|
Grex > Coop11 > #165: Grex Memberships by Credit Card | |
|
| Author |
Message |
janc
|
|
Grex Memberships by Credit Card
| 
Apr 1 04:15 UTC 2000 |
At http://www.cyberspace.org/grexmart/catalog.html there is a page that
allows you to buy Grex memberships by credit card. It's still in the
testing phase, but we think it works.
Some notes:
- We've done one live test of this. We won't know entirely if
it worked until we get the month-end statement in a few days,
but we think it did.
- The actual credit card submission stuff is not on Grex, but on
a server run by "Charge Solutions". Only the first couple pages
you see are under our control (If the URL doesn't start with
http://cyberspace.org, then it isn't our page). This is good
because we don't want to put anyone's credit card numbers on a
open system like Grex. It's bad because those pages don't perfectly
fit our needs and can't very easily be adjusted.
- The three pages I wrote are the catalog page you see first, the
membership page and the Grex manual page. The plan is to add
pages for T-shirts and such later. The membership page is meant
to stand alone.
- It uses a shopping cart model. I don't think this is amazingly
appropriate for buying memberships, but it is at least very
familiar.
- There is no box on the form to enter your Grex ID. I can't add
boxes to that form. There is a comments box and the web page
suggests that you put your Grex login there.
- At the low volumn of business we expect to be doing, we will
probably be paying a flat rate per month for doing the credit card
thing. This means that you aren't costing Grex money if you pay
by credit card instead of by check.
- I think it may be possible for us to take Discover as well as
Visa and Mastercard. This needs more study.
- When you make a purchase, your credit card will not be charged
immediately, though the credit card number will be checked and
approval for the transaction obtained. Email gets sent to the
treasurer (the Email does not contain credit card numbers), and
when the treasurer has set up your membership, or whatever, he
hits a button that completes the transaction.
I plan to start advertising this after we have the March statement
and have established that we really got the money. Meanwhile, I'm
looking for comments and feedback.
|
| 36 responses total. |
hhsrat
|
|
response 1 of 36:
|
Apr 1 19:12 UTC 2000 |
I'll be happy to guinea pig if you want. Drop an e-mail.
I might wait until we have the grex logo apparel available by credit
card though.
|
albaugh
|
|
response 2 of 36:
|
Apr 2 03:58 UTC 2000 |
Do you feel that at some point it will be better for grex if people pay for
memberships via credit card rather than via check? And will using a credit
card for membership payment be sufficient for identification?
|
aruba
|
|
response 3 of 36:
|
Apr 2 04:19 UTC 2000 |
No and yes.
|
aruba
|
|
response 4 of 36:
|
Apr 2 04:20 UTC 2000 |
Thanks, Jan and Greg, for working on this.
|
flem
|
|
response 5 of 36:
|
Apr 2 18:35 UTC 2000 |
As to whether or not it's better to pay by check or credit card...
The fees for a credit card transaction are 3.05% of the transaction,
plus $0.35 processing fee, plus an AVS fee (Address Verification
Service?) which appears to be $0.05 per transaction.
But, the minimum monthly processing fee is $25. So, the detailed breakdown
of February's fees is as follows.
------------------------------------------------
Summary of Card Fees
1 transaction (a test) $0.35
------------------------------------------------
Summary of Miscellaneous fees
Total Card Fees $0.35
Monthly min. fee $24.60
Customer Service $10.00
AVS fee $0.05
Total charges $35.00
So, assuming for simplicity that all credit card transactions are
for $60 (1 year membership), the fee for each transaction would be
60 * 0.0305 + .35 + .05 = $2.23. Since 11 * 2.23 = 24.53, we would have to
have 12 of these $60 transactions in a given month before our total fee
would get more than $35. If we're taking in $700 a month through credit
cards, I for one am not going to worry about a slightly larger fee.
On the other hand, checks don't cost us anything. But unless we're taking
in about $700 a month in credit card payments, there will be no difference
between checks and credit cards as far as the bottom line is concerned.
|
dpc
|
|
response 6 of 36:
|
Apr 2 19:09 UTC 2000 |
This is a good experiment! I'll be interested in seeing if the
number of memberships increases because of the supposed ease of
using a credit card. I hope so, because I don't like to see us
absorbing a $35 fee each month if the number of the memberships
stays the same.
|
aruba
|
|
response 7 of 36:
|
Apr 2 19:23 UTC 2000 |
You are correct to characterize it as an experiment, Dave. That has been
the board's thinking all along. We figure we'll try it and see what
happens.
|
janc
|
|
response 8 of 36:
|
Apr 3 03:12 UTC 2000 |
(Actually, the $35 a month isn't the only fee we are paying.)
|
janc
|
|
response 9 of 36:
|
Apr 3 03:18 UTC 2000 |
When I did the test, I got a chunk of E-mail that looks like this:
=====================================================================
From nobody@exeter.opp.net Fri Mar 31 22:25:25 2000
Date: Fri, 31 Mar 2000 19:27:39 -0800 (PST)
Reply-to: treasurer@cyberspace.org (Cyberspace Communications)
From: treasurer@cyberspace.org (Cyberspace Communications)
Subject: Cyberspace Communications Transaction Receipt
Apparently-To: <janc@grex.org>
Merchant Information
Receipt #: 399668
Name: Cyberspace Communications
Address: 711 Duncan St
City: Ann Arbor
State: MI
Zip Code: 48103
Country: USA
E-mail: treasurer@cyberspace.org
Website: http://cyberspace.org/
Phone: (734) 7419351
Fax: (734) 9306564
Billing Information
Card Number: XXXX XXXX XXXX XXXX
AUTHORIZATION ONLY - Your card was not charged at this time
Trn Date: March 31, 2000
Amount: 60.00
Trn Code: 025218Y
Additional Information
INVOICE
Bill To:
Jan Wolter
607 Ross Street
Ann Arbor MI, 48103
United States Of America
Daytime Phone: (734) 995-6716
Evening Phone: (734) 995-6716
Ship To:
Jan Wolter
607 Ross Street
Ann Arbor MI, 48103
United States Of America
Phone: (734) 995-6716
METHOD: ground
SKU Description Quantity Unit Price Total
----------------------------------------------------------------------
M12 One Year Grex Membership 1 60.00 60.00
----------------------------------------------------------------------
Sub Total: $ 60.00
Grand Total: $ 60.00
This is not a test.
HOST: aa1-241-167.detroit.usabestnet.net
ADDRESS: 209.142.241.167
BROWSER: Mozilla/4.61 [en] (X11; I; Linux 2.2.12-20 i686)
=====================================================================
Kind of ugly. This "This is not a test" is what I wrote in the
comments field. The credit card number was censored out already,
which is good. I think Greg can change the address given for Grex,
perhaps to the PO Box. He can also change the phone numbers (maybe
put dashes in them).
|
janc
|
|
response 10 of 36:
|
Apr 3 03:22 UTC 2000 |
Once Greg completed the transaction, I got another chunk of mail, also
ugly:
=====================================================================
From nobody@exeter.opp.net Fri Mar 31 22:49:45 2000
Date: Fri, 31 Mar 2000 19:51:17 -0800 (PST)
Reply-to: treasurer@cyberspace.org (Cyberspace Communications)
From: treasurer@cyberspace.org (Cyberspace Communications)
Subject: Cyberspace Communications Transaction Receipt
Apparently-To: <janc@grex.org>
Merchant Information
Receipt #: 399682
Name: Cyberspace Communications
Address: 1000 Island Drive Ct. #103
City: Ann Arbor
State: MI
Zip Code: 48105
Country: USA
E-mail: treasurer@cyberspace.org
Website: http://cyberspace.org/
Phone: (734) 623-2916
Fax:
Billing Information
Trn Date: March 31, 2000
Amount: 60.00
Trn Code: 025218
Trn Type: Force
Card Number: XXXX XXXX XXXX XXXX
Additional Information
HOST: adsl-pool-1-c7b2b8b4.detroit.mi.ameritech.net
ADDRESS: 199.178.184.180
BROWSER: Mozilla/4.61 [en] (Win98; I)
Credit Card Transaction Processing services provided by Charge
Solutions.
http://www.ChargeSolutions.com/
=====================================================================
I'm not sure why they find it useful to tell the customer what ISP
and web browser is being used by Greg. Note that Grex's address has
changed since the last E-mail. Did Greg change it, or is something
weird? I must say, I'm not impressed by Charge Solution's software.
|
janc
|
|
response 11 of 36:
|
Apr 3 03:23 UTC 2000 |
Then I got this message:
=====================================================================
From flem@grex.cyberspace.org Fri Mar 31 23:30:43 2000
Date: Fri, 31 Mar 2000 23:32:05 -0500 (EST)
From: Greg Fleming <flem@cyberspace.org>
To: Jan Wolter <janc@grex.cyberspace.org>
Subject: Money received
Hi, jan. I processed your credit card payment today, thanks! Your
membership is paid through 3/31/2001.
=====================================================================
Now, that's much more civilized. Thanks Greg.
|
scg
|
|
response 12 of 36:
|
Apr 3 04:37 UTC 2000 |
That's an address in the apartment complex where Greg lives. I'm assuming
its his address.
|
jep
|
|
response 13 of 36:
|
Apr 3 19:07 UTC 2000 |
I think this will pay off. I'm some 7 months behind in paying for my
membership, I think, because I don't use Grex from home much, and it
never occurs to me while I'm there that I should send a check. However,
if I can browse Grex and see a friendly reminder from the treasurer
including a URL which will allow me to use a credit card, I'll do it.
I'd do it now, except I think I'll wait until Grex gets a statement so
we know it really works.
Can Grex charge a surcharge for credit card fees? I for one would not
mind paying extra for the convenience of using a credit card.
|
flem
|
|
response 14 of 36:
|
Apr 3 19:22 UTC 2000 |
Yes, I changed the address between the two emails Jan points out. It
probably is better to change it to Grex's PO box, which for some
reason didn't occur to me before...
The "more civilized" message is a slight modification of the one I
usually send when I update the "official" records. Its main purpose is
to let you know what the new expiration date for the membership is,
which information is not available elsewhere.
Other fees... I think there's also a $0.50 charge per transaction on the
Charge Solutions end. I can't think of any other recurring fees besides the
$35/month one for CardService.
|
aruba
|
|
response 15 of 36:
|
Apr 3 21:14 UTC 2000 |
Re #13: My understanding is that it is a violation of our merchant agreement
to charge extra for using a credit card.
|
hhsrat
|
|
response 16 of 36:
|
Apr 4 00:50 UTC 2000 |
So, we raise all our rates, then give a discount for paying by cash or
check ;) Although, that is slightly unethical.
Seriously though, I would not object to paying more for being able to
pay with a credit card. Maybe in addition to the membership fee (once
this system is tested) I'll add in a $5 donation to the Silly Hat Fund
or something.
|
mdw
|
|
response 17 of 36:
|
Apr 4 00:50 UTC 2000 |
It's not a violation though if people *choose* to give extra, as long as
it's of their own free will. I don't know why, but a lot of places
(like all the pbs stations) seem to prefer charge cards.
|
scg
|
|
response 18 of 36:
|
Apr 4 01:19 UTC 2000 |
When you have a professional billing department dealing with large volumes
of payments, credit cards can be easier to deal with. If you pay by cash or
check you mail in an envelope, adn then somebody has to open the envelope,
count the money or read the amount off the check, enter the payment into the
accounting software, and then take the cash or check to the bank. With a
credit card, they can get the card number over the phone (or open an envelope
and read it off a piece of paper), enter it into the computer, and the rest
can get taken care of automatically. In the case of recurring billing, cash
or checks have to be dealt with every month while the credit cards can be
entered into the computer once, and charged every month automatically.
How this translates to Grex is anohter question. My understanding is that
the current system still requires a fair amount of human interaction, in part
due to missing features and in part due to being designed that way. It
doesn't sound like Grex's procedure supports automatic recurring billing in
a useful way (should it?). Our treasurer isn't paid, so his time doesn't cost
Grex money (but may cost some amount of good will).
|
i
|
|
response 19 of 36:
|
Apr 4 02:43 UTC 2000 |
Lots of places like PBS prefer credit cards because, once they've got
the card # and info, them getting paid is the customer-takes-no-action
default. The (pretty fixed and budgeted-for) percentage that they lose
to MasterPlastic, Inc.'s fee structure is much less what they would
lose to the (roll-the-dice) percentage of customers who took-no-action
defaulted to not bothering to mail 'em a check.
|
other
|
|
response 20 of 36:
|
Apr 4 03:18 UTC 2000 |
How about putting on the charge page a little blurb describing the costs to
GREX for using a credit card and offering people a no-pressure option to
contribute a little extra to offset that cost? If we make it easy, more
people might do it, and since it is not at all a requirement, I don't think
we'd be upsetting anyone...
|
janc
|
|
response 21 of 36:
|
Apr 5 03:45 UTC 2000 |
There certainly needs to be someplace (very visible) where you can
donate random amounts of extra money.
|
devnull
|
|
response 22 of 36:
|
Apr 6 03:00 UTC 2000 |
My vague understanding is that apache-ssl is freely available. It would be
unsurprising if using it in the US is technically illegal until the RSA
patent expires in Sept, though.
If it turns out to be the case that grex can get apache-ssl free or cheap
enough, it may make sense for grex to set up some standalone machine whose
only mission in life is to process credit cards. But I'm not sure where
this fits as a priority relative to everything else going on.
|
mdw
|
|
response 23 of 36:
|
Apr 6 05:49 UTC 2000 |
It's possible to use apache-ssl, but there are some caveats. The
fundemental limitation is, of course, the patent, which runs out sept 20
of this year. Until the patent runs out, RSA claims the right to
dictate what software you use. There is at least one commercial
apache+ssl vendor (stronghold) which has the appropriate license. RSA
has at various points distributed a package called "RSAREF" which they
allow the free use of for certain deserving causes. Grex may be one of
those cases -- but we would need to do some research to be sure.
Technically speaking, the most attractive package would be for us to run
apache + mod_ssl + openssl (w/o rsaref). Openssl does work w/ rsaref,
but there are some limitations.
The software alone isn't sufficent. It's also necessary to get a web
server certificate. There are a number of these, ranging from creating
our own self-signed web certificate, to purchasing a CA cert from RSA.
These choices vary in terms of price, nuisance, and legal
responsibility. Patent-wise, our only "reasonable" choices currently
would be to purchase a web server cert from one of RSA's recognized
CA's, and these come in 2 flavours, "regular" and "strong". "Strong"
certificates enable 128-bit encryption in certain web browsers that
would otherwise only do 40-bit encryption. 40-bit encryption can be
broken in a matter of hours by any enterprising CS student. 128-bit
encryption is almost certainly stronger than the 1024-bit RSA key which
is the maximum size supported by RSAref and most web browsers. It
should be not too surprising to learn that "strong" certificates are
more expensive. Commercial CA's may impose additional requirements on
top of what RSA does with their patent. Rumour has it Verisign (far &
away the industry leader) has its own software restrictions that are
tougher than those of RSA. This means we'd probably have to purchase a
commercial apache+ssl solution (or lie and say that we did) in order to
get a Verisign web server certificate. Certificates expire, and a
commercial web certificate generally expires *exactly* one year after
issued. This means we'd have to arrange to purchase another certificate
regularly, and swap them out yearly on a very precise basis. Chances
are once Sept 20 comes, the CA industry will change quite a bit. I
expect that charges would drop significantly, software restrictions
would disappear, and perhaps some of the vendors will figure out how to
issue 13 month certificates so that switching certificates isn't quite
the pain it is today.
Personally, I would advocate waiting at least until sept 20, and seeing
how the market shakes up, before making any significant investment in
this.
Oh yes, one other issue - if this grex secure web server is also
supposed to process credit cards, it needs a hookup to the credit card
company. I don't know how this works today. I suspect, at one point,
this required a 1200 bps half-duplex dial-up modem connection, plus
special weird software. I don't know if that's still true, or if
there's a free unix software package today that will do this. Ideally,
it should be possible to do this via the internet instead, and I believe
that's possible, but I don't know what software requirements that has
either. Our enemy in all this would be the MicroSoft windows world -
most of the low volume credit card solutions will be geared for that
type environment.
|
janc
|
|
response 24 of 36:
|
Apr 7 00:29 UTC 2000 |
As Marcus says, to do our own processing of credit cards, we'd need:
(1) a separate server. Grex itself is not a secure place to store
our user's credit cards. I'm not sure that this server should
even be on the same subnet as Grex.
(2) ssl server software. That's not hard.
(3) a certificate. These cost a fair amount of money.
(4) ability to communicate with CC companies. I believe that this
can now be done over the internet.
(5) a lot of work.
Letting someone else do all this for us seems a good deal to me, even
if they don't do it amazingly well.
|