Online payments is probably one of the hottest fields in tech right now. After a long period of quiet since PayPal debut over 15 years ago, there’s now a renaissance in this space with the rise of startups like Stripe, Balanced, WePay, Dwolla, BrainTree and many others.
I recently spent some time trying to understand the offerings by Stripe, one of the leaders in this new batch of companies, and thought I’d share what I’d learned in a blog post.
Stripe is an online and mobile payments company; its products enable anyone who sells products on a website or in a mobile app to easily accept credit and debit card payments from customers.
Stripe processes and charges the cards, and automatically transfers the collected amount to the seller’s bank account. The transfers are made daily (albeit with a 7 day delay from when the payments were originally made). Card verification and fraud prevention mechanisms come built-in, and a dashboard provides an easy way to deal with things like refunds and chargebacks (i.e. disputed charges). Nice!
Stripe also lets the merchant sidestep what’s called “PCI compliance“. To process any major credit or debit card you must be compliant with the Data Security Standards (DSS) as laid out by the Payment Card Industry (PCI) – a consortium founded by AmEx, Discover, JCB, MasterCard, and Visa. The standards were created to protect cardholder information and to prevent credit card fraud, and certainly has admirable goals, but let me tell you something from years of working in retail: achieving and maintaining PCI compliance is unbelievably painful. With Stripe, you can achieve PCI compliance by following a few simple guidelines; Stripe does most of the heavy lifting for you.
Stripe is currently available in the U.S. and Canada, several Western European countries and Australia.
One of the stand-out features of Stripe is the simplicity of pricing: they keep a 2.9% + 30¢ cut of each transaction; there is literally no other fee. Even refunds are free, and Stripe’s cut of the original charge is returned to you. (Chargebacks however cost $15, but only if the dispute is not resolved in your favor.)
Competitors like PayPal actually offer lower fees if you have sufficient volume, but this is offset by pricing complexity. Just to name a few add-on charges: a 1% additional fee for international cards, a 3.5% fee for AmEx cards, a $5/month fee for PayPal Advanced (product similar to Stripe Checkout, see below), and a $30/month fee for PayPal Pro (similar to Stripe.js). In fact, PayPal pricing is so complex that a Google search for “paypal fee calculator” returns over 700,000 results!
As Apple has shown time and again, there is tremendous value in a streamlined product offering with simple pricing, but strangely few people seem to pick up on that. Complicated and unpredictable pricing makes it difficult to both understand and predict your costs moving forward. What if you end up having more international or AmEx customers than you had initially predicted? Bye-bye revenue projections!
Like any online/mobile payment processor, Stripe has two categories of customers: merchants and marketplaces. Merchants are companies like Amazon.com or Dropbox that sell you products. Marketplaces on the other hand are companies like eBay and Airbnb that facilitate transactions between buyers and sellers (and keep a cut), but don’t actually sell anything themselves.
Checkout is a drop-in payment form where the purchase experience, i.e. the user interface, is provided by Stripe. This is the quickest way to get up and running with Stripe. Click the button below to see what Checkout looks like.
Note that the interface provides a “remember me” option that saves your email and credit card information with Stripe. This data is then auto-filled when you try to buy something else on the same site.
Interestingly, it is also auto-filled on other websites that use Stripe Checkout. As Stripe grows to become a trusted brand among consumers, this allows smaller online businesses to increase their conversion by leveraging Stripe’s brand. Sort of like the “VeriSign Secured” seal you see on websites, except actually meaningful 🙂
So Checkout look great, is a breeze to setup, and is somewhat customizable: you can supply your own logo and the text to be used in the dialog. But what if you wanted to completely control the checkout experience by providing your own user interface, instead of using Stripe’s? This is where Stripe.js comes in.
With Stripe.js, you collect card information from the user using your own UI, send it to the Stripe.js API to get a “card token”, and then send this token to your server. Your server will then make a different (“charge”) API call to Stripe with the token and the charge amount in order to charge the user’s card.
You may be wondering: why a two-step process? Why not just send the card information from your UI to your server, and then have your server make just one call to Stripe to make the charge? The reason is PCI compliance: since your server makes the charge using a temporary card token and never actually touches any actual card information, you can bypass most of the onerous requirements in PCI DSS. However you do need your bit; in particular you must make the API calls to Stripe securely over HTTPS, and never send the actual card information to your server or store it anywhere.
Unlike the merchant use cases above, the primary uses case for marketplaces like Airbnb is facilitating payments from buyers to sellers, e.g. from renters to property owners in the case of Airbnb. This is where Stripe’s Connect product comes in.
As in the case of Stripe Checkout, with Stripe Connect the user interface and much of the heavy lifting is provided by Stripe, however you have lower control of the experience. The sellers on your marketplace will be redirected to Stripe’s website to create (or login to) their own Stripe account as shown below, and payments are transferred directly from buyers to the sellers with minimal involvement on the part of the marketplace.
Stripe Transfers API
Transfers is the marketplaces equivalent of Stripe.js, in the sense that there is no visible Stripe branding and you have full control over the buyers’ purchase experience as well as the sellers’ payouts. With Transfers, you accept card payments from the buyers (using either Checkout or Stripe.js) into your own bank account, and then use the Transfers API to send payments as appropriate to your sellers’ bank accounts.
Hope that was helpful. I’ll be writing a second part shortly where I walk through building a simple node application that uses Stripe.js to accepts payments through a custom UI.