Stripe makes none of the hardware that is currently available (the BBPOS Chipper™ 2X BT or Verifone P400). Not sure which processing platform they are riding atop of these days (perhaps Tsys?) but we maintain a separate First Data account and CardConnect integration since Stripe's support for certain BINs of business cards is lacking. Said banks expect a breakdown of what was taxable to be sent along with the transaction, otherwise the transaction will be declined.
2.7% + $0.05 per transaction is expensive for in person payments. We are averaging 1.2% (since debit is so cheap) for our First Data account, with next day funding (Stripe has variable delivery, sometimes taking up to a week).
(I work at Stripe.) Keep in mind that Stripe Terminal has upfront pricing: there are no additional software, PCI compliance, or monthly fees (or even equipment lease payments!). When factoring in these additional fees that many legacy players charge on top of the payment processing, Terminal oftentimes has more favorable pricing (along with working alongside your existing online Stripe transactions).
If you want funds in minutes, we have Instant Payouts in the US, Canada, and Singapore now, which lets you cash out to a debit card right away for a small processing fee. Our standard bank transfers are limited by existing banking infrastucture (e.g. the ACH network), but most transfers land within 2 days.
For BINs support—I'm sorry for those issues. Would you be able to email me and I can see if we can work on this? edwin@stripe.com
Stripe Terminal's upfront pricing is neat, but it would triple the processing fees of most 3+ lane retail stores while still lacking reporting of tax (causing many business cards to decline), FSA/HSA, EBT and WIC support.
I'm not going to hunt down test cards for you, but DataCap should have a few they can share if you ping them.
I'm still waiting for the ability to pay for an invoice using terminal. The use cases being a user sends an invoice to a customer and then collect payment for that invoice in person.
Could you speak more to the part about PCI compliance? My experience has been that you can provide an AOC for provided services but it doesn't make someone's PCI obligations go away entirely. Even a PCI recognized point to point encrypted solution doesn't completely remove all PCI-DSS obligations. Maybe for folks that do a SAQ it would largely make issues go away but a larger entity doing a full ROC/AOC I would imagine would still have a fair amount of work to go through. Do you also happen to work as a merchant acquirer in such a way that you can remove further PCI burden?
The best thing about Stripe was they made payment processors move. By showing them what good looks like, by showing them there's value in creating an easier, modern platform - their competitors are missing out on a massive market of SMB's that won't care enough for the 1.5% difference in costs.
Which is admittedly crazy, but there's a lot of people out there making purchasing and implementation decisions that don't really care about the bottom line.
For an SMB, the 1.5% difference in costs could very reasonably be worth it over the extra time spent integrating with a different company.
I work for an online retailer and with Stripe we spend almost no time working on our payments infrastructure because Stripe handles so much of it. That's worth quite a lot to us! Also bear in mind that the 1.5% difference might be on the sticker price, but Stripe fees are negotiable and closer to industry norms at scale.
Yeah, I was excited about this news but I'm having a hard time not wanting to go with CardConnect and a Bolt reader due to the lower costs. I really like the Stripe docs but there are some products (including a would-be-cool-to-have feature of something I'm currently working on) that are just impossible with the fees Stripe charges. I would almost swallow the 2.9% if not for the $.30 hit per transaction. As it stands today I'm fully built on Stripe but after I prove it all works in "production" I'm considering switching to CC. While their docs suck in comparison there is just way too much money (and un-buildable-features) that are being left on the table when it comes to Stripe.
For reference: I use CC for my $dayJob and while it's far from as nice as Stripe in just about every way, it's easy enough to code against. Just be ok with having to build out more infrastructure and store more data on your end to get close to what Stripe provides. That said, I think I'm ok with that if it means not having to pay $0.30/transaction and the high %.
In Canada my wife was using https://www.helcim.com , they work with Elevon. Great service overall. We were paying an average of 1.9% for in-person chip and that was due to to all the reward cards and Amex. Interac debit (not visa debit) was 9 cents per transaction. Next day deposits as well.
Came here to post this, but as a former Square employee I can tell you they designed the "puck" reader from scratch years ago and contracted directly with the manufacturers. Stripe clearly copied the industrial design but I'd imagine the internals are different. It will be interesting to see how Stripe fares with this - in person payments are a very different ball game than online. PayPal and Amazon have tried with what seems to be limited success.
I too am ex-Square, and in fact I worked on the firmware for the [https://squareup.com/us/en/hardware/contactless-chip-reader]... Reader for Contactless and Chip). All hardware design, from the external design through the mechanical and electrical is done in house.
Not going to say that Stripe was uh... influenced by the design, but I do think that imitation is a nice form of flattery.
Square designs all their own stuff. It looks similar because Square did a good job on their chip reader and because there are only so many ways you can make a chip reader without a keypad.
I don’t think they’ve ever made a $95 billion acquisition. Marvel, Lucasfilm, Pixar, each ~$4-7 billion. I believe Fox was their biggest acquisition by far, and it was decently close to Stripe, at $71 billion.
But yeah, a $95 billion acquisition would be huge, and very rare.
think they had their big yearly conference where they announce all their new stuff, so it isnt like they are just madly executing and releasing new products everyday in general.
Visa has a product where businesses accept contactless payments on Any NFC-enabled Android phone[1]. I thought that might be something stripe go after instead of it's own hardware. Interested to know why.
PIN on Glass is the endgame here, where any mobile device can effectively become a full featured payment terminal.
From experience there's still a large mental barrier from folks willing to process a payment on an individual's mobile device though. Some degree of separate physical widget provides more trust to the transaction.
/edit
Neat, it looks like the company I used to work for finally released their offering to the market.
The most common scenario in which I've made NFC payments to non-fixed points of sale is with street market stalls. Food trucks and the like.
There, vendors would prefer to have a cheap NFC terminal to take card payments than have to leave a much more expensive phone within public reach to take payments. Opportunistic thieves wouldn't find much value in an NFC terminal even if it isn't very cheap.
According to the video, it is end to end encrypted. So I could see it easier on PCI compliance if my phone never actually gets unencrypted credit card numbers.
Not entirely sure on the actual origins of this specific number but I think a crucial piece is that it passes the Luhn algorithm check [0] that is used to validate card numbers (and in generation of them to make single digit errors not result in another valid card number). 42 itself also passes the test but card numbers usually come in blocks of 4 digits so 4242 probably seems more card-like.
As to where the 42 from the Guide came from, I would recommend consulting The Hunting of the Snark.
(I work at Stripe.) The offerings are meant for different use-cases. Stripe Terminal’s great for developers looking to deploy in-person payments at tech-forward companies. Square’s great for coffee shops and other SMBs!
I'm guessing this means that the setup process of stripe terminal isn't to the point where a non-developer can plug it in and go. Square is great because anybody competent enough to install an app on their phone can use it
I’m not in the payment space, but it seems like it’s rapidly commodifying. The hardware to support mag stripe, contactless, and EMV isn’t terribly expensive per unit, and as long as there’s some bare minimum functionality, the competitive edge is the processing cost.
This seems less about stealing customers and more about keeping Stripe attractive to existing customers who might be continually evaluating other payment providers and their hardware offerings.
Long term, we likely end up like China with WeChat and Alipay, using apps and QR codes primarily for payments eventually. Venmo and PayPal support C2C and C2B payments with QR codes, Zelle is beta testing them currently.
Gravity Payments, First Data Merchant Services (the direct sales side of First Data), Vantiv/Mercury and numerous other platforms and platform resellers (Square & Stripe resell others processing platforms) have spent the last decade driving down prices.
Some wholesale contracts for certain ISO resellers are as low as 1 basis point (.01% of a transaction) and $0.01 for bank underwriting (where the bank holds the chargeback risk if the underwritten business goes bankrupt), with platform fees being as low as 3 basis points and $0.02 cents.
Stripe is probably doing the underwriting in house, hence why sometimes deposits of recent transactions to your bank account are delayed for a few days to a week.
In the merchant processing industry, there are frontends (where your transaction initially is routed for approval by Visa/MasterCard/American Express/Discover or by one of the Debit Networks) and backends (where the amounts of these transactions are debited between banks).
Stripe does use Wells Fargo for the backend settlement, they are one of the most popular acquiring banks on First Data (though many other banks can be used for underwriting risk and settlement of payments on First Data).
Interestingly Square basically created this category (the merchant aggregator) by somewhat secretly running all their early clients' payments through a single merchant account.
Don't you need to be a bank to settle funds from issuing banks? That's not what I interpreted you meaning when you said "platform reseller" for processing.
I believe Square is a bank now, so maybe they'll stop using Chase.
The frontend (what authorizes the transaction with the card network, like Visa, Pulse, Star, Mastercard, etc) and backend (settlement bank that ACHes the cash around and usually takes the underwriting risk (unless the independent sales organization, eg: Stripe or Gravity decides to do this themselves)) are generally called a payment platform in the industry.
This platform can get wrapped with many different payment terminals (Verifone, Pax, Dejavoo, Ingenico, etc) or processing interfaces (Authorize.net, PayPal, Stripe, Square, et all).
Kinda surprising, I would expect them to have underwritten their own payment processing, but it might be the case that they don't want to have the outsized liability of chargebacks on their books if a client business goes bankrupt, all to save 2 cents on a $100 transaction.
Perhaps once the US economy slows its rapid economic shift they will consider handling their own underwriting and batch settlement.
This is tangential but you seems really knowledgeable about the payments industry. Can you perhaps recommend some sources to understand how the payments infrastructure works (POS but also web/online/mobile)? I only seem to have a broad idea and would love to understand the nitty-gritty of it all!
Beware, Gravity screwed over numerous businesses I work with. They purposefully misclassified businesses SICs (a code that defines what very specific category your business is, eg: a bar or a restaurant) to reduce credit card processing fees (interchange fees) for their customers, but were caught doing this for a massive number of businesses.
The card networks and issuing banks that had this money stolen from them went after the businesses that dodged these fees illicitly, with bills of tens of thousands or hundreds of thousands of dollars for fees that should have been paid.
> Square’s payment APIs are free to integrate into your software. For online sales, the only cost is 2.9% + 30¢ per payment transaction. Sales made with Square’s POS app are charged at our standard fees: 2.6% + 10¢ per swipe, chip card dip, or NFC payment. Manually entered transactions are charged at 3.5% + 15¢.
The last time I had to swipe a card in Belgium was in the 1990s. That was swipe-and-pin. At no point in my life have I ever had to sign a manual signature for a payment.
Lately contactless payments (with and without pin) have been gaining in popularity. Most payment terminals now support them. I'm sure there's a market for Stripe Reader in the US, but I can't imagine there being one over here. Unless they're a lot cheaper than the current providers; or they start accepting a lot more payment methods.
The first and only time I've ever had to swipe and sign was on an AirAsia flight a few years ago.
I had never actually bothered to sign my car, which was apparently a problem for the flight attendants, even though my passport (with a matching signature) had the same name, and obviously did my ticket. But by whatever logic, they were happy with me signing the card there and then.
It amazes me that swipe and sign was ever considered vaguely secure. Most teenagers learn how to forge their parents signature during their high school years.
I signed on a LCD screen just a week ago in Germany for a card payment in Germany. It is surprising common here.
However, contactless payments are gaining popularity very fast here. Actually contactless in general in Germany is rising very rapidly. I think this is due to hygiene fears.
I agree that the pandemic has been a big driver of contactless payments. I dislike them myself. NFC terminals get confused as hell if there are multiple contactless cards nearby (there are 6 in my wallet, none of which I use..). Inserting a card in the terminal and entering my pin is only a few seconds slower and it feels more secure.
We used to have a chip-without-pin payment scheme for small amounts, called Proton, but it never really caught on and got scrapped a few years back.
What do you mean by using your PIN "feels more secure". It's more secure for the retailer, but it's less secure for you.
Any time you have to enter your PIN you are putting yourself at risk of someone seeing it. It could even be a fake PIN pad, so covering with your other hand won't help. If they can then steal the card from you, they can spend freely at merchants and withdraw cash at any ATM up to 2X your daily limit (once at 23:59, once at 00:01).
If they steal your card without a PIN, they can use it contactlessly only for small transactions up to the contactless limit, and only for a limited amount before the card will stop working (if you make too many contactless transactions in a row, the bank will refuse one and demand a PIN transaction). (At least in the UK), you are not liable for the contactless transactions made after your card was stolen.
You raise a good point about the limits -- although the contactless limits have been raised here due to the pandemic. But I think you're underestimating the physical security of the payment infrastructure. Card terminals (here at least) are extremely secure. They are highly tamper resistant; they cannot access the network if they've been tampered with.
These NFC terminals on the other hand, I have my doubts about many of them. Especially the ones that are basically glorified phones.
Stealing a PIN and a card would be a targeted attack (or an extremely lucky break). When that happens, depending on the bank, taking out money might even be dumbest course of action. Many banks have online services that can be accessed using a card reader (and the card, and the pin). Limits there tend to be much higher, and there won't be an ATM camera filming you.
The tamper resistance is less important if you don't have to enter your PIN. The protocols are secured from the card to the bank - the card has a CPU on board.
Tampering with the NFC reader doesn't really get you anything. Tampering with a PIN pad does let you copy someones PIN.
You say that as if "the US" isn't a big enough market to justify a product (swiping is pretty rare in the US as well though, EMV is pretty universal, and contactless is gaining ground quickly).
I don't really see what that bring compared to Stripe Terminal.
Other than the fact that it doesn't have a keyboard for typing PIN code, which makes the chip reader useless for many cards (all of them in France at least).
and I get the impression that Square already has decent saturation in point of sale systems. Anyone that wasn't already vendor locked, or would have been cash only, is using Square already. Other the past year I've seen many leapfrog that straight to Venmo (haven't seen any vendors using Square's Cashapp personally). If you aren't in the system you're illiquid.
It's been almost 3 years Stripe Terminal has been announced and still no announcement for an actual release in Europe.
As it was scheduled for the end of 2020 at the beginning, but "undefined" by now, it seems the Stripe teams encounter important difficulties.
After 5 requests to support, I'm sure they don't want to communicate clearly for a deployment in Europe, and this is hence a no go to choose Stripe as a payment solution to develop stuff like modern POS software. What a pity, I like Stripe so much...
How do you enter a PIN code? i.e. Wholefoods accepts contactless payments and then guess what...you need a PIN code.
I guess an app somewhere (like on a phone or iPad) needs to be handed over to you to do that...? I really dislike PIN code backed payments, the whole touchless/contactless experience should be as fast as paying for the "tube" in London with an Oyster IMHO
PIN entry (for PIN Debit, Healthcare Savings Account, EBT, WIC) is not supported on the Stripe Reader M2 as there is no PCI-DSS compliant PIN Pad.
PIN Pads have the underwriting bank's encryption keys injected into them at a secure facility, and these pads have anti-tamper features (think thin ribbon cables that tear when opened, contact sensors to detect case opening, heat and vibration sensors, all battery backed where if the battery dies the PIN Pad is toast).
Generally mobile/web based payments don’t require PIN. I’ve never been prompted on a Square or Toast machine— only place I’ve ever been asked is on a traditional PINpad and Clover machines.
Neither Square or Toast support PIN entry, whereas a Clover (made by First Data, the largest processing platform) and Ingenico/Verifone equipment have the proper hardware to ensure physical security while they encrypt the PIN in transit back to the bank your platform uses to process the transaction.
PIN Debit transactions are less expensive to process since there is less risk, but it adds complexity (First Data has many different bank keyloads like Carlton 500, Wells 350, etc depending on the bank that is underwriting the chargeback risk for your account if your company folds).
Square does support PIN entry: you just enter the PIN into the touchscreen of the mobile device. Square developed a way of securing the PIN that doesn't require dedicated hardware. (It's now a PCI security standard: "Software-based PIN Entry on COTS".)
Yes, there may be some markets where Square doesn't support PINs. I took your comment to mean that Square doesn't support PINs at all, and that it's because of a physical security requirement. I couldn't resist responding to that, since neither of those has been true for a while.
I'm not going to enter my PIN into someones mobile unless I have a way of verifying the app they are using is really the app it says it is. I can't see how that could possibly work.
That's actually true! I totally forgot about my most recent Square/Clover experience...it's been months since I paid on those. Thank you for reminding me. I wonder how does it work in the back at the bank level, why are those OK vs like a Wholefoods or corner-store...
I think it’s configurable at the store. I’ve noticed a lot of transactions that ask for my pin usually say “please enter your pin or press here to skip,” save for 7-eleven (that’s like the only place where I actually have to enter it). PIN entry likely reduces liability, and I believe it’s significantly harder to chargeback for fraud.
It may be inconvenient, but the main point is to help prevent someone from emptying our bank accounts by merely stealing our debit cards or walking around with a contactless payment terminal in the tube.
Totally see the rationale for annexing this profit pool (offline / card-present transactions)....but this doesn't feel to me like it is aligned with "increasing the GDP of the internet" -- unless I am missing something. And I'd love to be missing something, because thinking about Stripe and their strategy is very fun.
The best online merchants these days are about successfully mixing online and offline experiences. The term of art here, if you want to Google it, is 'omnichannel': the idea that their experience with the merchant should seamlessly span all the channels (online storefront, brick and mortar storefront, support channels, etc.). One major use case for Stripe Reader would be as a payment solution for omnichannel merchants.
Omnichannel commerce is a product of the Internet, and specifically an Internet that's capable of supporting commerce, because a business could not operate this way without it. Seen through that lens, Stripe is "increasing the GDP of the Internet" here.
Though, I admit, this is starting to stretch the limits of how much you can consider "the Internet" being a separate place.
I (almost) can't believe they didn't name it the Stripe Swipe.
On the other hand, being not in the US, swiping cards to read the actual magnetic stripe is really quaint and not something I do a lot of these days. And it would have been weird to name it for a minor/compatibility feature, I guess.
I'm currently implementing Stripe Terminal functionality for an iOS project using the BBPOS Chipper. Does this Stripe hardware do anything that the Chipper doesn't? Or are they simply moving away from generic looking 3rd party hardware?
How do I know that the device is really running your mobile app, not a copycat app and the real app is running on a device under the table or elsewhere? Seems like an easy thing to fake.
2.7% + $0.05 per transaction is expensive for in person payments. We are averaging 1.2% (since debit is so cheap) for our First Data account, with next day funding (Stripe has variable delivery, sometimes taking up to a week).