Automatic Rebilling - How to Support?

[tvalva]

I'd like to select a Gateway Intermediary that supports Automatic Recurring Billing for Credit Cards. This is to support installment payments (e.g. 4 easy payments of $29.99), but I've noticed that most open source shopping cart solutions don't support it, and support form gateways like Authorize.net is spotty.

Does anyone have any experience with this? I'd be most appreciative for any suggestions.

Thanks

Tom

[GusVenditto]

I believe one problem with re-billing is retaining cc numbers. if you are not storing the numbers, you can't re-bill.

holding onto cc numbers involves a lot of safeguards and usually is beyond some of the entry level packages.

[tvalva]

Gus:

You're right. That's why I'm looking for a gateway to do it, then they have the number, which they get anyway, not me. Paypal has a recurring billing option, and I'm looking into that as well.

Tom Valva
MPath Marketing, LLC

[JPnyc]

What's the big deal? All it requires is a database. Don't most businesses have a database with customer, order, and inventory tables anyway?

[bpjsurf]

The issue is not so much the technical requirements of having a database with the credit card numbers. The issue is the exposure a small business has by storing the numbers. Go to visa.com and read up on the requirements for storing credit card and personal data securely. More importantly read the potential fines you can receive as a merchant if your system is comprimised. The truth is most small businesses do not implement proper access controls to their systems. The merchant account / payment gateways companies are working to try and address the issue for small business by developing better technologies that will suit the needs and provide a suitable level of security. However it does not seem to exist today. We are working on two independant projects to address secure reoccuring billing. I expect you will see this issue resolved in less then a year

[JPnyc]

Ah, well that's a horse of another color. It's liability issues then. Understood.

[tvalva]

BPJSurf makes some excellent points. The CISP (Cardholder Information Security Program) is really stringent; basically what is required of major data centers, particularly now under Sarbanes-Oxley requirements. As a small merchant, you really don't want to be holding the card number and other personally identifiable information in this environment. It's actually doubtful many service providers can prove they're compliant with the CISP requirements.

As for gateway intermediaries who support rebilling/installments, there's Paypal, who really supports the indefinite rebilling as for memberships, but they don't explicitly support installments. PayMeNow.com seems to support the widest array of recurring billing options, and I'll be taking a look at them.

Thanks for all the excellent feedback.

TValva

[bobgreenboston]

I like Authorize.Net's platform - and they do have 24/7 tech support to help with any issues.