Ecommerce Stuff Nobody Tells You

Well, we’ve solved our latest credit card validation problem and it seems like a good time to give a quick recap of the lessons we’ve learned during this whole sordid process. Things that nobody bothers to tell you, not even the people you’re paying to do just that. This is 2008, but credit card processing is a technological throwback to the Dark Ages.

Things nobody bothers to tell you, version 1:

  1. The web sites for credit card processors & merchant account services are completely useless. Do not try to use them, not even the big fish that everybody respects (e.g. Authorize.net). You will only waste your time. Instead, call their tech support. We’ve found their human support to be unfailingly friendly and helpful, at least when it comes to answering direct questions rather than making suggestions (hence the Stuff Nobody Tells You). The hold music’s so beyond awful it enters into laughable, though.
  2. If you want to process AmEx, you have to call them directly, set up an account with them, and then talk to your merchant account service. Just because your CC processor’s interface shows you that AmEx is active, and your merchant account people tell you that everything is systems go, doesn’t mean there aren’t hidden things you have to do to, you know, actually process cards. Or that the errors will be helpful.
  3. Address verification (AVS) is voodoo. Not real science. AVS is inclined to reject real, valid cards all the time, even when you don’t count “user errors” (e.g. your bill says Apt 4 and you put #4). D’oh.
  4. Test charges are pretty much unavoidable. So, since AVS essentially doesn’t work, the way to verify a card is to make a tiny charge on it and then void the transaction. It’s not a charge you’ll ever collect on, but it’s not exactly a hold either. To us, it’s a bit squicky to think that this is the only way to verify a credit card number in this, the 21st century.
  5. Some banks will reject small test charges. About 10% of cards used to sign up were declined. Thanks to Stuff item #6, we couldn’t tell why from the error reports. Nobody could tell us why, either. We called Auth.net and they had no suggestions. We only found out as fast as we did because one would-be customer, our friend (& tasty designer) Johnny Bilotta, called his own bank to ask if there was a problem. Trying to be considerate internet citizens, we had set our test charge to $.01. His bank told him they reject small test charges under $1.00, but our credit card processor never thought about it. Even though it’s their business. Useless buggers.
  6. Errors are incomprehensible and your credit card processor is useless at helping you solve validation issues. The error you’ll get in most cases is General error. In other cases, you may get Declined, but there’s no way to tell why. Calling your CC processor won’t help you, either, because in many cases, they can’t get more information than you’ve already got. In other cases the phone reps just aren’t trained in spotting what must be common problems (e.g. the low test charge).
  7. When you ask why stuff doesn’t work, even due to Stuff Nobody Told You, they think you’re kinda dumb. Despite the support being, as we said, unfailingly friendly, there are always these awkward pauses when we’ve asked about Stuff Nobody Told Us. For example, when we called and said “So our account says we can accept AmEx but they’re all being rejected. Can you help us?” The nice lady asked, “Well, are you set up for AmEx with your merchant services provide?” and I said “No, what do you mean?” Awkward pause ensues. The lady assumes she is speaking with a polite nitwit and then the rest of the conversation takes twice as long as it would have if she hadn’t thought I had a room temperature IQ. Which is too bad, because there’s no documentation or on-ramping process that tells you this, and nobody thought to mention it, either, when I asked if I made the calls to both Auth.net & the merch acct people to ask “Hey, we’re going to live. Do we have everything in place?” last week.
That’s all for now, but I’m sure there will be more.
For more real-life depictions of Ecommerce Surprise, & more harrowing stories of our adventures in setting up a paid web service: Subscribe. You know you want to.

24 comments

  1. What I personally find most disturbing is that credit card processors and banks are expecting you to know their lingo. When they even themselves don’t know.

    Oh, and when the help links open with a 404.

  2. Interesting problems your having. Are you going with Auth.net?

    I have to say, as a developer, I love trustcommerce.com. They have API’s for every language (including Ruby/Rails), automation for billing, and *gasp* a developer API…with documentation and code examples!

    They also have test card numbers they provide you so you can verify all the different validation cases through their system, with documented error codes.

    Maybe you should check them out? I’ve never had to call them.

    …oh they also support AmEx out of the box, never had any issues with that myself :/

    …and I don’t work for trustcommerce, just a happy customer :)

  3. Derek, where were you 3 months ago!?! ;)

    Seriously, “TrustCommerce doesn’t publish pricing because we understand the market and the products.”

    Tell me how you got onboard with these people without calling them. Their web site’s incomprehensible and they tell you don’t need to worry your sweet little head about pricing because they understand the products.

    I’d consider trying them out if I hear more rave reviews. And yes, we’re using Authorize.net, which is not really a move I could recommend without reservations.

  4. Wow! we must have been lucky to find eWay here in Australia (www.eway.com.au). They set up all the links to our bank merchant accounts, even set up Amex card acceptance for us with minimal hassle (on our part at least). Now they are assisting us with direct bank debits for some of our customers as well.

    They even have a rebill facility for ongoing charges which works really smoothly.

    Their developer API is so simple I thought there was something wrong at first!

    Unfortunately, I think they only support Australian banks I believe (and I say that with just a slight veneer of smugness after being rejected by many other ecommerce gateways with “Sorry, US banks only”!!) :)

    Anyhow, congrats on getting Freckle up – it looks great.

    Cheers,
    Devan

  5. Hi Amy,

    I think you did Freckle with Ruby on Rails. Are you using Active Merchant to interface with Authorize.net?

  6. Here’s another vote for TrustCommerce – especially for subscription processing.

    We’ve intgrated with their API and have been using them for a few months – no hiccups and so far all is well.

  7. Here are a couple of other tips:

    *Your processor account is set up specifically for the gateway you chose*
    This means that if you switch gateways there is likely a config flag in the bowels of one system or another that no one on either side of the equation is ever going to remember until you go live and charges start disappearing into the aether. Oh, but by the way the awesome part of this ‘feature’ is that all these charges returned approved, and you just never actually get paid :) The only way to deal with this is to be eagle eyed about it if you are going to switch gateways on the same account, and call the merchant bank (the guys above the internet gateway you chose) and confirm everything 10 times.

    *Merchant bank employees will do scary things*
    After one support call, an employee of a merchant bank emailed me in plain text a list of all the charges that were failing, including full card details.

    Regarding TrustCommerce, they are great *once* you get an account. Good luck with that though, you basically have to set up a bear trap outside of their office, and hope you snag an account rep. See Robby Russell on this issue: http://www.robbyonrails.com/articles/2008/04/16/review-braintree

    There is also Braintree(http://www.braintreepaymentsolutions.com/) that he is reviewing in comparison, which seems a lot like TrustCommerce from a feature perspective, except they answer the phone when you call and have told me they can setup test accounts in a few minutes. They recently decided they only want to deal with customers doing US$1mil/year or more, however they have also said they like the Rails community and will make exceptions for us.

    Here is the message from the rails-business list with that offer: http://groups.google.com/group/rails-business/msg/53da3705df6063a2

    I am using TrustCommerce and their support is very good once you are up and running. Part of the reason for this is that the products are solid and once you have it set, you can leave it alone completely, so you do not actually need the support all that often. I think this is a pattern across the industry, finding the provider with the smoothest setup is the challenge.

  8. And by the way congrats on the launch the product is very cool and the github integration is awesome!

  9. wrt AVS:

    for US addresses at least, in my experience it only cares about the first number in the address line. This is usually the street address. If the customer’s billing address is “342 NW 3rd Ave Apt 56″ it only cares about “342″. This gets trickier with rural Utah-style addresses such as “Oak Tree, 123 S 45 W”, where sometimes it wants “123″ or sometimes “12345″.

    Hell, for a while I had a billing address that had a “1/2″ in it, such as “1234 1/2 Crowded St”, and sometimes AVS wanted “1234″, sometimes it wanted “123412″ and sometimes it wanted “12341″.

    I have yet to figure out a pattern for non-US AVS, it seems to vary by country.

    Also, don’t get me started on how the entire premise of credit card transactions is based on “we are taking money from you” instead of the more prevalent elsewhere outside the US “you are sending money to us”. Are we surprised there’s fraud?

    My non-US customers want to do bank transfers, and I have to explain to them why the US banking system pretty much makes that infeasible.

  10. What you forget to mention is how terrible these guys are at fraud protection. Visa is basically deaf, blind and stupid about fraud detection…and when you discover something that is easily a stolen credit card, there is no mechanism to report it, and disincentives to help the customer. Plus…the challenge billing process is far too expensive to deal with. Amex will just cut you off after 1-2 challenges. The others will just swamp you with fees (a great business model for them). It is a nightmare, and not particularly better from 1996 when I first started doing this.

  11. I’ve use paypoint.net for some of my old web design customers, they’ve got pretty decent documentation and the time ive had problems getting code running they’re tech support has been very useful.

  12. We had some similar problems when we wrote our own credit card processing software for Clicky. We use auth.net, and our merchant is with CDG: http://www.cdgcommerce.com/

    With CDG, you don’t get AMEX by default, but it tells you taht on your “dashboard”. All you do is click a button and wait a few days and then you have it.

    Figuring out the specific reasons for declined transactions is the biggest problem by far. About half of the declines we get have an error code, but the other half don’t – just “declined”. It’s a proceses of trial and error, monitoring each failed transaction to try to figure out why it failed.

    The most common reason for a decline taht just returns a generic declined error is when the expiration date doesn’t match. So when we get a declined transaction, one of the “tips” we display is to double check the expiration date, because auth.net won’t tell us it’s wrong.

    And for the card code, sometimes it returns the error that it didn’t amtch, but sometimes it doesn’t. So we also display that tip as well: “Please double check the card code”.

    International AVS is annoying too. More ethan half our customers are international, but I’d guess that only 1/3 to 1/2 of the transactions actually have an AVS check done on them.

    Luckily, you, like us, are selling a service and not tangible goods. This means there will be almost no fraud involved. 6 months and thousands of transactions later, we’ve only had 1 chargeback. So that’s good.

    I’m glad I took the time to integrate this ourselves rather than paying for an existing product or having someone else do it for us. It is a great learning experience, and being able to put on your resume that you’ve written credit card processing software is a great thing.

  13. Oh yeah, forgot to say, auth.net’s documentation for their API is pretty bad. That was frustrating for development. I mean it covers most things, but there were also a lot of thigns I had to figure out myself via trial and error.

    As for support, I’ve never called them, but I’ve probably emailed them a good 10 times. Usually I’ve gotten a generic form response that is no help, but sometimes they come through and actually read my question and respond with a real answer. Unfortunately, even then it’s usually not too helpful, but a few times their support has come through for me.

  14. @Amy, feel free to give me a buzz if you want to know more about TrustCommerce.

    I pretty much was “grandfathered” into a project that was using it. At first, I had that payment gateway sinking feeling in my stomach, but to my amazement, its actually a great service!

  15. I totally agree. It amazes me how sketchy all the payment gateways are. I’ve spent a significant amount of time working with Auth.net and Linkpoint. Actually, I have had very bad experiences with customer support on both of these too.

    I recently switched to using Paypal Website Payments Pro. The documentation is still almost worthless, but I feel much more confident using Paypal than the others. They’re just much more professional.

    Also, another thing that took me a while to figure out at first was that you’re usually dealing with resellers, and that means you should be able to negotiate on the rates (I talked Linkpoint way down, but Authorize not so much). When we’re talking about something as important as processing payments for my company I’d rather feel like I’m paying a set price for a well-thought-out service, and that’s another thing I like about Paypal.

  16. You are right. These companies live on confusing people because it somehow works for them 80-90% of the time and they make a ton of money. They have $12-14/hr employees who have a set script and if you ask anything outside the ‘norm’ you get someone else. Whenever I deal with them, even the ‘good ones’- it takes a week to do just one thing and the attitude!

  17. Auth.net and other gateways charge a lot of fees. We went that way and burnt our fingers.

    Best is to integrate google checkout and paypal using their apis and concentrate on your core competency.

    your customers will thank you for it.

    Thanks.

  18. I just can’t comprehend that whenever there is a problem it is always someone elses problem. The bank, the merchant , the processor, the batcher. It is silly how many grubby hands are trying to sop up a few dimes.

  19. I agree with almost everything you are saying. I will say there is a science to AVS and most of credit card processing.

    The problem is there are very few “scientists’ out there studying the subject. If you ever have any questions about this stuff feel free to ask me; If I don’t know the answer already I’ll find one for you.

  20. Wow that is a long list…I tend to agree with all. I found out that minimizing some of it depends on the way you negotiate your merchant account. I applied with few providers (used http://www.creditcardprocessing-r-us.com- a directory that features few merchant account providers under the same roof) and just negotiated everything, fees terms and support. At least now I have a dedicated merchant account manager that has to speak with me!

  21. Hi. I am sure almost nobody looks on this site anymore but I figured I may be able to start up another conversation in regards to all of this.

    Gateways and Merchant Bank providers.

    What I have come to realize is that customers need to stand up against the Merchant Banks and not look to point a finger at a gateway provider. The gateway provider is merely a passageway of your credit card data. They also help you with reporting, subscription payments, and some like TrustCommerce can provide more security then AVS. Now, most payment gateways charge the same fee’s across the board. You have:

    1. Setup Fee:

    2. Monthly Fee:

    3. Per Transaction Fee: Now, most providers will charge you any time you touch a transaction. Such as, credit, void, authorization and capture, or just a standard sale. So, if you ship you authorize the transaction when you receive the order and capture the funds when it’s shipped. If you are with a company lets say Authorize.Net you are charged $0.10 cents per transaction. Well for one transaction with a authorization and a capture your looking at that transaction really being $0.20 cents. Now lets say the customer calls and is unhappy with that. So you issue a credit. Well thats an additional $0.10 cents. So that one transaction ended up costing you $0.30 cents. Now, this seems like chump change but if you are an account who does many transactions this can become very costly. Now, I know from experience that TrustCommerce does not charge a per transaction fee. They charge a per Authorization fee. Which means you will save money. With this fee you would only be charged for a sale or an authorization but not a credit, void, and etc. Though, on average TrustCommerce sells their fee at $0.15 per Authroization which sounds $0.05 cents higher then Authorize.net it could still cost you less. However, that is depending on what type of business you are. If you do strictly sale which is a one time transaction and you have a very low credit rate then you would probably save money with Authorize.net.

    4. Storage of credit card fee: This is a fee that you are paying for security. If you are using a company for storing credit card information which is used for mainly subscription payments then you are being charged a monthly fee typically around $0.10 cents per Credit Card. Now, it does sound like a lot but, if you want to have additional security and pay more for your PCI audits then be my guest. I would say the fees for the gateway to hold this data can be cheaper.

    Merchant Bank providers are crooks. They have so many fee’s and nothing on the invoice is ever clear. Anyone have Wells Fargo for your merchant service provider? I bet you look at the invoice and almost want to rip your hair out because it almost means nothing to you. Hence the knowing their lingo. So instead of learning you just pay. However, not really knowing your loosing money when you do not need to be. Below is a list of fees merchant banks typically charge.

    1. Application fee:

    2. Setup fee: (now wouldn’t you think the application and setup fee should go hand in hand?)

    3. Monthly fee:

    4. Monthly Mimimum fee: If you do not process up to a certain limit they will charge you for it. Because they say they loose money. Yet you already have a monthly fee…

    5. Per Transaction fee: (now this is where it is strange. You are already being charged a transaction fee from the gateway so now why are you being charged another one from the merchant bank provider? Please know this transaction fee includes credits. Even though the credit is already for a transaction you have processed a credit is sending a new authorization and yes you get charged for it.

    5. AVS fee: Most banks will charge you everytime you pass AVS for verification… I am sorry but I think this is the one of the biggest ripoffs. They are already getting you for a transaction fee so why do they need to charge you another fee? To make you think more about this is the gateway provider does not charge you for this fee. Yet, the gateway provider is the one collecting this data and sending it. If the merchant bank is being charged for it by Visa and the gang then why isn’t the Gateway being hit with the same charge?

    6. Discount rates: These are the percentages that they charge you for Visa, Mastercard, Discover, American Express, JCB and etc. Now, know this that the merchant bank adds more on the percent because they keep a piece of that. More of a way to dig into your pocket. Some companies if you have non qualified transaction meaning you are not passing the necessary information to send a potected transaction they will charge you another $0.10 to $0.15 cents. This is on top of your non qualified rate which is a higher percent plus your already AVS charge and transaction fee… Also, these rates are never going to stay what they were when you singed a contract. Every year you will receive a letter stating some interchange has changed and the rates are going to go up. More then likely your contract you signed says this is normal and you acknowledged this but it was never stated.

    7. Batch Fee: Some banks will actually have the nerve to charge you each time you send a batch to them. These fees can be anywhere from $10.00 to $25.00. Now if you send a batch everyday which by Card Industry you must batch at the end of business day if you have processed transactions. So if you process everyday and its a 30 day month at $10.00 thats an extra $300.00 they made off of you for a month. Thats an extra $3,600.00 in a year of your money they take.

    8. ETF (early Termination Fee): Almost all banks in the industry have a contract term. Typically its for three years and they will charge you close to $300.00 for breaking that term. ALWAYS read the fine print and all sections on the agreement.

    One other thing I would want to warn people about. Sales Reps at Merchant Bank Providers can be very tricky in how they send a proposal. They can make the rates look different in an effort to show savings to get you to sign a three year contract term. However, you will later find out that you were hagged and the rates actually are higher. So be very weary on what banks you go to. In addition to this there are a lot of banks out there that will have a bundled package. This means the gateway and the merchant bank have partnered with one another to get business. So, if you use Wells Fargo you will be sold Authorize.Net along with it for merchant processing. Now, what you are not aware of it this is an easy way of hiding fee’s. They can bundle prices to make them look less when in fact its more or the same as it typically would be. Also, the catch 22 in this is if you do decide to break away from this bank you will probably be forced to find a new gateway too. Which, if you are a company that stores credit card info with your gateway provider be ready to pay for that data. It may be your data and the gateway cannot keep it from you but they can charge you to get it and they can charge whatever they want for it and you really have no option but to pay. Unless of course you want to call each merchant and ask them to give you their card information again. So, if you are going to settle for a bundled package make sure you are truly happy with that provider.

    The fees that are being charge are ridiculous. However, what most people do not understand is its a competitive market. There are hundreds of Merchant Banks out there and you can call and get quotes. If you see some BS charges you can say well this bank is only charging me this and unless you can match or do better I will be looking else where. More then likely the bank will do what it can to get you. If you already singed up with a provider and are under contract and are being charge to much sometimes its best to pay the ETF and get out. The savings you will get in the long run can easily make up for that fee. However, if you are close to the end of your contract term its very easy to make them give you more competitive rates. The more knowledge you as the merchant gain the better off you will be at fighting these companies and saving yourself a lot of money.

  22. I also see there is a lot of talk about AVS…

    I know AVS is a huge headache for a lot of people. However, AVS is not mandatory for everyone. AVS is a system that is designed to help save people from high chargebacks. We all know there are many credit card thieves out there and we all know in one day your card could be maxed out if stolen.

    What a lot of customers do not understand when it says input your address is that it mean the address where the credit cards invoice goes. So to help save you some time place that on your shopping cart in big bold letters. It will keep your customer happy because they will not input it three times till they get fed up and say never mind and save you some money. Also, you do not have to put Apartment 4 on there. It is not going to check for all of it. If you just put the address and forget the unit number you should be fine.

    Here is a fun interesting fact that people do not know. Gateway providers give you an option to pass AVS or not right? That is a given. However, there is also an option in the coding to have the transaction still pass through if the AVS does not pass. That is a gateway setting not a Merchant Bank thing. Now, how is this special? A merchant bank will give you a qualified rate for passing the AVS information regardless if it is correct or not. I AM NOT SAYING TO DO THIS because this does help raise your chances of loosing money and product if you ship but I am just spilling the beans. If you want to know more send me a message.

    AVS international. AVS does work for international cards. However, know that not all international banks are up to date with the AVS the US is. So if you process a foreign card you may see an error on the AVS response and that will just mean AVS is not recorded. What sucks about that is you will be hit with a higher interchange rate.