I am trying to set up a business that would require the use of amember as well as some way to accept credit cards. However, I'm lost and confused as to what I need and how this process works. I won't get into all the details of what my subscription service would do of course, but here's some general info: The site is a database-driven subscription service. This is not a consumer service; it is a b-to-b service providing mostly a database of technical information. Once someone has paid they get access to the entire site, otherwise they have access only to the free articles. Pricing would be yearly at around $800, with options to go monthly or bi-annually, although yearly would give the best deal. I have not previously run a store (online or otherwise) that accepted credit cards, just cash and check. I'm trying to figure out what I need aside from amember to get this thing working. It looks like I need: ->amember ->merchant account ->shopping cart, even though I only have one product and a few pricing options for it (not sure about this part) ->SSL certificate for secure transaction ->some way to store the credit card info, including CVV2, for recurring payments ->some kind of encryption for storing the credit card info on my server (since it's possible someone working at my host could lift the numbers) I've checked out some of the payment systems, but there are so many it's hard to evaluate them all. I know not to use Paypal as I've heard horror stories. I also am knocking out all those that don't allow me to set coupons, because I plan to offer coupons often. I've heard horror stories of merchant accounts not wanting to take you on as a customer if you're doing large transactions like an $800 yearly fee. I've heard some good things about authorize.net, and I'm wondering if someplace like http://www.merchantexpress.com/rates_internet.htm is a good deal. I'm concerned about getting ripped off or jacked around by the banks, since I haven't taken credit cards before and it's a new service. I'm also concerned about security of storing credit card info. Furthermore, I'm not sure what kind of services I need beyond my merchant account, as in whether I need something like authorize.net or if amember would work directly with a merchant account. If anyone can please help, I'd appreciate a teeny bit of mentoring on this issue. Specifically, I'm looking for whether anyone has had trouble with a particular payment process company or bank, so I can start knocking some of them out of the running. Also, if anyone has had any really good or really bad experiences with services costing around what I'm going to be charging. Thanks for any help you all can provide!
I'm also very interested in what people think about this. My site is about 10 days from launching and Paypals IPN is messed up on their side for "some users". No timeframe on when they are going to fix it for me. Paypal does look to be the cheapest since you only pay 2.9% plus .30 or .50 for each transaction. I do need a payment system that works and allows people instant access though. -B
Called Paypal and was immediately transfered to a supervisor as soon as I said IPN. That was the good news. Bad news is they said it's a known problem on their end with "some" IPN accounts and they couldn't give me an estimate on when it would be fixed. Amember's log is saying my email is not "verified". It is verified with Paypal and I've double and tripled checked it in Amember. Amember setup the paypal stuff. But I did double and triple check. pending_reason => unilateral = Non confirmed email for my amember account with Paypal, right? Maybe I'm not understanding this right since this is the first time using the paypal sandbox. I thought the sandbox is a way so I can see exactly what my customers will see when they pay for my site. All the way through from payment to being able to login to my member section. Unfortunately amember doesn't give them access after they pay while using the amember/paypal sandbox features. I do have a week before my site launches, but god dam, I'd like to get this working. Pretty sure it's a Paypal issue, let me know if you think it's a amember issue. Thanks, -B
Update: Called Paypal again. Got transfered to a tech guy and was told using the sandbox is not a good idea unless you're a developer. (thought that's how I test all my cart stuff is working?) Anyway, he suggested I make a .01 cart item and try it live. He said he was 99% sure it will work. It works. What a relief. That is one weight lifted off my chest for this site launch. -B
Shelley, I do almost exactly what you are trying to do, and would be happy to mentor you the best I can. I have things working pretty well. See my site at w*e*b*r*e*c*o*n*.com You will need amember, a merchant account and an SSL certificate. You will also want more secure hosting than shared. I suggest a virtual private server (VPS) Your shopping cart is built into amember, as is the mechanism to store the credit card info for recurring payments. The encryption for storing the credit card info will come from having an SSL on a virtual private server. For a merchant account you could easily use authorize.net. I use USAePay which has an authorize.net emulator and it works flawlessly in my amember setup. I can't speak to how difficult it may be to get approved, as I had a pre-existing relationship with them. But for this new endeavor there was no history, and they were really easy with me. For a VPS, I strongly recommend wiredtree.com. I get a 40gb fully managed VPS for about $60/month. Their support is outstanding (24/7 phone support where I have always been helped right away, and trouble tickets that are always answered and acted upon within 10 minutes or so). And fully managed means just that - they will install your ssl cert for you, and do pretty much anything you request. It really is a great company. You can get a rapidssl cert at enom.com for $10/year. Finally, there are a couple of vendors here that I worked with to finish things off, and I was very satisfied with their services. Contact Miso to integrate your amember installation into your existing website design. And go to jlogica.com (jenolan's site) for some helpful addons. I use the trellis help desk plugin he created and it works very well. If I can share any more that would be helpful, please don't hesitate to ask.
Thanks for the mention, Jack... And you are correct - if she wants to stay away from paypal (as much as I'd still offer it as a payment option IN ADDITION to a merchant account, since there are enough customers you could lose by NOT offering paypal too), authorize.net gateway of some sort is highly suggested. I would also suggest VPS hosting of some sort (I've had a few clients on www.JaguarPC.com and they offer really cheap but fully managed VPS hosting plans - never had a problem that couldn't be resolved within 30-45 mins through their trouble tickets).
My sense is that for strictly b2b, Paypal probably has the opposite effect as it does with consumers. It makes you look less professional. Actually, I have been surprised at how many of my customers not only don't care about Paypal, but use Amex instead of Visa/MC. When you do get a merchant account, you will want to be sure you are getting Amex & Discover in the process. They may have separate application processes, so make sure you have it covered.
Awesome advice, thanks very much guys. Thusfar I'm planning on staying away from paypal because of the merchant horror stories I've read. Since my service is very much not a consumer service, I'm going to hold off on paypal for now and evaluate later to see if I'd gain anything by offering it. If I can get AmEx and Discover in there, I will--I know that I've preferred to use them over Visa/MC for various reasons so I'm assuming others will too. A VPS server sounds like just what I need. As far as the SSL certificate goes, can someone please give me a little more of a background in how that works with amember to securely store credit card info? Would the RapidSSL $10/year certificate be sufficient for such a thing, or would I need additional certificates? $10/year sounds like an awfully good deal for something so crucial as credit card security! Thanks again everyone for the help!
Shelley, You install the SSL cert on the domain, and aMember instinctively knows when to switch to it (i.e. when dealing with payment info) I am not an expert on the differences between all of the SSL choices, but my host assured me there is no significant difference between them as long as what you are looking for is the basic security provided. There are some bells and whistles on the more expensive ones, like the green address bar, but for your needs, the little lock in the bottom right corner should suffice.
I can confirm that Jack's advice is very sound. A VPS with SSL is about as secure as it gets unless you want to get into heavy-duty configuration of firewalls and such. As long as you have your VPS "hardened" by the support staff, and use random passwords (mixture of letters, numbers, lowercase, uppercase, and special symbols), your site fully meets all security requirements. I can also report that my VPS hosted with www.futurehosting.com has been super reliable for the 2+ years I've had it. The support staff there are very helpful and quick to resolve problems if they arise. One other thing to mention. Authorize.net's AVS (Address Verification System) has trouble with non-US postcodes, particularly the ones with letters in them. If your business clients include other countries, you may want to look into PayPal's Website Payments Pro, which gives you the option to collect CC data on your site, and gives the professional image while still using PayPal's system. PayPal is better equipped to deal with non-US postcodes.
Excellent, I will go with the SSL you recommended through enom. $10 per year is perfectly within my budget! I'm not particularly worried about out of country customers, as the info that I'd be publishing is not going to be especially worthwhile to those outside the U.S. If it looks like I need to, though, I'll add paypal. I was wondering if anyone had any experience with the internet merchant account providers: Merchant Accounts Express The Transaction Group goEmerchant My sense is that all three are good. MCE and Transaction Group seem to both use authorize.net, and goEmerchant seems to have its own gateway. I'm basically looking to see if anyone has tried to use them, and if it was successful or if they were difficult to work with. Again, thanks to all for your help!
There's a problem with enom. Apparently they are only a reseller, and you have to sign up with them as a reseller at a rate of several hundred bucks to get the account, and then you can buy certificates at that $10 rate. Anyone have any better options for getting an SSL certificate cheaply and reliably?
Shelley, I didn't realize that... I am an enom reseller and can help you with that if you wish. Give me a call at (616) 682-5327 if you want to take me up on that.