I'd like to add CC processing to my linode-hosted web application. Can anyone recommend a CC processor? Any thing I need to know beyond 'dont save cc numbers'?

Many thanks

There is always paypal....

Depends greatly on a) what you're selling (cost, volume, risk), b) where in the world you are, c) which currencies you want to deal with, and d) whether you have or want to get your own merchant account.

If you do have a merchant account, it is usually simplest to use whichever processor the bank has an existing relationship with. If you don't wish to jump through the hoops needed for a merchant account, Fastspring have been good (a little more expensive than paypal/worldpay/2checkout, but you get what you pay for).

Having just recently gone through searching for the same thing for my company, here's a few thoughts.

As mjrich suggests, there's a lot of variables involved, so it's hard to say just what level of service you're looking for. Certainly, Google, Amazon and Paypal all have gateway offerings grown specifically for the online space. Other gateways, such as authorize.net for a large example, have various offerings, both online and physical terminal, and of course, your local bank may have offerings at least worth investigating since you'll have a relationship with them already.

There are various merchant account review sites out there, but I have to be honest in that I'm never quite sure if they aren't essentially just sponsored by the companies themselves.

To the second point, once you start processing CCs, what you care about (or should) is PCI compliance (www.pcisecuritystandards.org). It's not that you can't store CC numbers (well, some swipe data truly can't be stored), but that if you do so you have to follow the rules or risk penalties if you have a breach. I'm not completely sold on how well being PCI compliant actually prevents such problems, but not being compliant carries its own set of business risks.

Assuming you're looking for a full gateway and processor to integrate into an application, including an appropriate merchant account, I'll throw a shout out for Braintree (http://www.braintreepaymentsolutions.com).

One stop shop (sign-up includes gateway/processor/merchant account services, with the processing done by the processor arm of FDS) with excellent API integration, and in particular a clean "transparent API" offering that offers a (added fee) PCI-compliant Braintree-based "vault" that maintains all CC information without it ever touching your server, which can dramatically simplify PCI compliance depending on your application. A differentiator from others that offer something similar is that you can still be in complete control of the web pages presented to customers rather than having to delegate the entire thing to a gateway server. Other gateways (such as authorize.net) provide some configuration over such pages, but it's their servers that must present the pages to customers. I think the only other gateway I discovered doing something similar to Braintree was Dow Commerce (www.dowcommerce.com).

Economically, their fees were very straight forward (not always true in the space), and in line with what we were getting with existing merchant accounts at the time. They won't necessarily match the cheapest stuff you'll see advertised, but they also have fewer unexpected fee possibilities on the back-end.

Decent virtual terminal (you can demo on the test account), but not necessarily a ton of frills (e.g., no free shopping carts or whatever). Actually, I got a "Linode-like" feel when working with them, if that makes sense...

From a developer perspective, I also have to say that Braintree won me over by having all their detailed technical information available online (http://dev.braintreepaymentsolutions.com), and even providing acccess to a test API account I could run transactions against, all before I even contacted a rep. I had actually implemented a test integration with my application before contacting them. I don't think I found any other gateway (aside from authorize.net) for which I could locate technical documentation pre-sales contact, much less actually demo the physical system.

-- David

I know this post is way over due, but I wanted to thank all three of you, this information is invaluable for me to get my biz up and running!

For those of us reading along, what did you end up doing or going with?

I ended up getting distracted and working on another project

I've started talking with braintree, they have a great client list and can offer pretty much anything. I'm trying to figure out if I need a gateway or full cc-hosting (I'd never bother to write the cc-hosting stuff myself). Hopefully their rates are competitive, I haven't gotten that far yet.

It is interesting what gateway Linode itself is using ... May be an article similar to http://37signals.com/svn/posts/753-ask- ... edit-cards in Linode's blog?

No...please stay away from PayPal. They can suspend your account and there's pretty much nothing you can do about it.

I've had my PayPal account locked because I mistakenly had 2 accounts (forgot to close an old account I had), but they've locked my business account and they won't respond to my emails.

Thank you. I have heard about it. We are in Australia. Starting - http://www.nerrvana.com/

Options we have while starting are not big until we will incorporate in US. Right? Authorize, Braintree - all work only with companies registered in USA. I was thinking to start with provider we have to redirect client to pay and if business will take off - incorporate and go with provider where we can do it like Linode - our page talking to merchant provider.

We just moved to Linode from Slicehost and both use what ideally we want to use - own page to pay and I was wondering what do they use.

We use PayPal to process credit card payments (which does not require the purchaser use PayPal). We've considered moving to other payment processors, but none of the major ones offer fee structures that are dramatically better. Google Checkout's fee structure is identical to PayPal's.

There are certainly possible scenarios where PayPal is much more expensive than Moneris or some other big payment processor, but they don't seem to really fit for us. If we do change, it won't be a huge improvement in fees.

I'm currently using PayPal for my company, but will be switching to Stripe (https://stripe.com/) soon. They have a really cool API that allows you to process credit cards on your own site without data ever touching your servers (ie no PCI compliance problems), and (I've heard) the same fees as PayPal.

In the not so distant past I had good experiences with BMT Micro and Kagi, although iirc they were not so versatile as PayPal. BMT also supports PayPal.

This is a somewhat niche, off-in-the-weeds suggestion, but I'm treasurer for a special-interest group which likely has a higher-than-average risk of getting PayPal'd, based on an analysis of PayPal's history. So, for our online membership renewals, we use WePay.

Their ticket-selling stuff might be interesting to Guspaz. Dunno how they are with international stuff, but they're worth considering as an alternative to the traditional shopping-cart-and-merchant-account process.

_________________

/* TODO: need to add signature to posts */

Hmm, it does look interesting, but at 3.5% it's a bit more than we're paying PayPal.

It should be noted that PayPal does allow various levels of integration, if memory serves. The least integrated is the redirect-to-paypal-and-it-redirects-back method, but I believe there are also more integrated methods. We're using something in between where there's a redirect going on, but data is passed back to us with the payment info through the API.