Skip to content

HIPS Overview

Jump to bottom Edit New page
Patrick Bolger edited this page Aug 29, 2017 · 36 revisions

Related Links

Note about comments below:

The term "Client" refers to SHF. The term "Customer" refers to anyone interacting paying SHF - typically, this means a member, who is paying a membership fee and/or "branding" fee. (in the future, a customer might be a SHF-associated company, which might be paying fees on behalf of itself and/or it's associated members or employees).

Company

Organization

  • John - CEO, Founder
  • Martin - Development Manager
  • Employees - 2 Full-Time Developers, 3 Outsourced Developers, 2 Finance (CFO & Controller), Sales & Support currently 1 but going to 3 in September

Background and Funding

John had previously started and sold another payments-processing company. He started HIPS after expiration of a non-compete clause associated with that sale.

The company which bought John's prior company is an investor in HIPS. John states that they are well capitalized and can self-fund "as long as we need to".

Current Business Profile

HIPS service has been in use, in pilot phase, since May. All customers are currently in pilot phase. One or more customers transition to "production" phase in September.

HIPS strategy is to provide equal or better processing capabilities at a lower cost. They may raise prices when they've achieved adequate market share (John references "a couple of years" for that to occur).

Payment Processing Options

Client Options

  1. Debit and Credit Cards
    • All cards used in Sweden (Visa, MC, Amex, etc.)
    • Do not need a Merchant account
  2. Invoice (pay later)
    • Customer supplies information necessary to identify themselves
    • HIPS performs credit check in real-time
    • Transaction goes through, revenue is credited to client (SHF gets funds directly from HIPS)
    • HIPS gets paid by customer (invoice is dent to customer, who has 14 days to pay)
  3. Swish - the client has to enable Swish payments for their account
    • "Swish Hamdel" (online) to be enabled
    • SHF does not need a merchant account to use Swish (that is covered by HIPS<>Swish contract)

NOTE: SHF does not have a Swish account at this time. Susanna says they’re working on getting one.

  1. Paypal - the client has to enable PayPal payments for their account
    • Do not need a Merchant account

Customer Options

  1. Credit and Debit Cards
    • Payment Authorization: all currencies supported
    • Payment Settlement: Krona, Euro, USD (Norway, Denmark, UK coming soon)
  2. Invoice: Krona only

Cost Structure and Payment Management

  1. No fixed, recurring or initiation fees
  2. Credit cards, debit cards, invoice payments: 1.8% plus 1.8 krona / transaction
  3. Swish: Has own cost structure
  4. Paypal: has own cost structure

NOTE: My notes say that PayPal and Swish have fees "on top of" the card fees noted above. Ashley's notes say that these services are "free" from HIPS point of view - need to resolve.

PCI, Security and Data Management

HIPS is PCI compliant. Among other things, this means that they are certified as compliant with many security requirements, they are tested every 3 months by with white-hat hacking, etc.

They maintain all customer data for at least 10 years.

We (SHF team) decided that we don't need details about all of this, given that the PCI criteria would certainly encompass all of our concerns. We did ask to see their attestation of compliance from the PCI organization.

Customer Support

Integration Options

Development Support

Topic Discussion Notes
Why should we choose you? Fast moving, all clients treated the same, 24/7/365 support, cause they small company they are able to charge less on fees
How long have you been in business? Start up, in a pilot phase, but are reliable and ready to on-board production clients. They'ed had "pilot" clients since May, and will have "production" clients beginning in September.
Are you currently profitable? They have capital from the sale of old Sand Port
^^ If not, when do you project that will occur? In 2 weeks they transform out of pilot phase
How many customers do you have? a few clients that are paying but helping in the pilot phase
^^ How many in "test" and "production" phases?
Please provide customer references that we can talk with
How many employees? 9
^^ How many in development, customer support, other? 2 Full-Time Developers, 3 Outsourced Developers, 2 Finance (CFO & Controller), Sales & Support - currently 1 person with 2 to be added in September

How can they charge so little? (much less than others)

  • because they are small and so have less costs
  • because they want to gain market share

Support

Topic Discussion Notes
What are the ways that support is provided? (e.g. phone, email, etc.) Email, Facebook, Support Channel (support.hips.com) & Phone is dedicated support time in SV time. John will also create a Slack channel (hips-support) and invite us to join that.
Is there a charge for support? (If so, what are the costs and limits.) No Charge
What is the expected response time for acknowledging a support question/request? within 24 hours
What is the expected response time for an answer to a support question/request? It depends on the question or kind of support needed

  • email, phone, FB, support website

  • will aim for around the clock

  • dedicated support = Swedish business hours

  • FREE

  • expected response time within 24 hours (goal = within a few hours when during business hours)

  • both the organization (SHF) and the developers are ‘customers’ and can contact support

Product

Topic Discussion Notes
What are all of the current payment options you offer? (E.g. Swish, Paypal, other on-line/mobile payment Debit services, bank transfers (which banks?), Credit cards (which cards?), pre-paid cards, etc.) Every Card that is available in Sweden eg. Visa, MasterCard. Also offers an Invoice option - here, the customer provides information to identify himself (e.g., SSN), then HIPS does a credit check in realtime. If OK, the transaction goes through and the client (SHF) will be paid, while HIPS subsequently gets paid by the customer. Use relays for now, PayPal, Swish Hamdel must be activated, no need for a merchant account
Please provide an overview of payment processing. Option 1: API has to be PCI certified, fewer than 1mil transactions. Options 2: Hips JS connects to a form, sends the card No. directly to Hips server, replaces card No. with a token not seen on the front of the site. Option 3: Hips JS Recommended creating a checkout easy to integrate, if you add payment methods later it will automatically be there, this does not need PCI compliance,
The website refers to "PCI-free" and "PCI-required". Please explain. PCI-required means transmit or store the Card Number, need to be certified.
What are limitations of "Checkout"?
Why might we want to use HIPS.js?
Why might we want to use Payment API? Recommended using Option 3 as above
How do you manage security in processing?
What are your fraud prevention measures?
Do you have a recent security audit you can share?
What customer data do you store, and for how long?
^^ How do you manage stored data security?
How do we access completed transaction data?
Please explain the cost structure.
Do you handle recurring payments?
What other kinds of payment schedules or features do you apply other than a single, one-time payment?
How are refunds ("chargebacks") handled?
Which currencies are accepted?

Payment Options

  • debit/credit card (Visa, MasterCard, Amex, etc. all cards in Sweden)
    1. Do not need a Merchant account
  • invoice (pay later)
    • Customer supplies information necessary to identify themselves
    • HIPS performs credit check in real-time
    • Transaction goes through, revenue if created to client (SHF gets funds directly from HIPS)
    • HIPS gets paid by customer (invoice is dent to customer, who has 14 days to pay)
  • Swish - the client has to enable Swish payments for their account
    1. "Swish Hamdel" (online) to be enabled
    2. SHF does not need a merchant account to use Swish (that is covered by HIPS<>Swish contract)

NOTE: SHF does not have a Swish account at this time. Susanna says they’re working on getting one.

  • Paypal - the client has to enable PayPal payments for their account

    1. Do not need a Merchant account

  • this is the common bank transfer in Europe (US doesn't have an exact equivalent)

  • variations/options supported = partial pay, etc.

NOTE: SHF does not have a Swish account at this time. Susanna says they’re working on getting one.

relays

  • works as a technical platform
  • will need a merchant agreement with payment platform (e.g. PayPal)
    • handles Swish, PayPal, etc. Trustly

Does SHF have an organizational account? nope. Susanna says they’re working on getting a Swish account (must be sure to enable SwishHandel = online)

  • don’t need a merchant account for Swish (e.g. for credit cards); that is included in the Swish contract

3 options for working with HIPS:

  1. API must be PCI certified (“easy” for a non-profit organization) send a card number, HIPS send OK/NOT OK back
  • PCI required if we transmit or store. In this case we’re transmitting it, so PCI certification needed
  1. HIPS JS with the form - HIPS handles the card number. No PCI cert. needed
  • connect it to a form. when a customer enters a creditcard number, SHF-projects the card number to the HIPS server, HIPS returns a token. SHF never saves the card number! (SHF saves the token saved by HIPS. and will send the token to HIPS when needed
  • works like an iframe
  1. HIPS JS at the checkout [recommended]
  • totally hosted on HIPS server
  • works like an iframe (martin example with Zerpico glasses) ex: at checkout, is redirected to hips server

Q: can we decorate it?

  • fonts and colors
  • within an Iframe
  • so as long as we handle CSS?
    (not really clear from them. they kept repeating the iframe thing.
    I wonder if they have )
  1. End user logs in to HIPS. (ex: like logging in to Paypal. end user needs to get a 2-factor etc.)
    1. verified by the person-number and their postal code
    2. if they chose not to enter it, then the invoice option is not available
      1. Invoice: will need to enter their BankID (like a 2 factor authorization)

Suss Q: works for an organization?

Q: SHF does bank transfer. can this be done?: handled via “invoice"

  • (is more like ACH transfers; or a little bit like setting up approval for your utility company to take funds (or even put funds) directly into an account

Q: recurring payments?

  • do an API request to HIPS

first transaction: use unqiue ID for the customer, send info to HIPS so that we can query HIPS later about the status.

  • cannot do with PayPal and Swish (because PayPal and Swish require extra steps from the end user)

PayPal: SHF -> HIPS -> PayPal -> SHF (url sent)

Q: why are the 2 JS methods recommended over API? “least work for SHF, more control for HIPS” HIPS can do more verfication of the user. HIPS has more control of info (ex: fraud protection )

  • HIPS has more control over the customer experience (they have more/better experience with it)

Q:

HIPS is PCI level 1 certified

  • annual on-site audit, quarterly test (as required by Visa, M/Card)

data stored 10 years (required by regulations)

We’d like to see the attestation (certificate) of PCI compliancce

Cost structure:

  • no monthly or fixed fees

1.8% + 1.8 K for every successful transaction

credit, debit, invoice

  • all included

paypal & swish: currently free (but PayPal and Swish also have

What Euro, US dollar, swedish KR

invoices (only KR right now)

Norway, Denmark, UK, soon

credit card authorization (all currencies)

refund free (no charge for this transaction)

SHF project system would work with their interaction API (this is not the same as the API level above)

  • so SHF would essentially do an invoice (payment refund) back to a member

demo: log into HIPS can see all transactions - can click on a customer and view a specific order and view the payment(s) made

  • can click on “refund payment” (in full or in part, etc.)

  • can add a note, print out things, etc.

Development Support

Q: is there a sandbox for development?
yes - can set the account (domain) to LIVE or Test mode

when domain is registered in HIPS will get API keys

development docs?

  • susanna has the API docs (link)

ex: there is 1 API call that requires PCI certification (because it sends the CCard number (Payment API: POST)

HIPS JS

= the “tokenization feature” of HIPS (so that we can use the token instead of the ccard number)

checkout payment API can use either the token or the actual ccard (this requies

Checkout: Order API

  1. create an Order. -> HIPS -> we get a token back (like an ‘order number’)

refund:

  • refund can be done either via logging in to the HIPS admin system and going thru the HIPS UI, but

Development Support

Topic Discussion Notes
How do we get access to development docs?
^^ Available in English?
What language(s) does your API support?
What are your support SLA terms?
What kind of development support do you provide? (free? cost?)

they work in Ruby, but most clients using PHP.

  • working with WooCommerce, Magneto, etc.

Q: Patrick: how does it work if we’re stuck?

  • normal support ways (phone, website: (support.hips.com. have a support ticket tracking etc.)). could do a slack channel, etc.

  • can use the #hips-support Slack channel

John & Martin: will send us a doc showing how a transaction would work in Ruby

Membership Fees = “high risk transaction”

  • because they have high levels of ‘chargebacks’

  • thus typically have a 14 day delay after the payout cycle ends (payment cycles end on Monday)

Membership fee 2 parts

  • branding fee (deductible)
  • membership fee (not deductible)

ex: a company will pay the branding fee, but wants each member to pay his/her own membership fee

= HIPS each trx is tied to whomever is PAYING (so if an organization owner pays, HIPS tracks that, and SHF would need to organize, present the info as we want)

Add a custom sidebar
Clone this wiki locally