[pjan]

> Ideally, you'll support at least two providers you can switch between, if you can afford the development of supporting two

It is however not that simple if you want to remember your customers payment information, and don’t want any PCI-DSS liability or obligations. You’ll need a card vaulting solution in the middle, which comes as additional burden (and cost!) on top of the other payment provider integration. There’s big volumes you need to process to offset all of this, and probably not ROI sensible for many.

[nik736]

Do you have any suggestion for "card vaulting providers"? This is interesting actually, store cards without PCI-DSS obligations and use those cards with the payment provider that makes the most sense at that point in time.

[pjan]

Spreedly, TokenEx, Very Good Security are some that I'm aware of.

I'm surprised Stripe hasn't come with their own multi-processing router solution for enterprises at this point; whichever major payment processor who would do this, could become a de facto choice as primary or secondary payment gateway for enterprises requiring this.

[section_me]

hyperswitch[1] looks to be trying to work in this space.

1. https://github.com/juspay/hyperswitch

[enigma20]

Nice! Didn't know this. There are commercial solutions which offer even more integrations https://www.ppro.com

[tzs]

Even with a card vaulting solution I think it may be difficult to support more than one provider, at least for Visa and MasterCard, due to Visa's Stored Credentials Framework (SCF). SCF was a set of requirements for using stored cards that Visa originally announced would be required starting sometime around 2017, and MasterCard said they would adopt it too.

So many payment processors were going to fail to meet the deadline to implement it they moved it back a year. The main payment processor we use met that deadline and we started using it. But many others did not and it was pushed back another year. I'm not sure when it finally actually came into effect because I didn’t pay much attention after that.

Under SCF when you charge a card and intend to store that card you have to set a flag in the transaction signaling that intent. After the transaction you need to save the Visa or MasterCard assigned transaction ID.

Later, when you use the stored card there's flag you have to set that marks this transaction as using a stored card, a flag you have to set if the charge is merchant initiated (e.g., an automatic subscription renewal) rather than customer initiated (e.g., they order something from website and elect to put it on their on file card), and you have to provide the transaction ID of the transaction that was done when you first stored the card.

It's that prior transaction ID that is the problem. With many payment processors the transaction ID they give you is one they generate, not the one that Visa or MasterCard generates.

As part of implementing SCF those processors will remember the Visa or MasterCard transaction associated with transactions that had the "we are going to store this card" flag set, and so later when you use the stored card you just have to provide the transaction ID they gave you and they look up the Visa/MasterCard transaction ID to send to the card company.

So say you charge a new Visa card through provider X, setting the "we are going to store this card" flag. X gives you an X transaction number X-1234, which you remember, and X remembers that X-1234 means Visa transaction ID V918273.

A year later it is time to auto-renew that customer, and you want to do that through provider Y. But Y's interface expects a Y transaction ID. You can't give them X-1234 and have them do anything sensible with it.

As far as I can tell for many combinations of X and Y there is simply no way to do an on file charge at Y with a card that was put on file after an X transaction, except perhaps by at the time of the X transaction also doing something like a $1 authorize with Y and hoping that the Y transaction ID for that will work with Y for later doing an actual charge.

You need some way to get the Visa/MasterCard transaction ID, and you need X and Y to allow you to provide a Visa/MasterCard transaction ID for the SCF stuff.