July 16th, 2009
This article covers the different ways that subscription billing can be achieved. If you haven’t read the article on taking payments online then it’s worth a quick read to get some context.
Route 1: All in one solutions
There are a number of comprehensive solutions which allow you to do this.
Paypal Payments Pro with Subscriptions – A great service from Paypal, their system deals with the recurring billing of clients for defined or indefinite amounts of time.
Futurepay – Allows the recurring/scheduled billing of clients
Route 2: Merchant Account + Processor
In order to take recurring payments you would usually need to follow either the IFRAME or the API method as described here.
When you submit payment details to the payment processor they can return a token which you store and you can build or use a system which automatically poles the API every month with the token and the other fields as required on the API to bill the client.
It’s worth noting that if you are thinking about storing credit card details to think again. Apart from needing to be fully PCI compliant to the highest level, a process that is relatively lengthy and intensive there is little value to you the app builder and incurs the risk of a $500,000 fine from VISA should your card details escape into the wild.
Subscription billing for varying amounts
It is actually possible once you have a token from your processor to bill for varying amounts. However this requires ‘continuous authority’ from your merchant account.
Continuous authority is basically a license to print money as you can bill any amount at any time to a credit/debit card. It is for this reason getting it is very difficult, banks perceive this to be a considerable risk and is thus saved for the likes of telephone operators and suchlike. As of yet we haven’t found any other ways of doing varying amounts other than direct debit.
There are some good frameworks such as the Ruby Invoicing Framework which automates alot of the programming work. It is worth noting that VISA are expected to implement in July 2010 a requirement for any 3rd party applications which are handling credit card details to be PCI DSS certified. Hopefully some decent certified applications/frameworks will become available at a reasonable price as the deadline approaches.
Other useful articles:
Disclaimer: This article should be taken alongside advice from a professional PCI Compliance assessor. Every City Ltd take no responsibility for any liability you may acquire from following any of these courses of action.
Entry Filed under: Online Payments