It's been a busy couple of weeks. Our Flawless.QA experiment is moving along nicely and we're improving the quality of many a website. We've even started blogging about why maintaining the quality of your site is important. The next big step is to start accepting payments. For a startup, accepting payments is really the only thing that must work flawlessly. Everything else you can worry about later, but payments must be handled perfectly and professionally. Unfortunately that also means it doesn't come cheap, especially if you're not based in the US.
Handling recurring payments is a step above handling regular payments. If you were accepting one-time online payments you could get away with doing almost everything in-house, on an SSL connection, without storing credit card information. But we need to keep the user's payment details in the system so we can bill them again the next month. And that means PCI compliance, or rather, paying a company to be PCI-compliant for you so you don't have to. And that's a good business to be in, if prices of these services are any indication.
So, what options are there? The answer is: tons. But they're all not right for us. We're trying to get our site up and running with a bare minimum amount of money, so spending 69USD for a beautiful recur.ly subscription billing and an additional 25GBP for a SagePay payment gateway is just not an option. I've spent many an hour scouring the internet for useful solutions, and recur.ly+SagePay was mentioned several times as someone's preferred solution. Other solutions include Braintree, which will send you five gazillion forms to fill out and has a minimum monthly fee of 100EUR, and the un-Britishly named Authorize.net which will charge you a 50GBP setup fee and a 20GBP monthly fee (and will also send you a bunch of forms). Unlike Heroku, where the platform costs will hurt you after you've actively started using it, payment costs will bite you right from the start.
Before I tell you which provider we ended up choosing, let me mention one more option here that I only learned about after we finished our initial integration: Paymill. They seem genuinely good and I'm going to give them a try real soon. Paymill is also discussed in this thread on Hacker News about taking payments online in Europe, a must-read if you're looking for info about online payments in Europe.
The solution we ended up going for, at least for the moment, is the one big name left unspoken so far: Paypal. Much has been said about Paypal, not much of it good. You will have no problem finding horror stories about their API, their customer support, their random freezing of people's funds. But to the consumer they're a symbol of trust and familiarity. Implementing payment logic is indeed not straightforward at first, but it does make sense. Since we're Django-based, the django-paypal library seems like a good choice, but it did not work out of the box, and neither did the supposedly up-to-date fork, but it took only a small effort to get it working.
The paypal sandbox is one massive WTF. Creating dummy accounts and managing who is logged in where is a massive pain that is only made more terrible by the fact that you get logged out every other bloody minute. You'd think that they'd set the timeout to something higher on their sandbox, but no, you will suffer in inconvenience. To make matters worse the sandbox works differently from the real paypal store. Other than that I had a hard time figuring out how to make our paypal store accept credit-card payments from people who have no paypal account. I found out there's a package called "Paypal payments standard premium" which will let you do this, but it's not documented very well on the paypal site. After selecting the premium package I suddenly received an email from paypal thanking me for my purchase without mentioning any price. Trying to find out the price online gave me conflicting answers so I emailed paypal about this and received an answer two hours later: the premium package used to cost money, but now it's free. And there was much rejoicing.
The other thing we found out while testing our live paypal store is that paypal is very strict on which cards it accepts. It flat-out requires a contact phone number and will not forgive if you fail to exactly copy the billing address belonging to the card. I had to try several times with my UK card, something which will definitely be horrible for conversion rates. For some reason my Dutch card worked fine on the first try, but my friend's US card did not work either. It's my main cause of worry right now, and part of the reason I'm putting this blogpost out there: to hear other people's experiences and find out about alternatives.
If you're a UK-based startup, and you have no money to spend, there's really only one option: Paypal. I sincerely hope that Paymill can disrupt that status quo.