Closed chadwhitacre closed 9 years ago
Hi everyone,
Most of you have already migrated, but this email is relevant to everyone. It outlines what you should expect after June 11, the day we stop processing.
On June 12, we are going to clear our vault of all card numbers and almost all bank account numbers [1], and we will not support tokenizing any new cards or banks accounts. Refunds don't need card numbers, and we'll continue to support refunds until October 9. However, our bank requires a bank account number for ACH reversal, so June 11 is the last day you'll be able to perform a reversal.
If you haven't already migrated, I suggest you do so by mid-May to give yourself enough time in case you need to resolve any issues and adequate time to be able to reverse payouts.
Matin
[1] We will keep your marketplaces bank account number to give you the ability to manage your escrow balance by debiting from and crediting to your bank account.
Okay! We have a Braintree account! :dancer:
We also almost have a lawyer to help us with regulatory compliance (https://github.com/gratipay/inside.gratipay.com/issues/193)!
Now all we need is an ACH provider ...
ACH is going to be non-trivial. Starting with two options: Citizens (https://github.com/gratipay/gratipay.com/issues/3366) and OpenACH (https://github.com/gratipay/gratipay.com/issues/3371).
Reached out to IAFCU re: ACH: #3372.
SynapsePay? #3373
Finxera? #3374
We chose an attorney (https://github.com/gratipay/inside.gratipay.com/issues/193), and Citizens is working on pricing for us (which makes it sound like they've decided to underwrite us). I'm hopeful that those two relationships will fully crystallize in a week to ten days. Let's look at a timeline ...
Here's a timeline we can update as we go along:
https://docs.google.com/spreadsheets/d/1NVi9C0pYkrgh5wNTi0KzlBZCovKACmbHuToFoCa-Ks4/edit?usp=sharing
As we wrap up the design of our new processing infrastructure on this ticket, I've reticketed implementation as #3377.
Balanced requires us to be PCI compliant in order to give us bank accounts and identity info. :wrench:
See #3379 for getting certified by Balanced to receive bank accounts and identity info.
I'm leaning against Spreedly (#210) because a) it's expensive, b) we're in a cash crunch, and c) it's another moving part, which is an implementation risk (https://github.com/gratipay/gratipay.com/issues/210#issuecomment-98784291). I think we should go with straight Braintree.
Okay, made the call on #210. No Spreedly, vaulting with Braintree.
Braintree owns Venmo, and they may have some helpful code such as: https://github.com/venmo/btnamespace
I also found this: https://github.com/highfidelity/fake_braintree
Dialing back out from #3377: We are now on Braintree. Yay! :dancer:
On the bank payout side, we're stuck. We do have New Alliance for escrow and we do have PayPal for payouts, but we're stuck on ACH. We tried Citizens (#3366) but they rejected us. What should we do?
Options:
Here's a list of banks:
http://files.consumerfinance.gov/f/201503_cfpb_depository-institutions-list.pdf
Looks like Zipmark (#3491) is working out.
Zipmark is getting mired in complication around AML (gratipay/inside.gratipay.com#119, #2449).
Proposal: We drop U.S. bank payouts. PayPal is the only way to get money out of Gratipay. Thoughts?
Gratipay already uses PayPal. We were running roughly 50% PayPal before the Gratipocalypse, and today we made 20 PayPal payouts, and 6 bank payouts. PayPal's fee is not actually that bad: 2%, capped at $1 for U.S., and $20 for non-U.S. It's simple and ubiquitous. Compared to the red nightmare that #3491 is turning into, MassPay doesn't seem that bad.
Since we already have PayPal implemented, it'd be only a little extra work on our part (just ripping out bank accounts and notifying people, basically), and it would get us out of a lot of AML work. We could work on https://github.com/gratipay/inside.gratipay.com/issues/119 over the next year or so, and then maybe reapproach Transpay (#417; they seem the best-suited to help with global bank payouts). We can take our time and do this right. Not rush, and not cut corners. We've learned a lot this time around. Now we know what "right" means.
MassPay goes up to 5,000 payouts. Transpay, et al. want to see more scale from us anyway. I got blatantly laughed at by one vendor (https://github.com/gratipay/inside.gratipay.com/issues/259#issuecomment-113185704). We've got a lot of product problems to solve and community-building to do, PayPal for payouts would not be our bottleneck. We could grow for a year and then revisit the idea of being "a true payments company."
where is the laughed at part in that link
@tshepang Added to https://github.com/gratipay/inside.gratipay.com/issues/259#issuecomment-113185704 (and link updated in above comment).
@whit537:
PayPal for payouts would not be our bottleneck.
It would be a dealbreaker for me. I refuse to do business with them (observed too many others with spurious 'frozen funds' issues and PP refusing to deal with problems of their own making until sufficient internet rage is directed at them), and do not have an account.
I really do not want my accumulated balance to be refunded to donors simply because I refuse to accept funds through PP.
@webmaven How about Dwolla?
@whit537, never tried them.
@webmaven Dwolla would be sort of a cross between what we've been offering so far with ACH and PayPal: they're U.S.-only like ACH, but they require signing up for an account like PayPal. There is no per-transaction cost (Gratipay would pay a flat monthly fee for features such as next-day transfers).
Mind looking into them? Technically speaking, they're quite parallel to PayPal, so implementation would be fairly straightforward. I think Dwolla could complement PayPal nicely for us.
I'll look into them. As long as they don't have stories like these floating around, I'll likely be OK with them:
^^ I don't see how those cases are wrong.
In the first case,
"While we cannot talk about this particular case due to PayPal's privacy policy, we carefully review each case, and in general we may ask a buyer to destroy counterfeit goods if they supply signed evidence from a knowledgeable third party that the goods are indeed counterfeit. The reason why we reserve the option to ask the buyer to destroy the goods is that in many countries, including the US, it is a criminal offense to mail counterfeit goods back to a seller."
In the second case,
We are now in the midst of overhauling our policies in this space. We're talking to the major crowdfunding players that we work with to put in place a permanent solution that avoids unnecessary account limitations. But making this work for all stakeholders—contributors, entrepreneurs, crowdfunding sites and us—is pretty complicated. As soon as I have more to share, I promise to update everyone. In the meantime, we will ensure that each crowdfunding campaign is reviewed by a senior member of my team before any action is taken. It’s a small, but important step.
Sources I'm finding for @rohitpaulk's quotes:
http://gizmodo.com/5872958/paypal-smashed-some-ladys-antique-violin-and-can-smash-yours-too
https://www.paypal-community.com/t5/PayPal-Forward/PayPal-and-Crowdfunding/ba-p/782560
(P.S. I wish Google ranked original sources higher than derivative content from ad companies ... but I guess they themselves are an ad company. :-/)
Yeah, that September 2013 blog post from PayPal (though I'll admit that figuring out what year it is from is non-obvious) is really reassuring re: crowdfunding. Oh, wait, not really, they are still doing this to people: http://garethhayes.net/paypal-warning/
OK, it looks like Dwolla passes the smell test. At least, I can't find any horror stories regarding them. So far as I can tell, they only freeze funds when they are told to by law enforcement.
@whit537, can you get statements from them regarding their policies in this area? Do they ever proactively freeze accounts or reverse transactions that 'seem' suspicious to them?
OK, it looks like Dwolla passes the smell test.
@webmaven Cool.
[C]an you get statements from them regarding their policies in this area? Do they ever proactively freeze accounts or reverse transactions that 'seem' suspicious to them?
I'll let you pursue that if you like, perhaps on #726.
Okay! We have new payment partners: Braintree for payins, New Alliance for escrow, and PayPal for payouts. We have survived the Balanced shutdown! With that, may this ticket pass once again into the quietude of history, whenceforth it was called in our hour of need. It has served us well, now may it enjoy a hero's rest.
:horse: :flags: :fallen_leaf:
Inquiry from support: https://gratipay.freshdesk.com/helpdesk/tickets/2766
GittipGratipay is technically a "third-party payment aggregator," which means it is a third party collecting money on behalf of someone else. Credit card companies are down on this:But of course TPPA's exist: PayPal, Etsy, Kickstarter, Flattr, etc. Somehow there has to be a way to "get it right." The above link concludes: "That is not to say that merchant accounts cannot get approved for TPP processing, it is just more difficult and the underwriting conditions will more likely include a reserve and other similar safeguards. " Do you have experience with this?
Here's Stripe's position:
Option one is Stripe Platform, and it doesn't work for us because of the high per-transaction cost of moving 8 cents at a time over the credit card network (see #58). Dwolla is basically Stripe Platform without the credit card network middleman, so adding Dwolla support (#65) would definitely mitigate the risk that we're kaiboshed by (Stripe because of) the credit card companies.
Option two sounds like what we're trying to do, so the low-hanging fruit here is to make it "very clear to any consumers that they are paying you, the marketplace, when making the transaction."