need.
  18. What I tried to do was honor the individuals around me, let them paint colors and make mistakes without telling them they were wrong.
  19. Whenever I’m hiring a key executive, I look for integrity and passion. To me, that’s just as important as experience and abilities.
  20. Wall Street cannot place a value on values.
  21. The same pace and passion that made us great also at times burned people out.
  22. Sometimes what’s hardest – for me and strong-minded leaders like me – is restraining myself, allowing other people’s ideas to germinate and blossom before passing judgment.
  23. Many entrepreneurs fall into a trap: They are so captivated by their own vision that when an employee comes up with an idea, especially one that doesn’t seem to fit the original vision, they are tempted to quash it.
  24. It’s demoralizing, I know from experience, to get fired up about a great new idea only to have it dismissed by higher-ups.
  25. When things are going well, why change a winning formula? The simple answer is this: Because the world is changing.
  26. At Starbucks, we discovered along the way that sustainability is directly linked to self-renewal. Even when life seems perfect, you have to take risks and jump to the next level, or you’ll start spiraling downhill into complacency without even realizing it.
  27. Any product-oriented company has to keep reinventing its core product if it expects to prosper, let alone survive.
  28. We believed the best way to meet and exceed the expectations of customers was to hire and train great people.
  29. So much of the retailing experience in America is mediocre.
  30. When you meet with an experience at a higher level, where you are treated positively, where someone goes out of her way to make you feel special, where you’re welcomed with a smile and assumed to be intelligent, the experience stands out.
  31. Authentic brands do not emerge from marketing cubicles or advertising agencies. They emanate from everything the company does.
  32. I left the top marketing position empty for 18 months while we searched for the right person.
  33. We set out to win, no doubt about that, but our goal is to win with integrity.
  34. Even more than their stock options, baristas told us they cared about the emotional benefits they got from their jobs.
  35. The more heartfelt our commitment, the more these setbacks will hurt, but the more we’ll be capable of devising solutions that reflect our values.
  36. In the ethical vacuum of this era, people long to be inspired.

 

For more On the Edge content, please visit the Worldpay Partner Advantage website.

 

Jim Roddy is a Reseller & ISV Business Advisor for Worldpay’s PaymentsEdge Advisory Services. He has been active in the POS channel since 1998, including 11 years as the President of Business Solutions Magazine, six years as a Retail Solutions Providers Association (RSPA) board member, and one term as RSPA Chairman of the Board. Jim is regularly requested to speak at industry conferences and he is author of Hire Like You Just Beat Cancer and On The Edge with Jim Roddy.

gjsissons

Interchange for Dummies

Posted by gjsissons Oct 3, 2018

A Primer on Card Processing Fees

 

For developers who have worked mostly with gateways, coding to a payment processor can be a different experience. The interfaces can feel a little more complicated, but it turns out that understanding arcane topics like interchange fees, assessments and discount rates vs. interchange plus is worth the effort - especially as payment volume scales. If you’re wondering why this is, read on - you’ve come to the right post!

 

Interchange

 

interchange

 

In payments, interchange refers to the fees that are paid by the merchant’s bank (or the acquirer in industry lingo) to the cardholder’s issuing bank. These fees are set by the card brands and compensate the issuer for going to the trouble of qualifying consumers, issuing cards, handling transactions and taking on the risk involved in offering a line of credit.

 

The money moves from the acquiring bank (the bank handling the front-end of the transaction) to the issuing bank (the bank issuing the card), but fees are ultimately passed on to the merchant.

 

The card brands usually update interchange rates twice per year, and at the time of this writing, the links to latest fee structures for VISA and MasterCard are provided below:

 

 

A casual look at these schedules will confirm what you probably suspect – the policies are complex, and every transaction is potentially different subject.  Rates charged by the card brands depend on a variety of factors:

 

  • Card present vs card not present
  • Type of card, and nature of associated reward programs
  • Merchant performance thresholds – minimum volume, chargeback ratios and the like
  • Industry, type of business, purchase location
  • Various fee programs (Commercial Level III, Commercial CNP, GSA Large Ticket)

 

Swiping your basic VISA card at a large, well-known supermarket (at the time of this writing) costs 1.15% plus 5 cents per transaction.  Swiping your VISA Infinite card at a restaurant results in interchange fees of 2.4% + 10 cents per transaction (more than double). Interchange rates can dramatically affect a merchant’s costs.

 

Assessments

 

In addition to the interchange fees described above, card networks charge an assessment fee for each transaction.  The point of an assessment fee is to provide a source of funding for the card networks to maintain their infrastructure.  A quick Google of “VISA Assessment Fee” shows an assessment rate is 0.13% for credit and debit cards. Assessment fees can change with time, vary by jurisdiction and be different for different card brands. Assessments are paid by the payment processor/acquiring bank, and like interchange fees, these costs are passed onto the merchant.

 

Payment Processing Fees

 

As you’ve probably realized, interchange fees and assessments don’t benefit the payment processor.  They only benefit card companies and card issuing banks.  Typically, payment processors contract with the merchant for additional  processing fees. Usually these fees are per-transaction and may vary by transaction type.  The processor may also include additional fees for value-added services you elect to use, such as account updating or enhanced security offerings that can benefit merchants in other ways, such as reducing chargebacks, or minimizing declined authorizations.

 

Discount Rates vs Interchange Plus

 

Most of us are conditioned to appreciate a good discount, but in payments the story is more complicated. Processors determine discount rates by examining a number of factors, including MCC, average ticket price, and risk factors among others. From this info, processors negotiate with you a discount rate that accounts for the mix of interchange, assessments, and other fees, along with their profit margin. For example, imagine an internet gateway charging a discount rate of 2.9% + $0.30 per transaction  On a hypothetical $100 card purchase, this would cost the merchant $3.20 as shown below:

 

gateway_pricing_model.PNG

Now imagine the same transaction subject to an interchange plus fee structure.  In interchange plus, the processor passes through interchange, assessments, and other network fees without change. The processor then adds a per transaction fee, as well as any fees for value added services you elect to use. In this second scenario, the actual costs of interchange fees will vary with every transaction, but a typical transaction might look like the following:

 

processor_pricing_model.PNG

This is not to say that one pricing model is better than the other, or that an interchange plus fee structure will always be less expensive, but the approaches are different.  Payment providers who offer a discount rate, are providing merchants with simplicity and predictability, but arguably at the price of transparency.  Interchange fees and assessments still apply behind the scenes, and the payment provider is taking a risk because they could potentially lose money on some transactions. When offering a discount rate, the payment provider earns their margin on the difference between the discount rate offered to the merchant and the actual underlying fees they pay to facilitate the payment including interchange, assessments and processing fees.

 

While discount rates are simple, they are not transparent to the merchant. The merchant understands their total cost, but they don’t have visibility to how much of the cost is due to interchange, assessments or earnings retained by their gateway providers or processors.

 

To gain transparency, larger merchants often prefer interchange plus pricing schemes.  While they can be more complex to understand, they do allow merchants to analyze their payment transactions and understand the cost components of each transaction in detail.  With visibility to all sources of cost, merchants can take steps to avoid excessive fees including understanding what types of transactions are the most or least costly and taking steps (including coding applications differently) to reduce costs where possible.

 

Processing fees matter

 

To state the obvious, processing fees matter. For a small business transacting $5M annually, a 50-basis point reduction in average fees can yield $25K to the bottom line – enough to hire a part time employee or lease a couple of vehicles.  For a national retailer, analyzing and understanding fees is even more consequential.

 

Because the amounts are so substantial, larger merchants will often negotiate for lower discount rates, or prefer interchange plus pricing where they have visibility to their fees.  With visibility to fees, merchants can take steps to address sources of cost including coding transactions differently.

 

How does this impact the developer?

 

the way you code payment transactions can affect your business's bottom line.

 

Basically, how you code payment transactions matters because decisions you make can affect Interchange rates for a particular transaction.  Following card brand rules is essential to not only minimizing fees, but reducing instances of fraud and chargebacks as well. As examples:

 

  • For card not present transactions always perform an AVS (Address Verification System) check. Simply performing an AVS check can result in better interchange and also acts to deter fraud.
  • Providing detailed metadata in payment transactions (like industry types, terminal types, electronic indicator codes and commercial card IDs) can also help merchants obtain more favorable interchange rates. If this information is not provided, card brands will err on the side of caution, defaulting to higher rates.
  • For B2B applications, collecting and passing data fields required for Level II or Level III transactions can help reduce interchange rates further.

 

For developers, to minimize merchant costs, it is important that their payment SDK or API provide the ability to accept and pass on as much of this supplementary metadata as possible. Worldpay’s triPOS and Express APIs for card present transactions are good examples, as both allow for extensive metadata collection including things like freight, duty, taxes, ship-from and destination zip codes, and a variety of other items that affect interchange fees.

 

To learn more about Worldpay APIs for point of sale developers including the triPOS and Express platforms described above, visit our Point of Sale Integrations resource page.

 

For similar resources for card not present and mobile payment integrations, check out our developer eCommerce resources.

 

Thanks to Tom Boumil and Dan Ourada for their valuable contributions this this article.

Last year, 85%-90% of all business assets were digital. The average security breach costs U.S. businesses an average of $7.35 million, making information security a top strategic priority for modern businesses. Plus data breaches can end up costing much more in the long-term from reputational damage and brand erosion.  

 

Point-to-Point Encryption (P2PE) is a security development that allows businesses to remove clear text data from their network. A P2PE solution consists of a combination of validated hardware, software, applications and processes to encrypt cardholder data. P2PE ensures that confidential card payment data is encrypted at the point the payment is taken, removing the clear text data from the retailer’s network. That data is only decrypted once it’s passed to the solution provider’s secure environment.

 

P2PE uses a key management process in which every transaction is created using a unique key. This means that each transaction would have to be individually broken to gain access to sensitive data. The processing power and time to hack individual transactions to gain substantial amounts of cardholder data is incredibly difficult.

A P2PE listed solution provides businesses with access to the latest technology to protect customers’ data.

 

Make sure you can spot the difference between P2PE hype and truth with our handy infographic:

 

Dispelling the myths about P2PE

We're currently conducting the WorldPay's Developer Insights Survey - a survey to explore the landscape of developers coding for payments and commerceHere are some highlights we've collected so far: 

 

  1. Almost 75% of respondents identify as full-stack or back-end developers:
  2. About 1/3 develop computer software and nearly 1/4 are coding for into financial services:
  3. Most of the developers surveyed started coding as kids, between the ages of 10-17.
  4. Payments developers love Python (C++ is in the 2nd place).
  5. Developers choose  cats and narwhals over  dogs and unicorns
  6. 61% of payments developers use Agile development methodology
  7. Developers prefer to work in an office. Only 5% of responders work from home.
  8. When asked how long they've been coding, most professional payments developers selected "a long, long time, young padawan." 
  9.  Only 21% of survey respondents were under 30.

Thanks for reading!

If you can spare 5–10 minutes, go take the survey yourself:

Considerations when choosing a gateway integration

There are a lot of payment gateways out there, and choosing the right payment solution can be overwhelming. Especially when you consider that there is no single right answer for every business. Different developers do not need the same features, so for comparison, here's a developer's checklist of considerations  for any payment gateway integration.

 

cost per payment transaction matters

 

Developer Checklist for payment gateway integration

1) Cost per payment transaction

For most merchants, the cost is always an issue. A difference of 0.2% in an average cost per transaction may not sound like much, but for a small business with five million dollars in annual receipts, this represents $10K of lost profits.

 

Gateways often publish what is referred to as “discount rates” – for example, $2.9% plus a fixed cost per transaction with a tiered discount schedule as their volume grows. Larger payment providers may offer “interchange plus” schemes where merchants pay actual interchange fees and assessments plus an additional fixed fee for processing services.

 

These types of processing agreements may be subject to additional fees as well. While interchange plus fees can be more complex, larger merchants often prefer them because they provide visibility to the component costs of each transaction.

Understanding all the details of the fee structure including potential extra costs related to refunds, chargebacks, and miscellaneous fees is important regardless of the payment solution you select.

 


2) Percentage of transactions that complete successfully

A consideration often overlooked is the percentage of Authorizations and Captures that complete successfully on a gateway. This is arguably even more important than minor differences in the cost per transaction because failed authorizations can translate directly to lost business and a reduction of top-line revenue.

 

This is an area where the gateways offered by larger payment processors often have a significant edge over third-party gateways. Tier-one eCommerce gateways have success rates for completed transactions in the range of 95%, whereas better-known brand name gateways often fare poorly with success rates in the 80% range.¹

 

This critical conversion consideration is important for most merchants, so developers and ISVs should consider this carefully as well when choosing a gateway.

1. The Payment Gateways Report – August 2016 – Evan Bakker, BI Intelligence

 

 

3) Type of bank account required

Another consideration for any payment gateway integration is the type of bank account required for use with the payment gateway. Most gateways will require that the merchant have a merchant bank account and their own Merchant ID (MID). Other gateways essentially act as aggregators, collecting payments themselves and then distributing them to a merchant’s bank account periodically or as requested using ACH transfers.

 

This second model allows smaller merchants to use a regular bank account and get up and running quickly avoiding the need to have a MID and the fees involved with a merchant account.  PayPal and Stripe are examples of payment gateways that allow for this.

While this is an option, merchants doing a reasonable volume of sales, needing fast settlement will generally be better served by having a proper merchant account.

 

 

4) Support for card present/point of sale applications

Many popular payment gateways are built specifically for eCommerce transactions. This is logical, since most businesses adding a storefront already have established point-of-sale solutions, and eCommerce providers may not need one.

 

As the lines blur between traditional retail and commerce, however, it is useful to have a single payment infrastructure for both  and in-store payments. Not only does aggregating volume help reduce rates, this can be useful when offering capabilities like order  and pick up in-store, order-ahead, in-store refunds for purchases, and other capabilities that consumers increasingly demand.

 

Some gateways offer features required for point of sale payments such as batch processing, lane management, support for various terminal devices (card readers, EMV, pin pads etc.), and vertical application extensions for auto rental, lodging, healthcare and other industries.

For merchants that hope to use a single payment solution for both in-store and   channels, support for card present features can be important criteria when selecting a gateway.

 

 

 

5) Ease of integration and maintenance

For some developers or ISVs, ease of integration can be an important consideration. Some application gateways are developer friendly offering hosted payment pages or easy-to-use SDKs implemented in multiple programming languages. Some gateways even offer SDKs targeting specific mobile platforms like iOS or Android; supporting use-cases like in-app or mobile web wallet purchases.

 

Other payment gateways don’t offer SDKs but provide an interface specification instead (usually accessed via a REST or SOAP / XML POST API) where client applications send and receive payment transactions that they encode themselves in XML or JSON formats.

 

There are pros and cons to each solution. Some developers will prefer an SDK, but others view SDKs as problematic since they introduce a dependency on their code that can complicate the release management process. These developers would prefer to code directly to a specification where they have full control, even if it means more coding effort.

 

There is no right or wrong answer, but understanding the nature of the developer interface is also an important consideration in choosing a gateway.

 

6) Throughput & performance

Another factor in selecting a gateway is performance. Gateways often pass payment data through multiple providers, and each additional “hop” introduces latency and increases opportunities for errors or outages. Payment approval times can range from sub-second response times to several seconds or even tens-of-seconds depending on the gateway; these delays directly affect the user experience.

 

Generally, the closer the gateway is to a payment processor, the better the performance and reliability.

 


pci compliance-security-encryption-myth
7) Security, encryption and PCI scope

How the gateway handles sensitive cardholder data is another key consideration for both merchants and developers. Most gateways offer hosted payment solutions, iFrame-based solutions, or JavaScript libraries that vault credentials at the point of capture providing a low-value, non-PCI sensitive token to be used in place of the actual card number.

 

Gateways may also provide a separate token in response to a payment transaction that can be safely stored in the merchant’s database to facilitate “card on file” functionality so that consumers don’t need to rekey their card for subsequent purchases.

 

In selecting a gateway, it is important to understand features related to encryption and tokenization and avoid solutions that put the payment application in PCI scope. The same is true for gateways supporting card present solutions as well.

Ideally, the gateway should facilitate secure processing, using point-to-point encryption for any point of entry, including EMV, swiped, tapped or keyed transactions eliminating the applications need to store, handle or transmit card data.

 

The breadth of payment methods accepted – An important strategy for maximizing conversions is offering multiple payment methods. Ideally, a gateway should support payments for all major credit and debit cards.

 

Developers should also consider capabilities related to other popular payment methods like PayPal, MasterPass or Visa Checkout. Mobile wallet based payments are expected to increase in popularity in the coming years (Apple Pay, Android Pay, and others) as consumers increasingly prefer “one touch” checkout for faster speed of service both in-store and .

 

8) Breadth of payment processors supported

For ISVs, it can be advantageous to support multiple payment processors. This is often an argument for coding to a third-party gateway, for this reason alone. Some gateways have an established relationship with a single payment processor (e.g. Stripe) whereas other gateways support multiple processors (e.g. Vantiv’s Express Gateway).

There is no right or wrong answer here either, but before selecting a gateway, it is important to understand how this might constrain your merchant’s choices in terms of payment processors and banking services.

 

 

9) Multi-currency support

For  merchants selling internationally, multi-currency support is important as well. Multi-currency support should not be confused with accepting international cards. For example, a US domiciled merchant may sell goods or services to a Canadian resident where the amounts are presented and paid in US dollars, so multi-currency support is not strictly necessary.

 

Organizations selling internationally will see value in gateway solutions that allow customers to pay in their home currency however as this will increase conversions and sales.

Consumers prefer to pay in their home currency for a variety of reasons including concerns about noncompetitive currency exchange rates that may be levied by banks or credit card companies.

For merchants and ISVs, selecting the right payment gateway is an important decision. Different gateways have different strengths and weaknesses, and the right solution will depend on your unique needs and the merchants and customers that you serve.

 

For more information:  

Is Your Payment Gateway Right for Your Business? 

Top Five Integrations with a Payment Gateway 

Choosing the Right Payment API for Developers