tags:

views:

491

answers:

4
+3  Q: 

Token based credit card systems vs. traditional gateway

I'm trying to decide between Paypal PayFlow for a transaction processing service or a service like BrainTree.

BrainTree's service intrigues me because they will actually return a token to you for a credit card which can be used in future transactions. This token acts like a GUID for the credit card, but is useless if stolen. BrainTree is the only service I have come across that uses such a system - but I'm not sure if they are unique or not.

I heard some praise for BrainTree on a recent podcast, and had not heard of them before.

I wondered if anyone has any general advice on picking between the two - from the perspective of how much programming I will need to do or PCI concerns.

A: 

Have you looked at Amazon Flexible Payment Service? Same low rate as PayPal, but you get the very well done Amazon checkout experience (which as I'm sure you know let's you reuse credit cards and addresses without having to re-enter them for every order.)

You also have the advantage that most people have done business with Amazon before and are comfortable doing it again.

Eloff  2009-08-10 03:42:40
I dont want to put people on a third party site (except paypal). i had thought about it but i'm actually not especially impressed by the Amazon UI. we're trying to optimize conversion rate by minimizing number of steps and amazon actually has quite a lot of steps for new customers. i'm not sure quite how the experience is for existing customers. i'll check it out again though
Simon_Weaver  2009-08-10 04:04:19
A: 

I'm based in Europe, and it sounds like you're based in the US? That being so I can only mention that there are certainly service providers on this side of the pond (and I imagine that one too) that offer pretty decent tokenised payment solutions. Tokenisation is fast becoming the standard way for payment service providers (PSP's) to help merchants with their PCI compliance.

If you want to take advantage of a token solution to help with PCI compliance then its inevitable that you'll end up redirecting users to a third party site. Most PSP's allow the payment page to be styled, to look as close to your source site as possible. The redirecting is necessary to ensure that your source site has no involvement at all with the capture and transmission of card number data. It also means you dont have to worry about integration with Verified By Visa, or MasterCard SecureCode.

Once the third party site has completed the transaction you'll be left with a token value, and again - different PSP's allow different things, but I know some here allow for (eg) card capture only, or authorisation only (allowing settlement to take place at a later time).

PaulG  2009-08-10 20:32:58
Braintree ( http://bit.ly/braintree ) allows you to process credit cards without capturing or transmitting credit card numbers and without redirecting your users to a third party site. You retain total control of the look, feel, and flow of the checkbox process. To do this, you build a form on your site that submits directly to Braintree. More info at http://bit.ly/braintree-api . Disclosure: I work for Braintree.
dan-manges  2010-03-08 19:39:52
+1  A: 

PayFlowPro will allow you to do this as well. Checkout the DoReferenceTransaction method of their docs. Here is a forum post with some additional info.

Ben R  2009-08-17 22:21:09
The link you provided is broken
Nick Berardi  2010-03-22 20:54:38
+1  A: 

Authorize.NET also supports this through their Customer Information Manager (CIM) API. Speficially look at Page 28 of the CIM XML guide (PDF). The <extraOptions> tag contains the transaction key:

<extraOptions><![CDATA[x_customer_ip=100.0.0.1&x_authentication_ 
indicator=5&x_cardholder_authentication_value=uq3wDbqt8A26rfANAA 
AAAP]]></extraOptions>
Chirag Patel  2010-08-28 20:59:58
this is actually the system we adopted. i thought i'd updated this question, but that must've been a different similar question. been very happy with their service - except for the problem (common to many systems of this type) that we dont have full credit card numbers to call the bank with when problems arise
Simon_Weaver  2010-08-29 05:17:54

related questions

How can I read the purse balance with an EMV CARD?
What is the best credit card processing service?
Does anyone know where there is c# code or a dll which can generate sample credit card numbers
What is the official name for a credit card's 3 digit code?
What options are available to accept credit card payments through an iPhone?
Credit Card Duplicate Transactions
Low cost online payment processing solution for public schools?
Security review: client credit card# stored on server but with one time pad encryption stored in client cookie.
What is the best way handle credit card subscriptions on a website?
Checking for valid credit card numbers.... lots of syntax errors.
Storing Credit Card Information
Generating Valid Credit Card Track2 Data for Testing
Non-US credit cards with Amazon Flexible Payment Service?
ActiveMerchant: How to authorise cards when using gateways that do not support the void operation?
Accept credit card/echeck payments
Credit Card Payment Solutions for Desktop Applications
Storing credit card details
Whats the best way to offer credit card payment on your website?
Credit Card processing library that handles many merchant gateways?
What are some best practices for handling sensitive information?
What is the best way to validate a credit card in PHP?
What kind of damage could one do with a payment gateway API login and transaction key?
Limiting impact of credit card processing scripts/bots
Best way to prevent duplicate use of credit cards
How to test credit card interactions?