How to Get Approved by an Online Payment Provider
So, you’ve built your website and it looks great. And guess what - you’re starting to get some traction, even better! And now you’re beginning to think about monetising it. Maybe you’re asking yourself some questions. When is the right time to start charging? How much should we charge? What technology should we use for payments? Is this going to be complicated, and what could go wrong?
At my company, we started taking payments on our global consumer services marketplace back in 2013. For the first three years, everything was stable – our payments solution was running perfectly. But then we hit a problem – an x-rated problem. Our payment gateway terminated our contract and gave us 14 days to find a new e-commerce solution. We should never have made such a naïve mistake, we never even intended to deal in adult services but somehow we ended up doing just that, and we found ourselves in breach of our payment provider’s terms.
We cleaned up our business under extreme time pressure, and then through hard work (and a lot of trial and error), we managed to resume taking payments with a new payment provider a few weeks later. During this journey, we learned a lot of lessons about dealing with payment providers, and in this article I share these learnings with fellow entrepreneurs.
I hope that the sections below will be of some use to you as you take steps towards implementing (or rescuing) the e-commerce side of your business.
When is the Right Time to Start Charging for Your Product?
The standard rule in startups is to make your website free until you get some traction. Then you reach a grey area where you could start charging your users but it would have a downside: if it’s no longer free then the growth of your user base is likely to slow down.
You need to ask yourself, what value are you offering your users today? Not all of your users as a whole. Rather, if you isolated a single user and looked at them on their own – are you offering them enough value to justify charging for your product?
To answer this question, we decided to build a Return on Investment (ROI) Calculator directly into our website. We needed to look at all of the ways in which we were offering a benefit to one of our users, and then we needed to turn this into a clear and transparent financial estimate for a given period and compare this to what we proposed to charge over that same period. If the benefit outweighed the cost, then it was win-win and we should expect the user to be keen to invest in our proposition.
To identify all of the benefits to a user, it may help to analyse what has driven them to visit your website in the first place. You might be in for a surprise. In our marketplace, we charge our sellers a quarterly subscription to receive qualified leads from buyers. We thought this was our only selling point, but then we analysed our visitors’ behaviour using Mouseflow in conjunction with how they had arrived at our website (using our web logs), and we realised that they also wanted to know if being listed on our website could improve the search ranking of their own website. We discovered that our sellers’ websites often do receive a boost to their search ranking when they sign up, so we started to promote this across our website as a secondary benefit, and also added the benefit to our ROI Calculator.
Of course, you must A/B test your website in order to find out how best to promote your value proposition. We found that we increased signups by around 500% through around six weeks of A/B testing.
If you’re not sure what A/B testing is, it’s very simple – you invent two versions of the same user interface or web page, and then you analyse how your users interact with each one. Whichever interface gets the best results for your business is the one you should go forward with. You can vary anything you like, including: the words you use, the layout, fonts, font sizes, colour schemes.
We actually tend to use about four variants of a web page and analyse the effectiveness of each. Then we pick the two top performers and see if we can come up with another four variants based around these top performers, and we test again. Repeating this cycle many times over can lead to a very positive change in how you communicate your proposition to customers. It’s a bit like evolution theory – survival of the fittest – and it’s your customers who decide what works and what doesn’t.
How Much Should You Charge?
If you have an ROI Calculator in place, then working out how much you could reasonably charge a customer gets a little easier, although there is still a judgement to be made – should you charge 1% of their ROI? 10%? 50%?! A flat rate for everyone, or decided on a case-by-case basis?
We trialled a few different price points to see what would happen. We started with a low-to-medium price to get a baseline from which to work. Then we tried a very low price. Unsurprisingly, we got more signups but overall our revenue was lower because the increased signup rate didn’t outweigh the drop in price. Then we moved to a higher price than our original baseline. To our surprise, the signup rate only reduced very slightly from the baseline price, so the higher price point turned out to be optimal for our business.
We have drawn two conclusions from this.
Firstly, you might have underestimated the value of your product. Because startups are hard to build, and because you may be desperate to acquire your first paying customers, you can fall into the trap of thinking you should charge rock-bottom prices. But in reality, if you can demonstrate a benefit to your users then it’s going to be worth paying for.
Our second conclusion was that buying something is not just a logical transaction, it’s also an emotional one. In other words, once somebody has decided they really want something, they don’t tend to focus solely on price – they focus on value. You can see this in many areas of retail, most notably designer brands such as Mercedes (just a car?) and Jimmy Choo (just a pair of shoes?), and this may apply to your business too – sell to your users based on value, not price.
Setting up E-Commerce – What’s Involved?
Setting up an e-commerce solution typically involves three getting three key components in place:
- A checkout where the customer provides their card details in order to make a payment. The payment request is then passed to…
- A payment gateway, which authorises the payment and then talks to…
- A merchant account, which processes the payment and deposits the funds received into your bank account
A few companies such as Braintree, Stripe and Shopify offer all three as a one-stop-shop (called a “full-stack payments platform”). If you go with one of these, then you can be up and running and taking payments securely from within your website in a matter of hours.
If you are unable to, or do not want to, go with a full-stack payments platform, then you’ll be getting into the “mix-and-match” of selecting and implementing components that are compatible with one another. If only all products at each level of the technology stack worked with each other. Alas, this is not the case – you will need work through your selections carefully.
Whether you go with a full-stack payments platform or a mix-and-match, you will have to go through one or more application and approval processes. These can take weeks to complete, and rejections are common.
If you apply to just one payment provider and receive a rejection, then not only will you have lost valuable time, but you will also need to determine which payment provider to apply to next. You will then have to go through another application process and await the outcome – more lost time and no guarantee of approval.
In our case, we had a total of six different payment providers reject us. This was a stressful experience, but we learned a lot from it, and we found a way to improve how we engaged with e-commerce providers. We developed a “Company Information and Policies” document which served as an information pack that we could sent to support our applications. This fresh approach was so effective that we were able to go back to our preferred solution provider and successfully get through the application process in spite of the previous rejection.
I don’t want you to go through the same pain as us (in terms of product selection pitfalls and failed applications), so I am sharing what we learned in the sections that follow.
Key Considerations When Selecting E-Commerce Software
Is This Payment Provider’s Product Available in My Country?
This isn’t so much about the country or countries where your customers are, rather it’s about where your company is based. Some products are only available to companies from specific countries.
Does This Payment Provider Require My Business to be Registered?
Some payment providers will only deal with registered businesses, or those with tax numbers, so if you are not a registered business or are not tax-registered then you need to check the position with any provider you are considering. Most payment providers will deal with non-registered businesses, but the application process is sometimes smoother if you are registered.
Can This Payment Provider Accept the Currency or Currencies I Want to Take Payments In?
You need to check the currencies accepted by any product you are considering, since they all vary. It’s worth noting that some products support more currencies than is stated on their websites, so you may want to write to their support team to make sure what the position is.
Does This Payment Provider Allow the Secure Import / Export of Existing Card Data?
This is a very important consideration if you use a subscription model for your business. Let’s imagine that you have built up a user base of 20,000 customers paying by subscription. If for some reason you need to move to a new payment provider, will you be able to securely export your customers’ card data and import it into the new payment provider’s vault?
If the answer is no, then you will need to write to each of your customers and ask them to re-provide their card data when you are live with your new payment technology. It’s pretty much a certainty that some of your customers will ignore this request, and as a result your business will immediately see a reduction in revenue. This is a big risk, and it could put you off switching technologies – as such, I feel that payment providers that do not offer card portability are effectively locking you in.
From our experiences in 2016, Stripe and Braintree did support card portability (yay!), and 2Checkout and Sage Pay did not (boo!).
Is this Payment Provider’s Product Compatible With the Other Products I am Considering in my Payment Technology Stack?
As mentioned earlier, if you are not going for a full-stack payments platform, then you will need to make sure that the products you select are compatible with one-another.
Would My Website be in Breach of This Payment Provider’s “Terms of Service” or “Acceptable Use Policy”?
It is imperative that your business meets, and continues to meet, the terms and conditions of your selected payment provider. Even if you have been with a payment provider for years, it is possible for your business to become in breach of terms, and the payment provider can terminate your account at extremely short notice. Whether they give you no notice, 24 hours’ notice or 28 days, this has the potential to severely damage your business.
To determine if your solution is going to be in breach of terms, you’re going to need to carefully read the “Terms of Service” and “Acceptable Use Policy”. Once you’ve done that you might find that you are still unsure because there can be ambiguities. Here’s an example:
“Lawyers pay to advertise their company on my website, and this payment provider’s acceptable use policy prohibits the use of their product in connection with legal services. Would my business be in breach?”
Sometimes the answer cannot be found in the small print, so you may need to ask the provider. In one case we came across, it would be a breach if a buyer paid a lawyer via the payment provider for the provision of legal services, but it wouldn’t be a breach if a lawyer paid the platform for the advertising of legal services.
What a minefield!
Here’s another one. Some payment providers will allow your website to display adult content, but they won’t allow you to accept payments from adult service providers. Other payment providers will not allow any adult content on your website whatsoever. And then there’s the definition of “adult”. For some payment providers, escorts and erotic massage providers are not allowed but anything else goes. For others, they won’t allow strippers and naked butlers. Some go further and won’t allow service providers who have anything to do with "stag and buck" parties.
If any content on your website is user-generated then there is a risk that your users could generate content that is deemed to be prohibited, and if you don’t have appropriate content monitoring processes in place then your business may be unaware of this. You run the risk of your payment provider discovering this content before you do, since they have automated processes for finding prohibited content.
If you think there is any risk at all that you would be in breach of a provider’s terms, then my advice is to ask them. You need to be 100% transparent with them. If you do not feel comfortable being 100% transparent, then you probably have something to hide and your business is probably borderline – therefore, sooner or later, somebody working for the payment provider will decide that you are in breach and you don’t want to get to that position because it is very difficult to recover from.
Another area of potential breach relates to the countries in which your website is used. Do you have any user activity in OFAC-sanctioned countries, e.g. Iran, North Korea? If so, then it’s probably a breach. Even if you have no such user activity, do you have policies and procedures in place to prevent this? If not, then your prospective payment provider may think your business is too high-risk to take on. Unfortunately, OFAC issues aren’t simple. There are “comprehensive” sanctions but also a longer list of “targeted” sanctions (which includes countries such as Yemen where some types of trade are considered acceptable). Here is a link to the official OFAC website: https://www.treasury.gov/about/organizational-structure/offices/Pages/Office-of-Foreign-Assets-Control.aspx.
The Application Process
Because of the high failure rate associated with the application process, you should expect to have to submit multiple applications. In fact, it may be worth submitting several applications in parallel if you are very short of time.
When you apply to open an account with a payment provider, they will assess your business in two key areas – do you adhere to the terms, and what level of risk do you present? I discussed adherence to terms and conditions in the previous section, so now let’s take a look at the assessment of risk.
When a payment provider assesses the level of risk in your business, the main thing they seek to understand is how financially exposed your business could become. In other words, if your business were to fail suddenly, they want to know how much money you could owe to people who have paid for services or products that you can no longer provide. In such a situation, your customers could request compensation from your payment provider, and as a result payment providers do not want your business to become highly exposed.
Understanding this concept can really help you to think about your business model and how appealing it would be to a payment provider in its current form.
Here are the key areas that we learned about during our recent e-commerce application submissions:
If your business generates revenue through subscriptions which are paid in advance then there is a risk of exposure. Let’s say that your customers pay £200 in advance every six months, in return for six months of services. If a customer pays you £200 today, then you owe them six months of services. If you were to go out of business today then you would have taken their £200 but not provided the services owed to them so effectively you owe them £200. It is possible that your business is unable to pay this £200 back, and if that happens then the debt has to be picked up by your payment provider.
Now let’s say your business plan forecasts that in three years’ time you will have 5,000 customers paying £200 every six months. That’s an annual revenue of 5,000 x £200 x 2 = £2m. Your payment provider will probably take around 3% of your revenue for the using their services, i.e. £60,000 per year. If you go out of business, then (assuming that your customers’ payments were distributed evenly over the last six months) you will owe your customers around 5,000 x £200 x 0.5 = £0.5m. Since you’ve gone out of business, your payment provider will have to pay your customers back on your behalf. £0.5m might be too big a risk for your payment provider to take on in return for £60,000. Now here’s a way to significantly reduce that exposure: reduce your subscription period from six months to one month. That will take your exposure down to £83,333 – this is a much more attractive proposition to your payment provider.
Shipping and Refund Factors
If you run a business involved in shipping goods or providing services, then a payment provider will be interested in how long it takes you to fulfil an order – the longer it takes, the higher the financial exposure. They will also want to know when you charge for goods or services purchased – if you charge when an order is placed, that’s a higher risk than if you charge when an order is fulfilled. For goods, they may also be interested in your shipping methods, order tracking methods, and insurance.
Payment providers are also interested in your refund policy. If you offer no-quibble and fast refunds, then that’s low risk. If you don’t offer refunds, then that can lead to disputes (high risk).
Clearly, there are a number of opportunities here to ensure that your business is considered low risk by payment providers, and it’s worth noting that lower risk ways of working will also appeal to your customers.
Parties Involved in Transactions
During our application process, we were asked whether we wanted to process payments between buyers and sellers on our marketplace. We answered no, and that payments would only take place between sellers and our company. This appeared to be a less risky business model than having payments processed between buyers and sellers.
During our numerous applications to payment providers, we detected that a payment provider’s decision is in part subjective. That is, they seems to make decisions based on what they think your business is like, rather than what it is like.
In particular, following the submission of an application, there was a lot of Q&A undertaken via sporadic email conversations, with messages passing through multiple parties (e.g. the underwriter asks the customer agent to ask the applicant a question, and then the answer goes back to the underwriter via the agent). We found that the questions and answers were often subject to long time lags and misinterpretation. We didn’t know if the same underwriter was asking all the questions, or if the application was being passed between underwriters. We didn’t know whether to write long or short answers. We had periods where various people in the chain were on annual leave and this was leading to further delays and miscommunications. With all this going on, it seemed like the decisions being taken were rather subjective (“do I have a good feeling about this applicant / company?”), and this subjectivity was leading to our applications being rejected.
So how to break the cycle? We analysed all the Q&A we had received and decided to write a single “Company Information and Policies” document to explain everything that we thought was relevant about our business. This document could be submitted to support an application, and would hopefully immediately answer all the questions an underwriter could have, enabling them to get a complete view and make an informed decision without delay. Because we had made so many applications, we had a lot of Q&A on which to base our document, and we went a stage further and considered all of the other ways in which we felt we could demonstrate that we were running a responsible, viable, low-risk business.
And you know what? It worked! Our applications were processed quickly and we had a much higher success rate. We set out below the broad content of our “Company Information and Policies” document, and we hope that this will help you with your applications to payment providers.
“Company Information and Policies” Document
Here is a link to a sample "Company Information and Policies" document: intently.co/Sample Company Information and Policies Document.docx. This is a Microsoft Word document - if you cannot read this file, please contact us and we'll send the document to you in a different format.
We recommend using something like this to support your payment provider applications.
Resilience – Have a Contingency Payment Solution
Because there is always a risk of your payment provider terminating your contract at short notice for some unexpected reason, I recommend that you implement a second e-commerce solution as a backup / contingency in case this happens. That way you can switch to the contingency solution quickly if your primary solution is shut down.
Apart from contract termination, this could also be due to the primary payment provider shutting down at short notice, or some other part of your technology stack failing at short notice. For example, we had a situation where our hosting company did not keep up with the latest versions of TLS (a security protocol) and our payment solution would only continue to work if we moved to a new hosted server with the latest version of TLS. We chose to migrate to a different hosting company, but we could have switched to our contingency payment solution if it had become necessary.
Well, if you have managed to get this far then thank you for reading this article. Finally, I want to summarise our key learnings:
- When selecting payment provider products, there are a number of considerations. Most importantly, you should check if they allow the import / export of encrypted customer card data, and that you would not breach their terms
- Ensure you have policies and procedures in place to keep unwanted content and users away from your website so that you do not breach the terms of payment providers in future
- Take time to understand the risks your business would pose to potential e-commerce partners, and work out how to reduce / mitigate these
- Write a “Company Information and Policies” document which you can use to support applications – it will help to position your business positively and mitigate risks when an underwriter reviews your application
- Apply to several payment providers in parallel to reduce the time-impact of rejections
Thanks so much for reading my article!
This article is accurate and true to the best of the author’s knowledge. Content is for informational or entertainment purposes only and does not substitute for personal counsel or professional advice in business, financial, legal, or technical matters.
Questions & Answers
© 2017 Neil Harris