Monday, November 11, 2013

FRED's new payment processor


As some of you know, FRED has recently switched to a new credit card processor. The new service, called Stripe.com, is a much more modern and web-app-friendly service. It has two main advantages over the previous service:
  • Better customer security: Stripe uses some javascript and cryptographic magic to authorize credit cards without the sensitive data ever being sent to FRED. This means that card numbers (which have never been stored by FRED), now don’t even pass through FRED’s servers. Fewer “hops” means more secure. 
  • Automation: Stripe is a credit card service built for the web, with an API that will let us automate all kinds of good things. In particular, we’ll be able to automate ACH transfers of your tournament fees directly to your bank account. You’ll be able to enter bank account details via that same super-secure system mentioned above, so your account details will never pass through FRED’s servers, nor be stored there. 
After the switch to stripe, there were, however a couple problems. To anyone that was adversely affected by these issues, please accept my sincere apologies. There is nothing about the site that I take more seriously than executing financial transactions smoothly and correctly. In the interest of full transparency, here are the issues:

Issue: After the switch to Stripe, FRED failed to credit a payor for payments made prior to the switch (via the old payment processor).
Impact: Some customers were confused, and few were charged twice for the same event.
Status: Solved. This should not happen any more, and all known cases of double-charges have been refunded. FRED now correctly credits customers for payments made via the old processor.

Issue: Successful payments not recorded in FRED, due to FRED applying excessive validation of the payor email address.
Impact: 6 payments were not correctly recorded.
Status: Solved. The validation has been fixed, payment records have been repaired, and refunds given where necessary.

Issue: Browsers with Javascript turned off submitted incomplete payment form data to FRED.
Impact: A dozen or so users were unable to pay, and received bland "an error has occurred" type messages.
Status: Solved. The payment form is no longer displayed in browsers with javascript turned off. Instead a message prompts the user to enable javascript.
Issue: Payment CSV reports excluded payments made via Stripe.
Impact: Incomplete CSV reports.
Status: Solved. All payments are now included in CSV reports.

Issue: Because of a difference in the weekend funds settlement schedule between the new and old payment processor, funds didn't become available for disbursement on time.
Impact: In the two weeks following the switch, a small number of tournaments had to wait longer than usual to get their money.
Status: Solved. I have made some adjustments to our funds disbursement process (which occurs on the weekend) so that funds are disbursed predictably.
Issue: Javascript errors in a few users’ browsers prevent the payment form from being submitted at all.
Impact: The affected users can’t pay via FRED, unless they use a different browser.
Status: UNsolved. I’ve installed a new system to report javascript errors directly from users’ browsers to help diagnose this issue. In the meantime, if you or someone you know is affected, I recommend using a different browser. In particular, something other than Internet Explorer would be good.
If you have any questions about any of this, please don't hesitate to email me, or submit a helpdesk request at:
http://support.askfred.net
support@askfred.net


-Peet

1 comment: