Infrastructure: Self Service Donor change interface

[stephaniemcv]

Detailed description of work: Research if building this kind of portal is possible in association with Stripe. We often receive requests from donors who would like to make standard changes to their recurring/monthly donations (i.e. update credit card numbers, change email addresses, change amount of donation.)

Start date: September 19, 2016 Due date: October 1, 2016 Note: The dates need to be exactly in the format indicated above for proper integration with the Gantt chart.

CC: @ScottDowne @valianttry

[valianttry]

We may want to look at a service to help with this -- here are a few I found that integrate with Stripe: https://www.chargify.com/stripe/ https://www.chargebee.com/subscriptions/

PayPal has its online knowledge base -- could we point people to it? Or could we create a simple FAQ with direct links to common questions, like "How do I end or change my recurring payment?" pointed at: https://www.paypal.com/uk/selfhelp/article/How-do-I-cancel-a-subscription-or-recurring-payment-FAQ2145/1

[ScottDowne]

@valianttry I sent both of chargify and chargebee customer support questions about integration.

I also did a bit of a scoping with Cade on the feasibility of us building this out ourselves. We think the hardest part is the lack of a single place where our customer info is currently stored. So, I bet SalesForce would make building this much much easier.

[stephaniemcv]

@ScottDowne does it make a difference if we're scoping the SalesForce integration for reporting on specific data only from Stripe? Because we don't want to actually process money with SF, that would require storing CC# and such.

[ScottDowne]

@stephaniemcv yeah, it's def not going to be storing credit card info or processing money.

We just need a way to authenticate the customer, and in order to do that, we need a database of customers. I would rather not set that up when salesforce can be that list of customers.

If we don't have this sort of authentication, there is potential that someone can maliciously start canceling monthly subscriptions for OTHER users.

That seems like the trickiest bit. BSD had this built in, and I believe asked for the last few digits on the credit card, or postal code, and did this from a unique URL sent to them in their receipt. But there was a security bounty that was almost rewarded around that too. So we need to be super careful here.

To be honest, this is the sort of thing we should be doing before the campaign, not during.

[stephaniemcv]

@ScottDowne Interesting about the authentication.

Agreed on a thing not to do during the campaign and we won't. I would love for research on options to continue, and then tackle this in 2017.

[ScottDowne]

@stephaniemcv I would love that! You just made my day.

I do have it as a task today to parse and respond to the answers I got from chargebee and chargify, which I still think makes sense to start that part of the process now.