Friday 20 September 2013

Groping in the dark, part 1

Barclaycard Merchant Services (BMS) have decided to abandon their old system for accepting payments, and are bringing in a new system. Ugh.

When I started doing billings, the whole idea of ecommerce was so new, they had no clue. What they wanted me to do, was print each transaction out on a piece of paper, and march down to the bank with it, and they'd key it all in and do the transaction. I persuaded them that I should put 20 per page, otherwise the cost of paper would have been appalling. So that worked for some years, except when they lost a batch (I had a signature for it from the bank, but they managed to lose it after they'd accepted it). They only discovered this several months after they lost it, which meant I couldn't rebill the people, who would have rightly wondered why I was billing them and would have disputed it. I managed to persuade the bank to take the loss, since it was entirely their fault.

Then things got a bit electronic. For a while, I was using ftp to send a file for processing (and, as you know, nothing is encrypted as it goes on its merry way). But then they got a bit more clued up, and realised that the way to go was to use https to send stuff, so it's end-to-end encrypted.

So, for the last several years, I've been using the Barclays Merchant Services ePDQ system. Each transaction is squirted to them via https, and I get a response back to tell me if the billing was successful or not.

And then a few years back, they decided that I had to conform to the PCI DSS (Payment Card Indusrty Data Security Standard) which was a bit of a pain in the arse, but a couple of weeks installing new hardware, and programming, and writing documentation, got me past that.

Happy days.

But now they want to use a different system, that they've bought in (or licenced, or something) from Ogone. It's called "Direct Link".

They first I heard of this was by accident - I called about something else entirely, and heard of this change. So I explained to them, that what they really ought to do, is set up something so that their customers could continue to send stuff to the old server, using the old protocols and format, and they could translate this to the new format, and pass it on to the new server. So they'd have to do a conversion program, as distinct from each of their customers having to do the job.

They've explained to me several times why they aren't going to do this. Each time, what I hear is "We'd rather our customers, if indeed they want to remain out customers, do this big job, than we do it". That isn't what they actually say, of course. But it's what I hear. This sounds silly to me. My view is, each time you put up a barrier to someone remaining your customer, you lose a percentage of your customers.

I do have other options. I could send my data via Bucksnet; I already use Bucksnet, so I already know their format and protocols, so it wouldn't be a big job. But they are more expensive, being a middleman - 20p per transaction on top of what I'd be paying BMS. And Bucksnet refuse to do phone support, which I can sympathise with, but I really don't like dealing with companies that won't let me talk to them on the phone. Another possibility is Sagepay - I phoned them, and they said they were going to call back, but didn't, and if they're that casual about getting new business, what would they be like with supporting a customer? And I'd have to make my data conform to their format and protocol.

So I decided to give Barclays Merchant Services new system a whirl.