The payment provider is chosen based on many different criteria. Some of these are the service availability in the country where your bank account is, costs of a transaction, monthly fees, the costs of integration, and whether it resolves sales tax issues or allows for integration with some other well-known payment solutions. Many of these questions must be answered by You the client. Stripe is our preferred choice as it had excellent API capabilities. This article will use Stripe as its payment processor of choice.
Best Practices for payment providers
Retry if transaction did not succeeded
The transaction might fail not only due to technical reasons but sometimes insufficient funds might be the reason. You should retry processing the transaction between an hour to couple of days later.
Know when your CC will expire
Some of the card details will expire or their data will no longer be valid for various reasons. When you do not have valid CC data charging the customer will not be possible. The major card schemes offer a service that lets you check if there are any updates pending for the customer data that you store. Some of the online payment solutions will even update card information for you. Stripe will do this for the majority of MasterCard, Discover, and Visa cards. Not only CC.
Be aware that in some parts of the world people are not willing to pay with their Credit Card
The best example of this is China when Alipay is the main payment source. It is worth noting that not all clients are happy giving away their card details so using a well-known payment method helps to increase the completion rate of potential transactions. Stripe also supports Alipay for China and for Europe Giropay, iDEAL
We would like to have PayPal
Sometimes clients just want to use PayPal as they are familiar with the brand. Don’t be stubborn – Stripe will help to maximize your profit. Stripe and Paypal are direct competitors there is no integration between them.
Best practices while using the Stripe payment process
PCI compliance with Stripe
Most users become PCI compliant by filling in the Self-Assessment Questionnaire (SAQ) provided by the PCI Security Standards Council. The type of SAQ depends on how you collect card data. The simplest method of PCI validation is SAQ A. The fastest way to become PCI compliant with Stripe is to make sure you qualify for a prefilled SEQ A. If so Stripe will fill the SEQ A for you and will make it available for you to download to your account’s compliance settings after the first 20 or so transactions. The way to achieve this is as follows:
– Use the Embedded form called Checkout, Stripe.js and Elements (it offers better layout customization then Checkout). You can use react-stripe-elements which uses Stripe.js API or Stripe mobile SDK libraries. When you’re using react-native go with tipsi-stripe. ipsi-stripe bindings are not officially supported by Stripe so support will not officially tell you that they qualify for prefilled SEQ-A compliance – but they do.
– If you are using web serve your payments pages should use HTTPS.
In all those cases data is securely transmitted directly to Stripe without it passing through your servers. When you choose the fastest way you will not have to do anything more. It is as simple as this until you reach 6 million transactions per year then you will have to fill a Report on Compliance to validate your PCI compliance annually.
Prepare for technical failure – Idempotency key
If you are using API to take payments you must prepare for a technical failure as all networks are unreliable. If failure happens wit is not always possible to know if a charge was made or not. In the case of a network failure you should retry the transaction. The Idempotency key is a prevention mechanism against charging a customer twice. If for some reason you submitted the payment twice – which may occur due to retrying operations after a failure. In Stripes node lib you just add it to options parameter while charging. Each Idempotency key will time out after 24 hours so after that time if you make a payment with the same Idempotency key you will charge the client.
Stripe charges in cents not dollars
Online payment solutions like PayPal charge in dollars rather than cents. But that in Stripes all charges are made in smallest currency unit. This is not only the case regarding dollars, Stripes does it for all currencies.
Stripe provides many card numbers for you to test different scenarios on the frontend and tokens so you could directly test your backend. For example you can not only test Visa, Mastercard, American Express, Discover, Diners Club and JCB Cards but also international cards and 3D Secure Cards. Stripe also provides you with tokens so you can test failure scenarios like a charge being declined, or a charge being blocked because its fraudulent, an expired card, or a processing error. So you will be prepared for everything that can happen when you go live.
Do not put JSON in description – Use metadata
Be descriptive as you can. Metadata is your friend. You can enrich your Stripe transaction with custom data so you can then view it in the dashboard. For example you can add things like customer_id or the shipping_id in metadata so there is no reason to pollute your transaction description.
Should I collect more data?
The bare minimum to collect from a CC is its number, CVV and expiry date but you can collect more. You can also collect the zip code / CC holder name / address for Address Verification System (AVS). If you collect them it will increase payment security because the fraud prevention algorithms will have more data and will be able to react more accurately. However, from the user perspective it’s more data to type – which is not always good. Customers are only human and sometimes make mistakes when entering data which can also cause some transactions to be rejected. So you must decide on how much data you need and what will work best for you and your income. Equally banks will sometimes reject payments with a ‘do not honor’ status and you will have to contact your customer so they can ask their bank about the reason (high level of recent activity on a card, a lack of matching AVS information, a card being over its limit, or a range of other reasons which only the bank will know).