How to safeguard your cash register?

There may be many cogs in a business operation and every one of them is important and needs to be safeguarded. The most important of them is the “cash register”. The threat to cash register existed since the inception of commerce. People invent new ways to protect it and it seemed for quite a while this risk is mitigated with the introduction of credit cards and the online payments. However, in this 21st century, the folks from the medieval times are back again in the virtual world and now they have a new name “hackers”.

There are many reasons and ways for the businesses to protect sensitive data.  I will concentrate on online businesses and on only one item – how to efficiently process and secure customer credit card data and conform to all regulations and not be liable.

Currently, organizations have a wide range of choices to process credit cards as they sell widgets and to charge the cards on a monthly basis to process recurring payments.  There are many ways to process cards, there are thousands of payment processors offering all sorts of discounts on volume, type of cards etc. To process recurring payments, you need to store credit cards. The moment you store credit cards on your infrastructure, no matter how secure you are, you are setting yourself to be a Target (no pun intended).

I set out to review the choices available in the marketplace for a payment processor that enables charging your customer credit cards both one-time as well as recurring payments without forcing your customers to have an account with them, conform to regulations and be PCI compliant.

I reviewed Amazon (Devpay, FPS), Google Wallet, PayPal and Stripe. At the outset Amazon and Google can be discounted as it forces the customers to have an account with them i.e they are allowing you to charge their customers and not the other way. There are enough middle men and I don’t like having one more between you and your customer. With PayPal, you can do both. i.e if you want your customers to pay with their PayPal account, you can do so or you can use PayPal Payments Pro (Direct Payment) which lets you pass the credit cards from your website shopping cart to PayPal behind the scenes through APIs and provide a seamless experience of your customers not having to leave your website. PayPal also offers subscription / recurring payments wherein you can setup certain customers to be billed at regular intervals and a fixed amount to be charged. PayPal also offers something called “Virtual terminal”, which lets your employees to login to a PayPal website to charge customers cards manually. They also offer a device to enable MOTO customers and physical credit card processing as well.

Stripe is a very interesting new player in the market place and does all we want in a clean straight forward fashion. With Stripe, you can create a customer profile with a default credit card and they would return an ID. Every single time, you want to charge that customer you just mention that ID and the amount. You can setup recurring payments as well. You need to create a recurring plan with a said amount and set the plan in specific customers’ profile. It will charge the customers at the specific plan in a recurring interval mentioned. If the amount you charge monthly or at regular intervals varies, then you can still charge the customers you want to charge by sending the ID and the amount, it’s that simple.

Both PayPal and Stripe offer authorizations, process refund of a specific sale (partial or complete), charge pretty much 2.9% + 30c a transaction. If you have higher volume, you can strike a discount with any of them.

Here is a simple comparison of PayPal Pro Direct and Stripe.

PayPal Pro Stripe
Your Customers need to have an account with No
fees 2.9% + 30c 2.9% + 30c
Recurring payments Yes Yes
Stores Credit card only for recurring pay Yes
Charge cards without sending card info everytime No Yes
Encrypt Card info while sending No Yes
Virtual Terminal Yes No
You will be PCI compliant No Yes

if you have your own website with web pages to collect credit card information; don’t want to store credit cards; Want to charge different amounts at regular intervals; don’t want your customers to have an account with other vendors; be PCI compliant and need a processor to process your credit cards, then I would recommend Stripe.

If you don’t want to go through the pain of designing your own web pages to collect credit cards, then you should consider all mentioned processors PayPal, Amazon and Google.

Here are some quick, direet references.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: