Payment Processing
Stripe, PayPal, payment gateways — how money moves on the web and what it costs.
The Payment Processing Stack
When you charge a customer's credit card, money flows through seven parties, each taking a cut:
Initiates the transaction and receives the money (minus fees).
Processes the payment, tokenizes card data, handles PCI compliance. Charges 2.2-2.9% + $0.30 per transaction.
Manages relationships with banks and networks. Usually invisible to you.
Routes the transaction and charges an interchange fee (1-3% of transaction value).
Customer's bank that issued the card. Receives portion of interchange fee, approves or declines the transaction.
Your bank that deposits the money into your account.
Charges the customer's account and potentially a foreign transaction fee.
You control #1 and choose #2. Everything else is invisible. A typical $100 transaction costs you $2.90 + $1.50 (interchange) = $4.40 total (4.4% effective fee).
Payment Gateway Comparison
| Gateway | Per-Transaction Fee | Monthly Minimum | Best For |
|---|---|---|---|
| Stripe | 2.9% + $0.30 | None | SaaS, subscriptions, international |
| PayPal | 2.9% + $0.30 | None | Small businesses, eBay integration |
| Square | 2.9% + $0.30 | None | Retail, POS, offline + online |
| Braintree | 2.9% + $0.30 | None | PayPal integration, high volume |
| Authorize.net | 2.9% + $0.30 | $25/month | Legacy systems, self-hosted checkout |
Fees look similar because they're standardized across the industry. Differentiation comes from features (Stripe leads with developer experience), integrations (Braintree wins with PayPal), and compliance (Square wins with POS integration).
PCI Compliance & Risk
PCI (Payment Card Industry) compliance is a shared responsibility between you, your gateway, and your bank. It involves security standards for handling card data.
You are liable for PCI compliance. This means annual audits, security assessments, firewalls, encryption, network monitoring. Cost: $5,000-50,000/year depending on company size and audit requirements.
The gateway handles PCI compliance. You never touch card data. Your responsibility is keeping your own servers secure and using HTTPS.
A single data breach exposing unencrypted card data can result in fines from $100-$500 per exposed card. A 100,000-card breach costs $10-50 million minimum. Plus chargeback fees, reputation damage, and legal liability.
Recurring Billing & Subscriptions
Charging customers on a recurring schedule (monthly, yearly) is technically different from one-time payments. It requires:
- Tokenizing the card and storing it securely
- Running automated charges on a schedule
- Handling failed payment retries
- Managing subscription lifecycle (upgrades, downgrades, cancellations)
- Tax calculation for subscription recurring charges
- Dunning management (recovering failed payments)
Subscription Billing Platforms:
Built into Stripe. Good for SaaS, solid billing features, integration with Stripe ecosystem. No additional fees beyond transaction fees.
Specialized subscription billing. More features than Stripe Billing. $99-500/month depending on MRR. Supports complex billing scenarios (usage-based, proration, etc).
Enterprise subscription management. Supports dunning, complex tax rules, multi-currency. Starting at $99/month.
E-commerce focused subscriptions. For Shopify stores. 0.5% + $0.45 per transaction on top of Shopify fees.
International Payments
Accepting payments from international customers adds complexity: currency conversion, local payment methods, higher interchange fees, currency risk, and compliance in multiple jurisdictions.
Handles international payments, local currency, local payment methods in 100+ countries.
Good for international but higher fees in some regions. Instant conversion to USD available.
For B2B international. Real exchange rates, low fees. Not for direct customer checkout.
International customers pay higher fees (2.2% card fees + currency conversion spreads). They also have higher chargeback rates. The cost of serving international customers is 2-3x serving domestic ones.