Skip to content
Patrick Bolger edited this page Aug 29, 2017 · 36 revisions

Related Links

Note about comments below:

The term "Client" refers to SHF. The term "Customer" refers to anyone interacting with the SHF website to pay SHF - typically, this means a member, who is paying a membership fee and/or "branding" fee.


Company

Organization

  • John - CEO, Founder
  • Martin - Development Manager
  • Employees - 2 Full-Time Developers, 3 Outsourced Developers, 2 Finance (CFO & Controller), Sales & Support currently 1 but going to 3 in September

Background and Funding

John had previously started and sold another payments-processing company. He started HIPS after expiration of a non-compete clause associated with that sale.

The company which bought John's prior company is an investor in HIPS. John states that they are well capitalized and can self-fund "as long as we need to".

Current Business Profile

HIPS service has been in use, in pilot phase, since May. All customers are currently in pilot phase. One or more customers transition to "production" phase in September.

HIPS strategy is to provide equal or better processing capabilities at a lower cost. They may raise prices when they've achieved adequate market share (John references "a couple of years" for that to occur).

Payment Processing Options

Client Options

  1. Debit and Credit Cards

    • All cards used in Sweden (Visa, MC, Amex, etc.)
    • Do not need a Merchant account
  2. Invoice (pay later)

    • Customer supplies information necessary to identify themselves
    • HIPS performs credit check in real-time
    • Transaction goes through, revenue is credited to client (SHF gets funds directly from HIPS)
    • HIPS gets paid by customer (invoice is dent to customer, who has 14 days to pay)

NOTE: Membership Fees are deemed to be “high risk transactions” (because they can have high levels of ‘chargebacks’). Thus, payment to the client occurs 14 days after the end of the current payment cycle (payment cycle ends on Monday)

  1. Swish - the client has to enable Swish payments for their account
    • "Swish Hamdel" (online) to be enabled
    • SHF does not need a merchant account to use Swish (that is covered by HIPS<>Swish contract)

NOTE: SHF does not have a Swish account at this time. Susanna says they’re working on getting one.

  1. Paypal - the client has to enable PayPal payments for their account
    • Do not need a Merchant account

Customer Options

  1. Credit and Debit Cards
    • Payment Authorization: all currencies supported
    • Payment Settlement: Krona, Euro, USD (Norway, Denmark, UK coming soon)
  2. Invoice: Krona only

Cost Structure and Payment Management

  1. No fixed, recurring or initiation fees
  2. Credit cards, debit cards, invoice payments: 1.8% plus 1.8 krona / transaction
  3. Swish: Has own cost structure
  4. Paypal: has own cost structure
  5. Refund processing incurs no additional fees beyond the initial transaction. (They have an API that can be used for automating this, and they also enable the client to do this themselves via the HIPS account dashboard).

NOTE: My notes say that PayPal and Swish have fees "on top of" the card fees noted above. Ashley's notes say that these services are "free" from HIPS point of view - need to resolve.

PCI, Security and Data Management

HIPS is level 1 PCI compliant. Among other things, this means that they are certified as compliant with many security requirements, they are audited every year, tested every 3 months by with white-hat hacking, etc.

They maintain all customer data for at least 10 years.

We (SHF team) decided that we don't need details about all of this, given that the PCI criteria would certainly encompass all of our concerns. We did ask to see their attestation of compliance from the PCI organization.

Customer Support

- Support is provided through multiple channels, including Email, Facebook, Support Portal (support.hips.com) & Phone.  (John will also create a Slack channel for support (_hips-support_)
- Support is generally provided during SV business hours.  However, best efforts will apply off-hours.
- There is no charge for support.
- Response time for acknowledging a support request: Within 24 hours
- Response time for resolving a support request: Depends on type of request
- Both the organization (SHF) and the development team are ‘customers’ and can contact support

Integration Options

  1. "API Only" - Here, we interact with HIPS only via their transaction API (that is, we do not integrate their native order processing capabilities (below) in our payment workflow).

    • We send the order, and the customer's card number, to HIPS
    • HIPS processes the order, returns "OK" and a transaction ID
    • We can use the transaction ID to query or request additional processing by HIPS later
    • NOTE: Since this option requires SHF to process a customer credit card, SHF would have to be PCI compliant to use this option.
  2. "Payment API" - In this case, we integrate our order form with HIPS via:

    • Customer enters card number in our form
    • Data submit triggers an API call to HIPS with order and card details
    • HIPS processes the order and returns a token number
    • We can use the transaction ID to query or request additional processing by HIPS later
    • We (SHF website) does not "see" the credit card, so PCI compliance is not required.
  3. "Checkout API" (aka "full integration", "HIPS.js") - here, we embed an order form - generated by HIPS - in our page using an iframe. HIPS handles all order and payment processing from there.

    • Does not require PCI compliance.
    • As above, we will receive a token back for later query and/or processing use.
    • Since we embed the HIPS-generated form in an iframe on our page, we can have our own text, logo, etc. an that page. We can also change the HIPS form styling via CSS (?? - to be verified).
    • For some payment processors (e.g. credit cards), HIPS keeps the customer on their form throughout the transaction, and then returns the customer back to the SHF page.
    • PayPal requires that the customer go to a PayPal page to complete the payment transaction. PayPal sends the customer back to the SHF form, which in turn then returns the customer back to the SHF page.
    • HIPS recommends this option
      • HIPS has more control over the transaction, and thus can do a better job at fraud detection.
      • HIPS has more control and thus can provide a better customer experience throughout the process (they're the experts here, not us).
      • It is much less work to integrate into a 3rd party site.

Notes re customer interaction with HIPS:

  1. Customer is asked to create an account, but does not have to.
    • Customer is asked to provide identifying information (e.g. postal code, "SSN" (person number)
    • HIPS does credit check in real-time
    • 2-factor authorization is used (code sent to mobile)
  2. If customer declines the account, then the invoice-payment option is not offered (assuming it had been enabled for the client account).
  3. Each transaction is associated with both the client as well as the customer.
    • From our POV, the customer will most likely be limited to an SHF member initially. In the future, a customer might be a SHF-associated company, which might be paying fees on behalf of itself and/or its associated members or employees.

Other notes:

  1. HIPS can manage recurring payments for certain payment types (not for PayPal and Swish because these require extra steps from the end user)

Development Support

  1. There is a "sandbox" for development - simply set the account to "test" mode, then switch to "LIVE" later.
  2. When our domain is registered in HIPS will get API keys
  3. Development docs: https://static.hips.com/doc/api/index.html?shell#introduction
  4. API supports Ruby (HIPS is very experienced in Ruby and RoR)
    • They work in Ruby, but most current clients are using PHP.
    • Currently working with WooCommerce, Magneto, etc.
  5. Follow-up action item: John & Martin will send us a doc showing how a transaction would work in Ruby (using the "Checkout API".
Clone this wiki locally