Skip to content

Payment Services Provider: Discussion Topics

Jump to bottom Edit New page
Riccardo Giomi edited this page Jul 19, 2020 · 41 revisions

Useful Background Links:

Questions that SHF Needs to Answer

  • What are the different payment options to offer in priority order ? (ex: Swish, ....? )
  • Does SHF already have a Merchant Bank? (A "merchant bank" handles the exchange/reconciliation of funds between the customer's "issuing bank" (e.g. Swish or a credit card) )

Provider: HIPS AB (hips.com/se)

Meeting with John and Martin @ HIPS Monday, 28 August with an appear.in online video meeting

  • Patrick B
  • Susanna L
  • Lara T (*)
  • Ashley E (*)
  • ?

* took notes

John gave an overview of HIPS (they're a young, small company getting started). Generally went through the questions below:

Useful Links

Business

Topic Discussion Notes
Why should we choose you? Fast moving, all clients treated the same, 24/7/365 support, cause they small company they are able to charge less on fees
How long have you been in business? Start up, in a pilot phase, but are reliable and ready to board clients,
Are you currently profitable? They have capital from the sale of old Sand Port
^^ If not, when do you project that will occur? In 2 weeks they transform out of pilot phase
How many customers do you have? a few clients that are paying but helping in the pilot phase
^^ How many in "test" and "production" phases?
Please provide customer references that we can talk with
How many employees? 9
^^ How many in development, customer support, other? 2 Full-Time, Dev & 3 Outsourced Dev, 2 Finance CFO & Controler, Sales 3 guys

How can they charge so little? (much less than others)

  • because they are small and so have less costs
  • because they want to gain market share

Support

Topic Discussion Notes
What are the ways that support is provided? (e.g. phone, email, etc.) Email, Facebook, Support Channel & Phone is dedicated support time in SV time
Is there a charge for support? (If so, what are the costs and limits.) No Charge
What is the expected response time for acknowledging a support question/request? with in 24 hours
What is the expected response time for an answer to a support question/request? It depends on the question or kind of support needed

  • email, phone, FB, support website

  • will aim for around the clock

  • dedicated support = Swedish business hours

  • FREE

  • expected response time within 24 hours (goal = within a few hours when during business hours)

  • both the organization (SHF) and the developers are ‘customers’ and can contact support

Product

Topic Discussion Notes
What are all of the current payment options you offer? (E.g. Swish, Paypal, other on-line/mobile payment Debit services, bank transfers (which banks?), Credit cards (which cards?), pre-paid cards, etc.) Every Card that is available in Sweden eg. Visa, Invoice pay later - credit check on customers pay the customer immediately. Use relays for now, PayPal, Swish Hamdel must be activated, no need for a merchant account
Please provide an overview of payment processing. Option 1: API has to be PCI certified, fewer than 1mil transactions. Options 2: Hips JS connects to a form, sends the card No. directly to Hips server, replaces card No. with a token not seen on the front of the site. Option 3: Hips JS Recommended creating a checkout easy to integrate, if you add payment methods later it will automatically be there, this does not need PCI compliance,
The website refers to "PCI-free" and "PCI-required". Please explain. PCI-required means transmit or store the Card Number, need to be certified.
What are limitations of "Checkout"?
Why might we want to use HIPS.js?
Why might we want to use Payment API? Recommended using Option 3 as above
How do you manage security in processing?
What are your fraud prevention measures?
Do you have a recent security audit you can share?
What customer data do you store, and for how long?
^^ How do you manage stored data security?
How do we access completed transaction data?
Please explain the cost structure.
Do you handle recurring payments?
What other kinds of payment schedules or features do you apply other than a single, one-time payment?
How are refunds ("chargebacks") handled?
Which currencies are accepted?

payment options

  • debit/credit card (visa, Amex, etc. all cards in Sweden)
  • invoice (pay later) [user applies for credit background to HIPS, but SHF gets funds directly from HIPS]
    • this is the common bank transfer in Europe (US doesn't have an exact equivalent)
  • variations = partial pay, etc.

relays

  • works as a technical platform
  • will need a merchant agreement with payment platform (e.g. PayPal)
    • handles Swish, PayPal, etc. Trustly

Does SHF have an organizational account? nope. Susanna says they’re working on getting a Swish account (must be sure to enable SwishHandel = online)

  • don’t need a merchant account for Swish (e.g. for credit cards); that is included in the Swish contract

3 options for working with HIPS:

  1. API must be PCI certified (“easy” for a non-profit organization) send a card number, HIPS send OK/NOT OK back
  • PCI required if we transmit or store. In this case we’re transmitting it, so PCI certification needed
  1. HIPS JS with the form - HIPS handles the card number. No PCI cert. needed
  • connect it to a form. when a customer enters a creditcard number, SHF-projects the card number to the HIPS server, HIPS returns a token. SHF never saves the card number! (SHF saves the token saved by HIPS. and will send the token to HIPS when needed
  • works like an iframe
  1. HIPS JS at the checkout [recommended]
  • totally hosted on HIPS server
  • works like an iframe (martin example with Zerpico glasses) ex: at checkout, is redirected to hips server

Q: can we decorate it?

  • fonts and colors
  • within an Iframe
  • so as long as we handle CSS?
    (not really clear from them. they kept repeating the iframe thing.
    I wonder if they have )
  1. End user logs in to HIPS. (ex: like logging in to Paypal. end user needs to get a 2-factor etc.)
    1. verified by the person-number and their postal code
    2. if they chose not to enter it, then the invoice option is not available
      1. Invoice: will need to enter their BankID (like a 2 factor authorization)

Suss Q: works for an organization?

Q: SHF does bank transfer. can this be done?: handled via “invoice"

  • (is more like ACH transfers; or a little bit like setting up approval for your utility company to take funds (or even put funds) directly into an account

Q: recurring payments?

  • do an API request to HIPS

first transaction: use unqiue ID for the customer, send info to HIPS so that we can query HIPS later about the status.

  • cannot do with PayPal and Swish (because PayPal and Swish require extra steps from the end user)

PayPal: SHF -> HIPS -> PayPal -> SHF (url sent)

Q: why are the 2 JS methods recommended over API? “least work for SHF, more control for HIPS” HIPS can do more verfication of the user. HIPS has more control of info (ex: fraud protection )

  • HIPS has more control over the customer experience (they have more/better experience with it)

Q:

HIPS is PCI level 1 certified

  • annual on-site audit, quarterly test (as required by Visa, M/Card)

data stored 10 years (required by regulations)

We’d like to see the attestation (certificate) of PCI compliancce

Cost structure:

  • no monthly or fixed fees

1.8% + 1.8 K for every successful transaction

credit, debit, invoice

  • all included

paypal & swish: currently free (but PayPal and Swish also have

What Euro, US dollar, swedish KR

invoices (only KR right now)

Norway, Denmark, UK, soon

credit card authorization (all currencies)

refund free (no charge for this transaction)

SHF project system would work with their interaction API (this is not the same as the API level above)

  • so SHF would essentially do an invoice (payment refund) back to a member

demo: log into HIPS can see all transactions - can click on a customer and view a specific order and view the payment(s) made

  • can click on “refund payment” (in full or in part, etc.)

  • can add a note, print out things, etc.

Development Support

Q: is there a sandbox for development?
yes - can set the account (domain) to LIVE or Test mode

when domain is registered in HIPS will get API keys

development docs?

  • susanna has the API docs (link)

ex: there is 1 API call that requires PCI certification (because it sends the CCard number (Payment API: POST)

HIPS JS

= the “tokenization feature” of HIPS (so that we can use the token instead of the ccard number)

checkout payment API can use either the token or the actual ccard (this requies

Checkout: Order API

  1. create an Order. -> HIPS -> we get a token back (like an ‘order number’)

refund:

  • refund can be done either via logging in to the HIPS admin system and going thru the HIPS UI, but

Development Support

Topic Discussion Notes
How do we get access to development docs?
^^ Available in English?
What language(s) does your API support?
What are your support SLA terms?
What kind of development support do you provide? (free? cost?)

they work in Ruby, but most clients using PHP.

  • working with WooCommerce, Magneto, etc.

Q: Patrick: how does it work if we’re stuck?

  • normal support ways (phone, website: (support.hips.com. have a support ticket tracking etc.)). could do a slack channel, etc.

  • can use the #hips-support Slack channel

John & Martin: will send us a doc showing how a transaction would work in Ruby

Membership Fees = “high risk transaction”

  • because they have high levels of ‘chargebacks’
  • thus typically have a 14 day delay after the payout cycle ends (payment cycles end on Monday)

Membership fee 2 parts

  • branding fee (deductible)
  • membership fee (not deductible)

ex: a company will pay the branding fee, but wants each member to pay his/her own membership fee

= HIPS each trx is tied to whomever is PAYING (so if an organization owner pays, HIPS tracks that, and SHF would need to organize, present the info as we want)

Add a custom sidebar
Clone this wiki locally