Re: Payment Providers
BODY { font-family:Arial, Helvetica, sans-serif;font-size:12px; } 5. Established, tested cpan modules for dealing with them I only know of Business::PayPal::API in CPAN which seems to work ok. The downside is that its PayPal :) My initial inclinations were the big guns like Datacash and Paypoint, but of some concern was datacash's website being hosted on IIS, and the fact that neither of them have modules on cpan (and frankly, the perl examples for datacash were more than a little embarrassing for them). So, recommendations? Horror Stories? Legal guidance? --James I've not seen a good implementation/example in perl from any payment provider. And yes, the datacash examples are awful. Anywhere I've worked we've rolled our own. Since most providers use SOAP or key values via HTTPS it is not that much work to do a perl implementation. As for which provider I'd use I have no idea, I guess the one that gives you the best deal. Technically they all seem to have their good and bad points. Paul.
Re: Payment Providers
On 2 Oct 2009, at 22:16, Ovid wrote: - Original Message From: Peter Corlett It's not *quite* so clear-cut. The costs due to fraud might be less than the costs of losing sales due to VBV/3DSecure, in which case the retailer might be happy to risk the fraud, especially if they have other fraud-avoidance mechanisms in place. This has to be one of the most important comments about all of this. When I originally went to uni to be an economist, I was amazed to discover in research how much in-house accounting dealt with "which costs us less" rather than "which is right". It's rather sad. Yes, but you have to balance both viewpoints here. Personally, I'm on the side of people not being forced to use 3dsecure (I want to be fully opted out). I don't want to be lumbered with the costs of fraud because I know how to take care of my end and if my details get out, it's not me that did it. I don't think it's reasonable I get charged because the bank or retailer messes up. On the other hand, the retailer wants to not be liable when there's any fraud because they shouldn't have to lose out on the goods. They don't think it's reasonable they lose out on the goods because the bank or customer messes up. Which side wins? Well, the retailer gets to choose. And it'll come down to a strict profit sum, whether costs of lost revenue is greater than costs of potential fraud. If you don't like it, there are other retailers waiting to take your money. --James
Re: Payment Providers
- Original Message > From: Peter Corlett > > It's not *quite* so clear-cut. > > The costs due to fraud might be less than the costs of losing sales due to > VBV/3DSecure, in which case the retailer might be happy to risk the fraud, > especially if they have other fraud-avoidance mechanisms in place. This has to be one of the most important comments about all of this. When I originally went to uni to be an economist, I was amazed to discover in research how much in-house accounting dealt with "which costs us less" rather than "which is right". It's rather sad. Cheers, Ovid (the hippie) -- Buy the book - http://www.oreilly.com/catalog/perlhks/ Tech blog- http://use.perl.org/~Ovid/journal/ Twitter - http://twitter.com/OvidPerl Official Perl 6 Wiki - http://www.perlfoundation.org/perl6
Re: Payment Providers
On 2 Oct 2009, at 16:28, Bob Walker wrote: On Fri, 2 Oct 2009, James Laver wrote: Banks usually don't care, but they will give liability to the retailer in case of fraud on non-3ds transactions. Like I said forcing them. It's not *quite* so clear-cut. The costs due to fraud might be less than the costs of losing sales due to VBV/3DSecure, in which case the retailer might be happy to risk the fraud, especially if they have other fraud-avoidance mechanisms in place.
Re: Payment Providers
On Fri, 2 Oct 2009, James Laver wrote: Banks usually don't care, but they will give liability to the retailer in case of fraud on non-3ds transactions. Like I said forcing them. -- bob walker buses should be purple and bendy
Re: Payment Providers
On 2 Oct 2009, at 14:18, Bob Walker wrote: In my experience sites are forced to by their bank. That's unusual. Banks usually don't care, but they will give liability to the retailer in case of fraud on non-3ds transactions. --James
Re: Payment Providers
On Fri, 2 Oct 2009, James Laver wrote: 6%? I know of sites with much larger dropouts than that. And one day some of them will finally realise it's stupid and stop taking 3dsecure at all. In my experience sites are forced to by their bank. -- bob walker buses should be purple and bendy
Re: Payment Providers
On 2 Oct 2009, at 13:40, Nicholas Clark wrote: Yes, that's the old stuff. That's, um, not exactly something to be proud of/ not exactly a good advertisement of what we now can do. Ah, well at least that's changed :) We had a chat at lunch, and (IIRC) Tom said that he thinks that Amazon are now not taking Maestro. We're inferring that Amazon have said "We don't do 3D. We aren't prepared to loose 6% of our business from it", Mastercard have said "But to take Maestro, you must do 3D", and Amazon said "OK, we won't take Maestro then"* 6%? I know of sites with much larger dropouts than that. And one day some of them will finally realise it's stupid and stop taking 3dsecure at all. If enough big sites take this attitude, then it will get the fate it deserves, whatever the banks think or want, because customers won't use those cards any more, because they aren't useful. I'm hoping that'll happen too. HSBC ditched maestro in favour of visa debit a few months ago. I've found maestro to be shocking actually. Like the DVLA take Solo (which noone takes) but not Maestro (what's with that?). My natwest maestro card needed replacing about once a month because the chip kept rubbing off too (though I don't know if they have some centralised manufacture or what). But then again, it's all about the liability shift. Smaller retailers rightfully look at the risk and say 'fuck it', not realising that the liability ends up with the customers (and probably not caring). Chip and pin did the same and the only bank I know of that instantly refunds you with a crime reference number is Barclays (in fact I had a rather long discussion with a Barclays manager about it after HSBC wouldn't let me take out cash in branch with my chip and signature card that they issued to me). I hope 3dinsecure goes to hell. --James
Re: Payment Providers
On Fri, Oct 02, 2009 at 01:40:55PM +0100, Nicholas Clark wrote: > We had a chat at lunch, and (IIRC) Tom said that he thinks that > Amazon are now not taking Maestro. You remember correctly, but I'm wrong. I managed to end up looking at the list of card types accepted on amazon.com and somehow convinced myself I was on the UK site. I probably need a holiday. Tom
Re: Payment Providers
On Fri, Oct 02, 2009 at 01:11:36PM +0100, James Laver wrote: > On 2 Oct 2009, at 10:26, Nicholas Clark wrote: > > > >The new "Unified Payment Pages" now work just fine without JavaScript. > >If we have documentation saying otherwise, could you point it out so > >that > >I can ask for it to be corrected? > > Ah no, my experience was as a customer of the companies house website, > where it ships in an iframe laden with javascript. Yes, that's the old stuff. That's, um, not exactly something to be proud of/ not exactly a good advertisement of what we now can do. > >However, one can't take payments from Maestro unless one has 3D > >insecure. > >(And it seems that even easyJet are no longer large enough to wiggle > >out > >of that one) > > If the card company mandates it, not a lot I can do about that, so be > it. We had a chat at lunch, and (IIRC) Tom said that he thinks that Amazon are now not taking Maestro. We're inferring that Amazon have said "We don't do 3D. We aren't prepared to loose 6% of our business from it", Mastercard have said "But to take Maestro, you must do 3D", and Amazon said "OK, we won't take Maestro then"* If enough big sites take this attitude, then it will get the fate it deserves, whatever the banks think or want, because customers won't use those cards any more, because they aren't useful. Nicholas Clark * Well, really I'm hoping that they said "Screw you hippy"
Re: Payment Providers
On 2 Oct 2009, at 10:26, Nicholas Clark wrote: The new "Unified Payment Pages" now work just fine without JavaScript. If we have documentation saying otherwise, could you point it out so that I can ask for it to be corrected? Ah no, my experience was as a customer of the companies house website, where it ships in an iframe laden with javascript. And badly implemented by quite a few providers. (There's XML, and a DTD. If the XML validates against the DTD, that means that it's *VALID*, dammit, so don't reject it) The spec is ridiculous, but nothing is more ridiculous than programmers reading a spec and getting it wrong. However, one can't take payments from Maestro unless one has 3D insecure. (And it seems that even easyJet are no longer large enough to wiggle out of that one) If the card company mandates it, not a lot I can do about that, so be it. Point 4 would imply point 3 is met. You don't say, whether you have a merchant account with a bank, or whether you want the payment service provider to deal with that part. Point 4 implies that you'd like them to deal with it, and "just make money appear in my account". Doing this might restrict your options on 3D insecure/ Phished by Visa. This was part of my concern. I know paypal just do CVC checking and to hell with 3dsecure (very sensible). I don't have an account with a merchant bank, I'd like all of that taken care of.1 Paypal probably meets most of your criteria too :-) I'd thought about paypal, but no. It would be nice to have it as an option though (which Datacash offer for example). Cheers, --James
Re: Payment Providers
On 2 Oct 2009, at 12:07, David Precious wrote: It's a poor attempt towards three-factor authentication, but relying upon entering a password - which will be picked up by the same keylogging/ sniffing techniques they'd use to grab the rest of your details if you're entering them on a compromised machine. However, now, the bank has shifted liability to the customer, claiming that since the transaction was authorised with their "secret password", they have no right to repudiate the transaction. Yes, those lovely three factors: - Something you know - Something you know - Something you know Clever, huh. Firstly, they shift liability to the bank, which is why retailers like it. Unfortunately the bank shifts liability to the customer with the defence "but noone else knows your 3dsecure password, it was you, there was no fraud". HSBC revealed to me that they've had 'zero fraud' since the introduction of the scheme, which means they're pinning this, exactly like they've all been pinning chip and pin fraud on the bank customer, because of the same defence (and they got away with that one in court, somehow). Because of this, banks are loathe to let you opt out. I've been unable to do so with HSBC. I've been writing a paper about attacks on the 3dinsecure system and it's all remarkably easy: 1. I steal your card (or memorise your details while you're paying with it), you haven't registered yet, I register for you, thus choosing the password I want 2. I steal your card (or memorise your details while you're paying with it) and go through a simple reset procedure, which generally only requires information I could extract from you during an hour at the pub without you realising 3. I set up a fake page that looks like a 3dsecure page on my site and cream off the details before submitting them myself so the payment goes through. Since it's all handled by third parties, you'd never know what's legitimate and what isn't. And many, many more, wait for the paper to be released :) It doesn't take an evil genius to see gigantic holes in the system, it's shaped like a swiss cheese. --James
Re: Payment Providers
On Friday 02 October 2009 11:13:35 Ovid wrote: > OK, I give. That's two references to how insecure 3D secure is. Given that > I know nothing about it other than the annoying fact that I've forgotten my > password for it, could someone explain why its broken? Well, there's the fact that, for years, we've been trying to educate Internet users not to enter details into untrusted websites, and now all of a sudden they're expected to trust some random page that appears in a popup/iframe from some domain entirely unrelated to the one they're in the middle of trying to give their card details to? Like, for instance, securesuite.co.uk - would you trust that random domain? (Incidentally, that's the domain that RSA forgot to renew at one point...!) See, for instance, http://ambrand.com/2006/09/06/is-securesuitecouk-a-phishing-scam It's a poor attempt towards three-factor authentication, but relying upon entering a password - which will be picked up by the same keylogging/sniffing techniques they'd use to grab the rest of your details if you're entering them on a compromised machine. However, now, the bank has shifted liability to the customer, claiming that since the transaction was authorised with their "secret password", they have no right to repudiate the transaction. Cheers Dave P
Re: Payment Providers
2009/10/2 Nicholas Clark : > > (And annoyance, as a UK taxpayer, at all the various > stupidities involved, that I'm paying for, because of incompetence from > people who are not just still employ*able*, but employ*ed*) Direct also your ire to the employees of the DWP, because most of those staff members in the JobCentre are just as institutionalized as their "customers". Dominic
Re: Payment Providers
On Fri, Oct 02, 2009 at 11:34:15AM +0100, Nicholas Clark wrote: > (Rather than having DNS delegated, so that 3dinsecure.rbs.gov.uk is a CNAME > pointing to an IP owned and hosted by the outsourcer) Oh yes. If anyone knows anyone who might know someone at the registrar who might cause rbs.gov.uk to come into existence, and then have it so that everything served by it over HTTP is a 302 to rbs.co.uk, that would appeal to my sense of irony. (And annoyance, as a UK taxpayer, at all the various stupidities involved, that I'm paying for, because of incompetence from people who are not just still employ*able*, but employ*ed*) Nicholas Clark
Re: Payment Providers
On Fri, Oct 02, 2009 at 03:13:35AM -0700, Ovid wrote: > --- On Fri, 2/10/09, Nicholas Clark wrote: > > > From: Nicholas Clark > > > 2. No insistence on 3dsecure (because really, it's > > horrifically > > > insecure). > > > > And badly implemented by quite a few providers. > > (There's XML, and a DTD. If the XML validates against the > > DTD, that means > > that it's *VALID*, dammit, so don't reject it) > > > > However, one can't take payments from Maestro unless one > > has 3D insecure. > > (And it seems that even easyJet are no longer large enough > > to wiggle out > > of that one) > > OK, I give. That's two references to how insecure 3D secure is. Given that I > know nothing about it other than the annoying fact that I've forgotten my > password for it, could someone explain why its broken? There's a description about how little it takes to reset the password in the link Tom gave: http://econsultancy.com/blog/4356-why-has-google-checkout-dropped-maestro Ben Laurie explains it here: http://www.links.org/?p=591 It's indistinguishable from a phising scam. Even better, which Ben doesn't cover, is that some banks have implemented it by outsourcing it to a third party, which then serves the pages from *its* domain. (Rather than having DNS delegated, so that 3dinsecure.rbs.gov.uk is a CNAME pointing to an IP owned and hosted by the outsourcer) So you get a popup saying "I'm from your bank; tell me your secrets" popping up in new window (believe it or not, originally with branding guidelines that were "don't show a URL bar etc"), served from a domain which is nothing to do with your bank. And often this is the first time that you, the card holder, have encountered the thing. Because your bank didn't bother to tell you about it in a communication from them that you trust is from them. It's almost like some enterprising chap in Nigeria wrote the specs for the banks, to save the the costs of having to do it themselves. Nicholas Clark
Re: Payment Providers
On Fri, Oct 02, 2009 at 10:49:04AM +0100, Tom Hukins wrote: > On Fri, Oct 02, 2009 at 10:26:06AM +0100, Nicholas Clark wrote: > > However, one can't take payments from Maestro unless one has 3D insecure. > > (And it seems that even easyJet are no longer large enough to wiggle out > > of that one) > > Nor are Google: > http://econsultancy.com/blog/4356-why-has-google-checkout-dropped-maestro Then again, Maestro screwed up and is screwed. Switch was "if you see a Switch logo, you can use your Switch card" Maestro is, well, printed A4 sheets in shop windows with "Austrian Maestro Only" It's one logo applied to 15 or so different debit card schemes, without guaranteeing any sort of interoperability. Which destroys any sort of brand value it might have had. There's a technical term for this, but apparently I'm not supposed to use it in front of small children*. Maestro is being replaced by Mastercard Debit, which is not tainted with this incompetence. In the UK, at least HSBC and RBS are replacing Maestro. With *Visa* Debit. Oh yes, and Switch was screwed because not all Switch cards pass the Luhn check. Card length limit is 19 digits, and HSBC used to issue Switch cards that were $BIN . $sort_code . $account_number, which used up all 19 digits, so they had no ability to make the card meet the spec about the checksum. Various *merchant acquirers* seem not to know this, as they reject them rather than trying to auth. Then again, a certain large UK bank not owned by the government will happily auth *anything*, then refuse to settle it, and then complain that one is sending it bogus data. *You* bloody *authed* it. "Oh well, if we can't get through to the issuing bank in time, we just auth it anyway" Yeah right. And nearly all of them have test auth systems that differ from their live systems. Some of which you can DOS by accident, some with data files that meet the specs. Nicholas Clark * even if she throws up on me.
Re: Payment Providers
Ovid wrote: > > OK, I give. That's two references to how insecure 3D secure is. > Given that I know nothing about it other than the annoying fact that > I've forgotten my password for it, could someone explain why its > broken? Well firstly you, I and *everyone* forgets their password. And then it just lets you generate a new one. Which makes it meaningless even if 90% of users didn't end up using "PAZZWORD" anyway. Secondly - who's providing that 3d-secure form? How do you know it's your bank and not someone collecting PAZZWORDs? -- Richard Huxton Archonet Ltd
Re: Payment Providers
--- On Fri, 2/10/09, Nicholas Clark wrote: > From: Nicholas Clark > > 2. No insistence on 3dsecure (because really, it's > horrifically > > insecure). > > And badly implemented by quite a few providers. > (There's XML, and a DTD. If the XML validates against the > DTD, that means > that it's *VALID*, dammit, so don't reject it) > > However, one can't take payments from Maestro unless one > has 3D insecure. > (And it seems that even easyJet are no longer large enough > to wiggle out > of that one) OK, I give. That's two references to how insecure 3D secure is. Given that I know nothing about it other than the annoying fact that I've forgotten my password for it, could someone explain why its broken? Cheers, Ovid -- Buy the book - http://www.oreilly.com/catalog/perlhks/ Tech blog- http://use.perl.org/~Ovid/journal/ Twitter - http://twitter.com/OvidPerl Official Perl 6 Wiki - http://www.perlfoundation.org/perl6
Re: Payment Providers
On Fri, Oct 2, 2009 at 10:49 AM, Tom Hukins wrote: > Nor are Google: > http://econsultancy.com/blog/4356-why-has-google-checkout-dropped-maestro > >> Paypal probably meets most of your criteria too :-) > > They meet all of them. What do you all think of Google Checkout? https://checkout.google.com/seller/developers.html?hl=en&gl=GB James has just saved me asking this question for myself. -d. -- Damon Allen Davison http://allolex.net http://musicindustryrules.com http://thegannet.net
Re: Payment Providers
On Fri, Oct 02, 2009 at 10:26:06AM +0100, Nicholas Clark wrote: > However, one can't take payments from Maestro unless one has 3D insecure. > (And it seems that even easyJet are no longer large enough to wiggle out > of that one) Nor are Google: http://econsultancy.com/blog/4356-why-has-google-checkout-dropped-maestro > Paypal probably meets most of your criteria too :-) They meet all of them. Tom
Re: Payment Providers
2009/10/1 James Laver : > I'm looking for a card processing service to take payments with. > > Essential features: > 1. No javascript required to make a payment (that means you, NetBanx). > 2. No insistence on 3dsecure (because really, it's horrifically insecure). > 3. I don't have to store any credit card details at all. > 4. They deal with as many of the legal issues as possible so I don't have > to. Particularly PCI DSS. > 5. Established, tested cpan modules for dealing with them > > My initial inclinations were the big guns like Datacash and Paypoint, but of > some concern was datacash's website being hosted on IIS, and the fact that > neither of them have modules on cpan (and frankly, the perl examples for > datacash were more than a little embarrassing for them). > > So, recommendations? Horror Stories? Legal guidance? Okay, I've been quiet on this so far, and I admit I can't actually address most of your points. Also, the disclaimer here is going to be *very* obvious. At my $employer , the CEO is also running another company, whose primary business is handling credit card transactions. I'm moderately sure that they don't have a CPAN module, but they are a perl shop, so it shouldn't be outside their skills to make one. In the interests of not spamming the whole list I'll not mention them directly here - just say that they've got their office on one of the main canals in Amsterdam, and leave it to James to email me offlist if he wants details. Disclaimer: I'm not actually employed by said company, but as far as I know they may well be providing the profit that the boss is using to keep us afloat (if we need that, I'm not exposed to the numbers that much) -- Better to remain silent and be thought a fool than to speak out and remove all doubt. -- Abraham Lincoln
Re: Payment Providers
On Thu, Oct 01, 2009 at 09:02:07PM +0100, James Laver wrote: > I'm looking for a card processing service to take payments with. > > Essential features: > 1. No javascript required to make a payment (that means you, NetBanx). The new "Unified Payment Pages" now work just fine without JavaScript. If we have documentation saying otherwise, could you point it out so that I can ask for it to be corrected? > 2. No insistence on 3dsecure (because really, it's horrifically > insecure). And badly implemented by quite a few providers. (There's XML, and a DTD. If the XML validates against the DTD, that means that it's *VALID*, dammit, so don't reject it) However, one can't take payments from Maestro unless one has 3D insecure. (And it seems that even easyJet are no longer large enough to wiggle out of that one) > 3. I don't have to store any credit card details at all. > 4. They deal with as many of the legal issues as possible so I don't > have to. Particularly PCI DSS. Point 4 would imply point 3 is met. You don't say, whether you have a merchant account with a bank, or whether you want the payment service provider to deal with that part. Point 4 implies that you'd like them to deal with it, and "just make money appear in my account". Doing this might restrict your options on 3D insecure/ Phished by Visa. > 5. Established, tested cpan modules for dealing with them I don't know about that for *any* providers. > My initial inclinations were the big guns like Datacash and Paypoint, > but of some concern was datacash's website being hosted on IIS, and > the fact that neither of them have modules on cpan (and frankly, the > perl examples for datacash were more than a little embarrassing for > them). Paypal probably meets most of your criteria too :-) Nicholas Clark
Re: Payment Providers
On Thu, 1 Oct 2009, James Laver wrote: So, recommendations? Horror Stories? Legal guidance? 3d secure is normally optional until your bank tells you otherwise. SecureTrading seem fine. Dont know about perl interfaces but all you have to do is pass xml to a java app. So really shouldnt be that hard. there are two i wouldnt recommend but they are stories best kept for the pub. -- bob walker buses should be purple and bendy
Re: Payment Providers
2009/10/1 James Laver > I'm looking for a card processing service to take payments with. > > Essential features: > 1. No javascript required to make a payment (that means you, NetBanx). > 2. No insistence on 3dsecure (because really, it's horrifically insecure). > 3. I don't have to store any credit card details at all. > 4. They deal with as many of the legal issues as possible so I don't have > to. Particularly PCI DSS. > 5. Established, tested cpan modules for dealing with them > > My initial inclinations were the big guns like Datacash and Paypoint, but > of some concern was datacash's website being hosted on IIS, and the fact > that neither of them have modules on cpan (and frankly, the perl examples > for datacash were more than a little embarrassing for them). > We've used RealEx payment systems. They have a few integration options (sans javascript), provided (relatively shocking) reference perl code, have 3dsecure as optional, and helpful if not always on the ball support. Just a datapoint.
Payment Providers
I'm looking for a card processing service to take payments with. Essential features: 1. No javascript required to make a payment (that means you, NetBanx). 2. No insistence on 3dsecure (because really, it's horrifically insecure). 3. I don't have to store any credit card details at all. 4. They deal with as many of the legal issues as possible so I don't have to. Particularly PCI DSS. 5. Established, tested cpan modules for dealing with them My initial inclinations were the big guns like Datacash and Paypoint, but of some concern was datacash's website being hosted on IIS, and the fact that neither of them have modules on cpan (and frankly, the perl examples for datacash were more than a little embarrassing for them). So, recommendations? Horror Stories? Legal guidance? --James
Re: Online payment providers
hi. you could try www.moneybookers.com. i don't know how their fees compare to others, but as far as security goes, it's regulated by the Financial Services Authority of the United Kingdom (FSA). -- joro nemesis wrote: Hi all, I need to advise someone on online payment taking services (for a shopping cart system), but although I have a fair idea how a lot of the systems work, I have no idea if any of them are any good or what to look out for. I have found a few companies that seem well known: Netbanx: http://www.netinvest.co.uk/ncr/netbanx/ Datacash: http://datacash.com/ Secpay: http://www.secpay.co.uk/ Worldpay: http://www.worldpay.co.uk/ Protx: http://www.protx.com/ Secure Trading: http://www.securetrading.com/ E-clear: http://www.eclear.net/ But although most offer seemingly similar services, I don't know if any of them are crap. Have any of london.pm had experience dealing with these companies andwhat should I look out for? Are there any that should definatly be steered clear of? Many thanks w.
Re: Online payment providers
> > Online transactions always attract premium charges even though there > seems to be little or not evidence to support claims that there is a > higher risk of fraud. Well, I once set up an online shop using a traditional EPOS machine. Some windows box with an ISDN line to barclays did credit card transactions, just like in a regular shop. Only we batch processed card payments collected via a website. Yes, lots of yuckiness with us collecting plaintext live CCard numbers, moving them around by sneaker net for security blah blah blah. But it worked. And Worldpay wasn't around then :-) Look on the bright side, emetrix charge 13.4% :-)
Re: Online payment providers
On Thu, 18 Sep 2003, Sam Vilain wrote: > > For new businesses though other banks tend not to offer the service > > without very large bonds, if at all. > > I didn't have £5,000 to £10,000 to give to the bank for this. > > I know of a company who were charged a £500,000 deposit for their > merchant account. Probably to do with their turnover and market > though. From what I understand that's the rough price of a payment > gateway where you only get charged 2.5%. Online transactions always attract premium charges even though there seems to be little or not evidence to support claims that there is a higher risk of fraud. Internet merchants also seem to be required to pay higher deposits. > But you still get stung £25 for chargebacks. I cannot remember what worldpay charge for them. I avoid them by the simple expedient of checking all transactions and refunding those that seem dodgy - two in the past 18 months of trading with a total value of about £4.00. Jason Clifford -- UKFSN.ORG Finance Free Software while you surf the 'net http://www.ukfsn.org/ ADSL Broadband available now
Re: Online payment providers
On Thu, 18 Sep 2003 10:59, Jason Clifford wrote; > For new businesses though other banks tend not to offer the service > without very large bonds, if at all. > I didn't have £5,000 to £10,000 to give to the bank for this. I know of a company who were charged a £500,000 deposit for their merchant account. Probably to do with their turnover and market though. From what I understand that's the rough price of a payment gateway where you only get charged 2.5%. But you still get stung £25 for chargebacks. -- Sam Vilain, [EMAIL PROTECTED] The flush toilet is the basis of Western civilization. ALAN COULT
Re: Online payment providers
On Thu, 18 Sep 2003, nemesis wrote: > > I am using Worldpay and their service works really well for me. > > Ouch. Unless i am reading their near impossible to navigate site > incorrectly, they want to charge 4.5% per transaction. Might have a > look at some of their other options. Yes that is a downside and a fairly serious one. For new businesses though other banks tend not to offer the service without very large bonds, if at all. I didn't have £5,000 to £10,000 to give to the bank for this. I suppose I'm in a stronger position to negotiate again so once I have time I'll see about getting them to drop my charges. In truth the 4.5% charge isn't so bad. The difficult thing is that they hold the money for 4 weeks before paying it to us. That's the one thing that may eventually push me to move. All that said however I'm still staying with them as it's convenient and works very well. I don't ever have to see a customer's card details. Jason Clifford -- UKFSN.ORG Finance Free Software while you surf the 'net http://www.ukfsn.org/ ADSL Broadband available now
Re: Online payment providers
Jason Clifford wrote: On Sun, 14 Sep 2003, nemesis wrote: Netbanx: http://www.netinvest.co.uk/ncr/netbanx/ Of the ones listed these are the only ones I would specifically avoid. On the few occassions I've had to pay via their service it's been impossible as their site only seemed to work with a browser from a certain company in Redmond. I will steer clear of these then. Worldpay: http://www.worldpay.co.uk/ I am using Worldpay and their service works really well for me. Ouch. Unless i am reading their near impossible to navigate site incorrectly, they want to charge 4.5% per transaction. Might have a look at some of their other options. Will.
Re: Online payment providers
On Sun, 14 Sep 2003, nemesis wrote: > Netbanx: http://www.netinvest.co.uk/ncr/netbanx/ Of the ones listed these are the only ones I would specifically avoid. On the few occassions I've had to pay via their service it's been impossible as their site only seemed to work with a browser from a certain company in Redmond. > Worldpay: http://www.worldpay.co.uk/ I am using Worldpay and their service works really well for me. If you subscribe to their Select Junior service you can use the perl module I've written to handle the transactions and callbacks from WorldPay. Jason Clifford -- UKFSN.ORG Finance Free Software while you surf the 'net http://www.ukfsn.org/ ADSL Broadband available now
Online payment providers
Hi all, I need to advise someone on online payment taking services (for a shopping cart system), but although I have a fair idea how a lot of the systems work, I have no idea if any of them are any good or what to look out for. I have found a few companies that seem well known: Netbanx: http://www.netinvest.co.uk/ncr/netbanx/ Datacash: http://datacash.com/ Secpay: http://www.secpay.co.uk/ Worldpay: http://www.worldpay.co.uk/ Protx: http://www.protx.com/ Secure Trading: http://www.securetrading.com/ E-clear: http://www.eclear.net/ But although most offer seemingly similar services, I don't know if any of them are crap. Have any of london.pm had experience dealing with these companies andwhat should I look out for? Are there any that should definatly be steered clear of? Many thanks w.