* The Business of Software

A former community discussing the business of software, from the smallest shareware operation to Microsoft. A part of Joel on Software.

We're closed, folks!

Links:

» Business of Software FAQ
» The Business of Software Conference (held every fall, usually in Boston)
» Forum guidelines (Please read before posting!)

Moderators:

Andy Brice
Successful Software

Doug Nebeker ("Doug")

Jonathan Matthews
Creator of DeepTrawl, CloudTrawl, and LeapDoc

Nicholas Hebb
BreezeTree Software

Bob Walsh
host, Startup Success Podcast author of The Web Startup Success Guide and Micro-ISV: From Vision To Reality

Patrick McKenzie
Bingo Card Creator

A question about payment processors

Hi all!

After lots of thinking and market research, I've found a small niche (it's so small that currently it's only in Spain) that has a need for a custom software and some additional services, and I'm building it. It's the typical SaaS application, a multi-tenant website where people work using the web browser (no RIA, no desktop nor mobile client, etc).

My target customers are conservative, and aren't "solo-users", they're associations. After talking with a friend who knows some of this associations, he tell me that the best payment method for this associations will be bank debit (in Spanish, "domiciliación bancaria"). So each month I generate a file to send to my bank, and then the bank gets the money from my customers' accounts (in my bank or other banks) and puts it on my account.

And this is the part I don't like: To do this job, I must store ALL the bank account numbers from my customers. I know that I can encrypt it, and I'll be using SSL for the entire application, but I'm not sure...

I've been looking for Spanish payment processors that accept SEPA bank debit, but I haven't found any. And the Spanish processors that I've found are really expensive (compared to Avangate or FastSpring).

Beside this, if I build my own payment method using bank debit, I must create all the parts around it: enabling or disabling users depending on the result of the payment, refunds, and lots of other little things that now I can't imagine.

And well, I'm a bit scared. My question is: What do you think, it's a good idea to build my own system, or the best (and smart) choose is to use something like Avangate or Stripe, and when people ask why I'm not accepting bank debit explain them that it's for security reasons?

Thanks for your opinions!

Kind regards,

Marc
mcs Send private email
Wednesday, June 11, 2014
 
 
>After talking with a friend who knows some of this associations, he tell me that the best payment method for this associations will be bank debit (in Spanish, "domiciliación bancaria").

Have you verified this with any associations?

Are you sure that Avangate, Stripe or Fastspring can't do this for you? Have you asked them? Avangate handle subscriptions and accept a wide range of different mediums of payment.
Andy Brice Send private email
Wednesday, June 11, 2014
 
 
I am extremely skeptical that I can securely store such data on a public server. And the thing is, I'm really smart and know what I am doing.

When I outsource this stuff to other companies, it's not that I can't do it myself, and it's not that I don't want to, because I love to roll my own just about everything and have no dependencies.

However, I outsource payment stuff and always will because of legal liability reasons. When the pit hits the sham and hackers get in, someone else will get sued. Not me.
Scott Send private email
Wednesday, June 11, 2014
 
 
@Andy,

This guy manages two of these associations, but I haven't asked directly to any other association. I'll build a poll on my website, and let's see what people think. Very good point! :)

And you're true: Avangate (as being based in Netherlands) supports partially SEPA payments. Currently is only for Germany, Netherlands and Austria, but I'll ask them if this payment method will be available for Spain, and when.
mcs Send private email
Thursday, June 12, 2014
 
 
@Scott,

Really good points!

I've already know how to build a complete SEPA payment generator (in my current job we have built one), but the real problem is liabiliaty. I can do my best to secure my server and, if someone breaks it an gets all the database, he'll get lots of personal data (name, address, email, etc), but it isn't as serious as loosing lots of bank account numbers.
mcs Send private email
Thursday, June 12, 2014
 
 
>I'll build a poll on my website

Spoken like a true developer. It is amazing the lengths developers will go to avoid actually *talking* to a prospective customer. ;0)
Andy Brice Send private email
Thursday, June 12, 2014
 
 
> Spoken like a true developer.

Andy, I *am* a True Developer(tm)! ;)

> It is amazing the lengths developers will go to avoid actually *talking* to a prospective customer. ;0)

I have a very good reason for not talking to prospective customers: I only know two, and they already told me that they want bank debit payment. Now I want to see if the other interested people (people who knows about my application from internet) wants bank debit or if it's OK for them to pay with credit card.
mcs Send private email
Thursday, June 12, 2014
 
 

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics
 
Powered by FogBugz