It’s a question we often get asked do you support PayPal Pro or Authorize non-hosted when we reply no, people rightly wonder why. The reason is a pure business one, it simply is not economically viable to support these gateways.
Imagine this typical scenario:
Joe buys YM and installs it on the version of WordPress created for him by his Hosting Provider, he signs up to PayPal and pays his fees for pro and enables the gateway. Everything is fine, until customers start complaining they are being charged repeatedly for the same transaction. Joe is now left with several major problems, and being threatened with legal action, words like PCI DSS compliance are bounced around and so he logically assumes its a bug with the software and in turns threatens NewMedias with legal action, only problem the issue was never with Your Members it was down to the shared hosts setting up of CURL.
Running credit card processing is not a process to do lightly, in addition to the mountain of paperwork the technical implementation both in the storing but also the calling of the card company has to be rock solid, this is not something NewMedias has any control over. We can’t hold every customers hand and check every hosting provider or indeed even look over PCI scans and documentation, yet we would be in part taking on risk associated with users carrying out credit card transactions. Now risk can be mitigated and our indemnity insurance would cover such events, but most people take out based on the cost of their business we would have to increase ours to match our biggest clients, some of our customers have 10s of thousands of users and are bringing in scary figures.
People asking for Credit Card Processing are:
- Non technical people who when we explain the process they would need to go through often back away quickly, suddenly PayPal is great
- Technical People, these are often the people who dismiss PCI-DSS compliance as easy, and in truth if you are in complete control of the entire system it is, just another pile of paperwork to do. However these people are also our most expensive customers, there support requirements are higher, normally needing a developer to engage with them, and the chances of tinkering is higher. Making them the highest risk people when it comes to Credit Card Gateway they are the group most likely to have a problem, and be the first to throw blame. A little knowledge is normally a dangerous thing.
- Developers, these true out and out devs are more then capable of building a gateway and we encourage them to do so, they nearly always have control of their environment we encourage and support them, in development, because we know that by them doing the work, our liability is virtually non existant. If a developer was to do a PayPal pro gateway and ask us to promote it? Well we will cross that bridge if it happens
While for us economics means we do not support direct Credit Card gateways, it is as much to protect our user base, people will rarely understand the complications or the liability involved with taking payments in this manner, it is not for us to police them, and we have yet to find a feasible model where we can support them without significant cost to ourselves, which would be virtually impossible to pass on to the user.
Is all lost?
Not at all we are working on new ways to make payments, one of the most exciting is our work with Coding Futures to build a new payment gateway based on PayPal Digital Goods meaning you will never have to leave the page to make payment for posts or subscriptions.
For me this is exciting new way (which also allows credit card payments) will at least bring people a little closer to not having to deal with ugly and unintuitive UI of PayPal and similar providers.