[MatthewB]

I don't know how they're doing payments exactly but if I had to guess they are recording a customer's credit card info to stripe and associate to a phone number somewhere.

Since Magic says you need to send them your credit card and address info the first time you use their service, my guess is that they would have to record that info so next time you text message, they just look up your credit card by your phone number (probably not in stripe, most likely in a separate database they keep). They can associate your stripe customer id with your phone number so they don't have to store raw credit card numbers (let stripe handle that!).

[jusben1369]

I would think existing businesses would already have a payment processing relationship in place and so the challenge would be hooking it up to many of those choices (if they didn't have one then Stripe is a good default) The question is how is that card data getting from the text message into the payment processor in a PCI compliant manner? Once they get it from their SMS app into Stripe then Stripe will give them a token and they can map the token and phone number for future charges. But I wonder how it gets there in the first place. Again, due to PCI compliance, I expect the Magic guys are never seeing the actual card numbers. So they must be paying for services on their own cards and charging your card against their Stripe account. So there's some double CC processing fees happening and chargeback exposure. I suspect though the Magic guys just hacked this together (in a great way) and given the interest I hope they can raise and solve for some of the unscalable parts like this.