Whether you’re developing a travel app or a fashion mobile commerce application, you need to somehow accept electronic payments for physical goods and services. Implementing an online payment gateway provides a smooth customer experience.
Mobile shopping accounts for a large percentage of e-commerce payment industry retail sales in the US. By 2021, Statista expects 54 percent of all e-commerce retail to be done via mobile devices. Hence, it’s critical to have a mobile payment processing gateway that runs smoothly in your mobile app. But how to make mobile apps that accept payments?
We’ll put aside in-app purchases of digital goods and how to implement them, since these kinds of purchases on iOS and Android devices are performed solely by Apple’s App Store or Google Play Store services.
Instead, we’ll focus on payment processing to allow users to buy physical goods and services: plane tickets, new shoes, a taxi ride. We’ll also take a look at the most prominent payment gateways providers – PayPal, Stripe, and Braintree (owned by PayPal) – to help you make the right choice. How can you build a mobile app that accepts payments?
First, let’s define a payment gateway and its role in the financial system and processing payments for physical goods and services.
What is a payment gateway?
A payment gateway is a technology used to integrate a credit or debit card payments into mobile applications and on websites. It’s among the best practices to handle online payments. A payment gateway is responsible for securely collecting customer information on the frontend part of the application and then sending it to an acquiring bank or payment processor in order to perform the transaction.
Here’s how it works in eCommerce payment gateways: A user chooses a product they want to buy and adds it to their shopping cart. The cart is linked to a payment gateway service that lets the user enter their credit card information. When the user checks out and pays by card, the gateway sends a request to the card-issuing bank. In the perfect scenario, the bank approves the transaction.
To enable this checkout/payment flow, you’ll need to think not only about a gateway service provider. You should think about the type of merchant account you need and compliance with security standards. We’ll talk about types of merchant accounts first, then we’ll consider how to choose a payment gateway for your app.
Dedicated or aggregate merchant account
Nearly every modern payment gateway provider, including PayPal, Braintree, and Stripe, combines the functionality of a gateway and a merchant account. A merchant account is where the money goes immediately after customers pay you for goods or services.
Mind you, a merchant account is not the same as a bank account. It’s an account that accumulates all your money from sales to then transfer those funds to your bank account. Why the extra layer? It’s quite simple: your buyers might want to return goods or get a refund on services. Therefore, there’s always a chance you’ll have to refund the money received from buyers.
Refunds can easily be made from funds accumulated in your merchant account at any moment. The rest of your money earned will be sent to your bank account.
There are two types of merchant accounts – dedicated merchant accounts and aggregate merchant accounts.
A dedicated account is devoted to your business and gives you more control over financial operations. It lets you correct errors in transactions and debit your account in case of a chargeback claim, for example. A dedicated merchant account also provides you with faster transfers — usually in less than a day. However, a dedicated account is typically more expensive than an aggregate merchant account.
Aggregate accounts hold funds for multiple merchants. Despite the advantages of a dedicated account, most sellers prefer an aggregate account, as it’s less expensive and usually requires only 24 hours for approval. For dedicated account approval, you’ll need to wait a couple of days. A dedicated account also requires more Know Your Customer (KYC) documentation than an aggregate account.
Credit card payment integration solutions with a gateway API
There are numerous payment gateways – Stripe, Braintree, PayPal, Visa Checkout, Authorize.net, Dwolla, etc. – that allow you to process credit card transaction data through their APIs for payment processing. At first glance, a payment gateway seems like a simple solution. But when you choose to integrate a payment gateway API, you place the responsibility for the security of credit card data on your own shoulders, since that data now passes through your mobile app.
Furthermore, not all payment gateways support an authenticated tokenization process, which is required when accepting payments in a mobile app. A token is an object that stores configuration settings and authorization needed for the Client SDK. Ideally, the payment gateway API integration should ensure handing back a token from your server’s secure authenticated environment. This token represents the submitted card data and can be used to execute actual transactions. To make payments on the client side, Braintree generates a token using the Braintree Server SDK. In the client’s code, the token looks like a line that represents a JSON model encrypted with the help of Base64. The token that the client receives is used to work with the Braintree Client SDK. This SDK connects with the Braintree server and receives a payment method nonce, a string that describes the chosen payment solution (credit card, PayPal, etc.). This string is then sent to your server. On your server, the Braintree Server SDK carries out payment operations using the payment method nonce.
With Stripe, a token is generated on the client side with the help of the Stripe server and then sent to your server. This token is just an object and not an encrypted line like in Braintree. So Stripe lets you decide in what form you would like to send the token to the server, either as is or with your own encryption. On the one hand, your own encryption will provide better security when communicating with the server. But still, encryption is not a must. Stripe warns in their documentation that you need to use an SSL connection on your server, without which you won’t be able to interact with the Stripe server, as they use an HSTS protection mechanism. You can read more about Stripe security here. After your server gets the token, you can process payments using the Stripe Server SDK.
However, if this tokenization functionality is not provided by gateway APIs for integration, you’ll have to handle it yourself. All of the three gateways we discuss in this post pay close attention to their security, ensuring encryption and tokenization of sensitive data.
Read also: Data security mechanisms
Payment Card Industry compliance
The first and most important requirement for any service that collects payments is to adhere to the Payment Card Industry Data Security Standard (PCI-DSS). You can find a list of service providers that are PCI-DSS compliant in the Visa Global Registry.
The process of becoming PCI certified takes months of work – and you honestly don’t need that headache if your app is going to simply pass card data to a gateway for long-term storage. But at the same time, anyone who accepts credit card payments – even those with mobile app payment integrations – needs to comply with PCI-DSS rules.
Stripe, PayPal, and Braintree help you comply with PCI-DSS requirements without too much effort. These major gateways offer robust native libraries for Android and iOS and ease PCI-DSS compliance by sending encrypted credit card data as a token.
Thus, you know how to integrate a payment gateway easily while avoiding most PCI-DSS compliance concerns because sensitive credit card data skips your servers.
Stripe vs Braintree
You’ll need a programmer to help you set up card payments via Stripe or Braintree. Once Stripe or Braintree is implemented, all a customer has to do to make a purchase is type their credit card details into a digital form and confirm.
Key differences between Stripe and Braintree
One of the biggest differences is that Braintree issues dedicated merchant accounts, while Stripe issues aggregate accounts. This makes Braintree’s accounts more stable than Stripe’s. There’s also a somewhat higher risk that Stripe will terminate your account unexpectedly, though account termination is still rare. Braintree has a shorter list of supported payment methods than Stripe. However, it offers PayPal payment gateway integration and Stripe doesn’t.
Your decision to use Stripe or Braintree should be based on geographical coverage, currency support, the availability of features, and costs.
Merchant locations and supported currencies
Both Stripe and Braintree allow you to accept payments from anywhere in the world. However, your company must be based in a supported country.
Braintree payment processing and gateway services support merchants in over 45 countries, versus 34 for Stripe. But Stripe supports payment processing in over 135 currencies, enabling a merchant to charge consumers in their native currency while receiving funds in the merchant’s.
Let’s say your business has expanded to many countries, including Saudi Arabia. You’ve chosen Stripe, which covers all the countries you’re doing business in except for Saudi Arabia. The solution to accept payments from Saudi customers is to integrate Stripe with a local payment processing service and set up a currency exchange. So consider the geographical aspect when you decide on a gateway.
Stripe’s outstanding advantage is its subscription tools (such as Billing and Atlas), which are invaluable for e-businesses. As part of the Billing tool, Stripe supports daily, weekly, monthly, annual, and delayed bills through its Subscription API. Atlas allows you to incorporate a US company and accept payments no matter what country your company is physically based in. The cost of the Atlas service is a $500 one-time fee.
Braintree has a comparable list of features. But along with a dedicated merchant account, it provides support for third-party merchant accounts. You can open an account in any US bank and use Braintree as your payment gateway. In addition, Braintree offers a feature called Contextual Commerce that enables you to sell your goods or services within your partners’ apps. This feature helps you share your information in a secure way with Braintree merchants and other PCI-compliant parties.
What’s the difference in price?
When considering the price, don’t forget to account for the country your company is based in, since conditions and pricing plans vary. We decided to check how things work for a US company. Braintree and Stripe both charge US clients 2.9 percent plus $0.30 per transaction. The only additional fee is a standard $15 for chargebacks.
Pricing plans for Stripe and Braintree are complicated when adding extra features that may be integrated into eCommerce websites and apps. Stripe tries to keep its pricing clear and describes its pricing plans with greater transparency and clarity than Braintree. It’s immediately clear what amount will be charged if a digital transaction is successful, and there’s no charge for refunds.
Braintree will not return transaction fees for transactions refunded in the US. Transaction fees may be returned for transactions refunded in other countries depending on how an account is set up.
Braintree’s pricing plan is a bit more complex in some cases but is still understandable. Customers can even request quotes for integrating local payment methods.
Integrations and the latest updates that are worth your attention
Both of these payment systems are changing rapidly, as is the number of mobile shoppers. Stripe and Braintree are both developer-friendly payment systems and are constantly working to provide mobile app developers with the latest and most successful payment solutions. Braintree and Stripe both have SDKs to enable the integration for iOS and Android.
Braintree. In October 2018, Braintree introduced Samsung Pay that is new among app payment systems for US-based merchants. This mobile app payment integration will help to increase the loyalty of millions of users around the world. It’s worth noting that for Samsung Pay transactions, you’ll need the advanced set of tools offered by Braintree that prevent fraudulent transactions. Another novelty introduced by the company a little earlier is Braintree Extend. This product was developed to support partnership relations among Braintree users. Braintree Extend stores and securely shares payment information between partners, even if they use another merchant or financial service provider. This opens new opportunities for your online business, such as starting a rewards program to increase customer loyalty.
Stripe. Stripe payment solutions involve the Stripe Connect service, which helps you accept payments and settle transactions with third-party companies. Using this service, you can build a strong and user-friendly online platform. Connect offers additional customization tools and analytics services.
Tech differences between Stripe and Braintree
Stripe and Braintree integration infrastructure processes have lots in common. To integrate online payments into your web application, you need to set up both frontend and backend parts.
Testing and test data
Braintree. Braintree provides a Sandbox, which is a copy of the production panel for managing a Braintree account. You can get testing values of the API keys you need to set up client and server SDKs. As soon as you set up your product to work with Braintree, you can create a production account and copy API keys to replace the testing keys. So you have two separate accounts, one for Sandbox and one for Production. On the one hand, the Sandbox allows you to make as many mistakes as it takes until you create a sustainable project. But on the other hand, if you have a lot of settings for discounts, subscriptions, additions, and other Braintree features, you’ll have to configure that all over again in the Production account.
Stripe. For Stripe, you use the same account for testing and production. Stripe has a single site with a control panel that indicates if you’re in testing mode. Just as Braintree does, Stripe offers test API keys for testing purposes. In order to get into production, you simply need to turn the switch, activate your account, and change your application API keys to production keys.
With both Braintree and Stripe, you can add additional settings to CVV validation to prevent fraud including 'provided CVV does not match', 'provided CVV is not verified', and 'the card issuer does not participate in card verification'.
Braintree. Braintree is great at security. They’ve created a safe SDK that uses a token encrypted using Base64. This Base64-encoded token is generated on the server without storing any key on the client side. Braintree has also partnered with Kount to provide more security measures for server and client-side data. To access features that this partnership provides, you can simply integrate a code snippet.
Stripe. Stripe also helps you avoid fraud. Their new product, Radar, is a machine learning program to detect and fight fraud. Stripe and Braintree compete on the level of security they provide. But we would need a separate article in order to fully discuss security.
PayPal as a unique payment gateway service
PayPal is the most popular payment service in the world, with a 60.2 percent global market share according to Datanyze. PayPal’s two closest competitors are far behind: Stripe’s global market share is 16 percent and Braintree’s is 2.1 percent.
Name recognition is one of the main reasons to decide on PayPal over Stripe or Braintree. Handling e-cash payments by means of PayPal will boost customers’ trust in your brand, as your customers are likely familiar with the PayPal digital wallet and checkout process.
Unlike Braintree and Stripe, which perform transactions without redirecting, the PayPal payment process requires a buyer to click the PayPal button on a merchant’s shopping cart page and be redirected to PayPal.
Two PayPal payment plans
PayPal offers two unique payment plans. The first is Paypal Payments Standard, which can be implemented in 15 minutes without any help from developers experienced in multiple programming languages. But note that this plan doesn’t provide customization.
The second plan is Payments Pro, which allows you to provide app developers with completely custom solutions. This plan also lets you access a virtual terminal, allowing you to accept credit cards via your PC, smartphone, or mobile device with no external card reader. Keep in mind that this choice will require a developer to implement, and you’ll have to pay an additional $30 a month for a PayPal Payments Pro account.
Integrations and news to take into account
PayPal has recently acquired 70 percent equity in GoPay, a holder of a payment business license in China. This acquisition has made PayPal the first foreign payments company to be licensed to offer digital payment services in China.
As the demand for payments for e-commerce is increasing continuously, there is a lot of space for the Chinese payment market to develop. The number of mobile payment users in China is predicted to reach 956 million by 2023.
PayPal Here for card-present transactions
Stripe and Braintree can be used for card-not-present transactions (one of the transaction types), but electronic money systems like PayPal Here offer solutions to accept mobile payments from consumers at a point of sale (POS). These POS systems can work well for a local marketplace or store. The PayPal Here app also allows you to track your sales and create invoices from a compatible smartphone or tablet.
We suggest you consider all the above-mentioned factors when choosing between PayPal, Stripe, and Braintree. But in short...
Paypal is an excellent entry-level solution that allows you to enable payments in minutes and doesn’t require programming skills. However, if you need an integrated checkout or extensive customization, you’ll have to choose a more costly plan (in addition to hiring a programmer).
Stripe is tailored to larger companies, complex SaaS solutions, and marketplaces. It also offers customization and comprehensive reporting. The Atlas feature can be fundamental for a tech startup and provide opportunities for business expansion.
Braintree is an optimal choice for nearly any kind of business. Although it lacks PayPal’s plug-and-play functionality, this gateway offers great customization options and flexibility. In addition, only Braintree provides dedicated merchant accounts.
The big three payment service providers we’ve talked about in this article provide great geographical coverage. For example, despite being focused on the US market, Stripe is available in the majority of European countries including Portugal, Belgium, and Norway.
Nevertheless, the reach of Stripe, Braintree, and PayPal might not be enough if you do business in Africa or the Middle East. In this case, note that Yalantis works with country-specific payment gateways including Paystack and Peach Payments (which are tailored to Africa).
We hope this article has helped you get closer to choosing a payment system that meets your needs. Keep in mind that you can always consult your software development partner if you’re uncertain about what solution to choose.