Payments can be a key ingredient of your mobile strategy. If you already have an app, that means adding mobile payments to the software.

With the billions that both Google and Apple have paid out to developers, this sounds like a tempting—even obvious—choice. And it may be, but adding payment capabilities to an existing app can be much trickier than fashioning a pop-up form and some back-end code. And with some new regulations having come into force, the stakes are getting higher.

How it works

To enable payments, you need to understand the basics of how they happen. “You have your payment gateway and then you have your merchant account with a payment processor, ” says Robert Brodie, CTO of digital commerce consulting and strategy firm SUMO Heavy. The gateway is effectively the API you call to charge a customer’s payment card. The payment processor at which you have a merchant account actually processes the payment.

This is a two-part process for added security, although some processors have their own gateway. If you transmitted the credit card information directly to the processor, someone who intercepted the traffic could have everything they needed—the card number and access to the processing merchant account—to fully create a transaction.

There are variations on the process, depending on how you technically implement payments. Greg Goldfarb, CEO of Flint Mobile, which helps clients accept credit card payments through smartphones, calls a “happy path” (straightforward transactions) a company’s attempt to obtain payment. But a “happy path” can also result in the payment being declined, some of the billing information being incorrect, or even the need to process a refund.

That’s where “things can get a little more complicated from a user interface and workflow point of view,” he says. “There are a number of scenarios that the developer needs to anticipate and handle.” For example, different decline codes mean different things, and handling a direct billing to a customer is different from enabling payment for a third-party vendor and its customers.

Getting the details down right is important, even beyond the technology. You might have to learn a new language. “As a programmer, I don’t think in terms of authorizations and transactions,” says Jerry Pickering, technical director at e2k. “All of a sudden there’s this new nomenclature of what I’m attempting to do. You’re telling this financial institution that you’ll give it valid information, so it only helps if you appear if you have some idea what you’re talking about.”

Right planning

The mechanics of how payment systems work dovetail with the initial planning that a cross-functional team must complete before developers start coding. Adding payment capabilities can mean “completely different things,” Goldfarb says. “One of the core questions is whether your app is really an app that consumers download, or is it an app that businesses download?” In other words, are you looking to sell something directly to the app users, or are you enabling another company to process payments from its customers?

That first decision influences all the others. “For the latter, you have to handle offline payments [when the phone doesn’t have a data connection] and maybe invoice-based billing or online bill pay,” Goldfarb says. The former means you’ll primarily deal with e-commerce transactions that can be simpler to manage as your company has the control over which process and payment service providers to use. “The whole account structure and risk is completely different [between the two],” he says.

Once that is clear, you need to make other decisions based on the company’s business model and expectations for the app. For example, if you want to sell virtual goods and are doing so through an iOS app, “You have to use in-app purchases and they’re going to take a 30 percent cut,” says Jen Looper, a developer advocate at Telerik. “If you’re trying to sell physical goods [through an iOS app], you can use other strategies.” Android, on the other hand, has more flexibility in handling payments, which don’t have to occur through Google.

Other business considerations affect the technical plans as well. “Are you trying to move customers that are solely purchasing based on discounts to loyal customers, or are you trying to get loyal customers to buy more on mobile?” asks Scott Hutchinson, technical lead at Copper Mobile, an enterprise mobile app development company. Depending on the answer, you might have to consider loyalty functions and promotions, not payment in isolation.

Security and liability

Security for any app is important and has always become increasingly so when payments are involved. Now the imperative is stronger than ever before due to recent regulatory changes. It used to be the case under US statutes that if a fraudulent transaction occurred, the banks were responsible for the loss, absolving the consumer from all but perhaps a token portion of the total loss.

That’s no longer the case. You’ve likely read about the switch from swipe-and-sign credit card use to EMV, which stands for EuroPay, MasterCard, and Visa. This is the payment card technology with embedded chips holding encrypted security information that has been in use elsewhere in the world for years, the purpose of which is to make it harder to commit credit card fraud.

But with the change in technology comes a shift in legal liability. Up until now, it was the credit card issuer that held legal liability under the law for fake card transactions. Now the onus is on whoever didn’t enable an EMV transaction, whether the merchant or the issuer.

“If you’re trying to accept a payment, and it’s not through a secure way, and it winds up getting hacked, you’re liable,” says Wendell Adams, CEO of AB Mobile Apps, which creates cross-platform apps for clients. If something goes wrong—such as the data disasters that occurred at Target and Home Depot—the results can be terribly costly.

Keeping a handle on security means enforcing some strict practices. “We have a security checklist for mobile apps that’s specific to mobile apps,” Hutchinson says. The test of the apps is based on asking how much damage could be done if someone left an unlocked phone at a bar. For example, making a purchase should require separate password entry. Copper Mobile has testing software to look for issues like a gateway API key being hard-coded into the app. “Cracking them takes about five seconds,” he says.

There’s an acute need to keep current with security practices and requirements. “As of June 2016, SSL is no longer a viable transport for API calls for payment gateways,” Brodie says. Instead, it will have to be TLS.

An app also has to be aware of the current state of the device on which it runs. “There’s a typical decision about root protection and jailbreak protection,” says Winston Bond, European technical manager for Arxan Technologies. “Some payment providers don’t want [to deal with] a jail[broken] device.”

Platform, or roll your own?

The business needs, planning, and security concerns of each app help inform the technical choices. Copper Mobile deals with large clients with existing e-commerce systems. “A lot of people we deal with have customer e-commerce platforms,” Hutchinson says. “I would say 80 to 85 percent of the apps should and probably can use a [third-party mobile commerce] platform. The other 15 to 20 percent are enterprises, and the main reason they don’t use a platform is just because of the cost.”

A platform charges a percentage of the transaction as a fee. A common amount is 2.9 percent. So there’s a fairly straightforward calculation the company has to perform: At what point does the percentage of annual sales reach the cost of the additional developers, security experts, and other specialized personnel and related overhead expenses? Typically, a mobile sales volume reaching the $50 million to $100 million range can be enough where maintaining the entire payment system internally becomes financially advantageous.

If supporting the team necessary for such systems is impractical, then there’s likely a preexisting payment platform that will do the trick. “There are a bunch of really good SDKs out there that are looking to make this easy,” says Jitendra Gupta, head of product and strategy for Punchh, which develops branded loyalty apps for restaurant brands.

Skyjet, which has a platform for booking private charter flights, wanted to add mobile payment. It already had a back end integrated with a major payment processor that was also authorized by Apple Pay. So Skyjet commissioned consultancy ArcTouch to integrate Apple Pay into the app.

“This was very easy for us,” says Paulo Michels, ArcTouch’s vice president of engineering. “As long as you work with one of the authorized gateways and you don’t try to create everything yourself, it’s a very easy situation for developers.” Android Pay would be Google’s equivalent that, according to Michels, has largely the same capabilities.

Getting it right

There are many other choices out there—Braintree (owned by PayPal) and Stripe are two of the most common. But just as important as the technical capability to submit a payment is managing the entire process within the context of the app without making it so complex or buggy that users delete the software.

Adding mobile payments to your app may seem simple in some respects. But managing all the issues, from business intent to security concerns and technology implementation, all while keeping the entire app easy to use isn’t easy by any stretch of the imagination.

Bonus Reading!

Here is some in-depth information on three of our favorite choices for payment processing.

#1. Braintree

Some consider Braintree the best payment gateway in the world (or one of them, at least). And such a high opinion has grounds that we give below.

BTW!

  • The Braintree system is being used by popular applications such as Airbnb, Uber, and Hotel Tonight.

  • In 2013, PayPal had absorbed Braintree and paid about $ 800 million.

And now let’s see how Braintree can surprise and delight its users.

Served zone (geography)

Braintree has truly covered almost the whole world. Its payment gateway services operate in Europe, USA, Hong Kong, Singapore, New Zealand, Malaysia, and even distant Australia! That is, you must live in one of these locations.

(Extra) features

  1. Security. When it comes to mobile app payment gateway integration, security comes first! And such a market leader as Braintree couldn’t neglect the issue either. Its protection includes the following aspects:

    • 3D & Data security

    • Protection against any type of fraud

  2. PCI Compliance. PCI DSS (or Payment Card Industry Data Security Standard) is a document with a list of criteria which a service must meet if it somehow manages money transactions. And PCI Compliance, respectively, implies that the service follows these rules. Of course, Braintree took care to meet the highest safety requirements. And if you’re wondering how to add payment gateway in the Android app (and iOS, of course) without any risk, then your answer is Braintree.

  3. Real-time Reports. Detailed and timely reports are another useful feature of Braintree.

  4. In-store Payments are also provided by the Braintree functionality.

  5. White-Glove support. We mean customer support at the highest level. Given that the company has representations throughout the world, Braintree can easily provide such a service.

  6. Third-party integrations. Of course, you shouldn’t ignore the possibility of integration with other services – when creating applications, this can be a determining factor.

  7. Worldwide. Remember the coverage area (served zones)? That’s what we’re talking about!

Payment details

  1. Payment methods:

    • Credit/debit cards (Mastercard, Visa, UnionPay, Amex, Discover, Diners, JCB, Maestro)

    • E-wallets (Apple Pay, Samsung Pay, Google Pay, PayPal, Visa Checkout, Masterpass, Venmo, Amex, Express Checkout)

    • Local options (Bancontact, eps, ACH Direct Debit, Klarna Pay Now (Sofort), giropay, iDEAL, SEPA Direct Debit, MyBank)

  2. Fees:

    • Regular sellers and vendors needing a payment gateway for Android apps. In this case, the commission is 2.9% + $.30 (per transaction). Supported cards: Visa, Mastercard, JCB, Discover, Diners Club, American Express. In addition, Braintree works with digital wallets and Venmo.

    • Proven charities seeking reliable payment gateway solutions. The price is 2.2% + $.30 per transaction. These include Visa, Discover, Mastercard, JCB, Diners Club cards; also, the system works with Venmo digital wallets and e-wallets. If we’re talking about American Express cards, fees are 3.25% + $ 0.30.

    • Currency other than USD. Braintree charges an extra 1% when there is a need in transactions of this kind.

    • Transactions outside the United States. Again, an additional commission of 1% is required.

  3. Chargebacks and refunds:

    • Questioning payment fairness. If your client doesn’t agree with the charge and forces you to make a refund, then you have to pay an additional $15 (per each such case).

    • Returning fees. Unfortunately, Braintree isn’t willing to return your money (fees) in cases of chargebacks. Though, if you managed to register before the beginning of August 2018, the situation is somewhat different: if you’ve fully refunded transaction, you get a chance to receive your funds (the ones you paid to Braintree as a fee).

  4. Payouts:

    • The company offers very favorable payouts terms described on its website in great detail.

Technical details

Now let’s discuss the technical issues regarding the Braintree payment gateway integration in a mobile application.

  1. Supported client SDK platforms:

    1. iOS

    2. Android

    3. Web/JavaScript

  2. SDK/Integration guides (Android platform)

  3. Open API

#2. Stripe

Discussing the best global payment gateways, we shouldn’t forget about Stripe either.

This is a fast-growing project, initially focused on developers, so in order to properly configure it, users need advanced programming knowledge.

However, in general, Stripe has a number of excellent characteristics and helpful features which we’re ready to discuss at length.

Served zone (geography)

Stripe really belongs to global payment gateway providers.

See for yourself: it serves customers from the United Kingdom, United States, Netherlands, Canada, Finland, Austria, Portugal, Sweden, New Zealand, Australia, Belgium, Italy, Norway, Japan, Switzerland, Luxembourg, France, Hong Kong, Ireland, Singapore, Denmark, Germany, Spain… The list is truly impressive, isn’t it?

(Extra) features

  1. More than a hundred pre-installed features. These are so-called “features out of the box”, and they are usually enough to satisfy basic needs regarding a payment process.

  2. Subscriptions & Billing. The feature is focused on actively developing companies which need something more than just the default functionality (see par. 1).

  3. The Atlas solution which helps to start an online business, avoiding unnecessary paperwork and other similar fuss. This is one of the reasons why entrepreneurs consider the program almost the best payment gateway for eCommerce, and also a loyal assistant to Internet startups.

  4. The Сonnect platform, aimed at helping marketplaces and other resources process transactions when dealing with third-parties.

  5. A programmable terminal that supplements your online presence with a real one.

  6. The creation of business models and cards. To make it true, the company provides a special API.

  7. Confronting fraud. The Radar feature would be appropriate in your anti-fraud intention.

  8. Sigma. The feature provides the simplest access to your business data which are literally at your hand, always and everywhere!

  9. Premium Level Support. Sometimes businesses need more complex, individually customized payment gateway solutions and exclusive support. And Stripe can offer such a set of solution and support.

Payment details

  1. Payment methods:

    1. Credit/debit cards: Mastercard, Visa, Discover, American Express, JCB, UnionPay, Diners.

    2. E-wallets: Apple Pay, Microsoft Pay, Google Pay, Alipay, Visa Checkout, Amex Express Checkout, Masterpass by Mastercard, WeChat Pay

    3. Local payment options: WeChat Pay, ACH Debit, ACH Credit Transfer, Alipay, iDEAL, Bancontact, SEPA Direct Debit, EPS, Giropay, P24 BETA, SOFORT)

  2. Fees:

    1. Transactions through bank cards. The commission is 2.9% + 30 per each transaction.

    2. In-person option. Here we’re talking about payments which a user makes personally, through a Stripe Terminal. Then the commission will be 2.7% + 5¢ (as usually, per transaction)

    3. International bank cards. Fees increase by 1% (and another 1% if currency conversion is needed during a transaction).

    4. A custom option aimed at businesses which need to process a large number of transactions or work on a non-standard scheme.

  3. Chargebacks and Refunds:

    1. There are two pieces of news in this regard, a bad and a good one. A good one is that you don’t need to pay a commission when refunding transactions. The bad news is that the fees you’ve already paid to Stripe won’t return to you.

  4. Payouts:

    1. https://stripe.com/docs/payouts

Technical details

And now it’s time to talk about the technical details of this representative of the payment gateway providers.

  1. Supported client SDK platforms:

    1. iOS

    2. Android

  2. SDK/Integration guides (Android platform)

  3. Open API

#3. Square Capital

Someone likes Braintree, someone prefers Stripe, but there are also those who’re sure that Square Capital is the best payment gateway for startups and long-existing projects.

Well, the solution really has great advantages which we’re going to discuss right now.

Served zone (geography)

The company operates in the UK, USA, Australia, Canada, Japan and seeks to expand its coverage to the global level.

(Extra) features

  1. Simple setup without creating a seller account. This is an all-in-one mode which eliminates unnecessary steps from the configuration process.

  2. Deposits the very next day. The feature might come in handy on many occasions.

  3. Security. As we’ve said, security is crucial when it comes to transaction processing. The best global payment gateways take care of this issue, and Square Capital undoubtedly belongs to the market leaders. So it offers:

    1. Full data encryption;

    2. Notification of all suspicious events and activities;

    3. Constant Fraud Protection;

    4. PCI compliance at the proper level.

  4. Integrated payment solutions (online and offline): readers, POS software, etc.

  5. Built-in analytics. The feature allows receiving full reports and analyzing the effectiveness of monetary transactions.

Payment details

Before you add a payment gateway to Android app, you might be interested in finding out options this provider offers, such as fees, payouts, refunds, and so on. Let’s consider them in order!

  1. Payment methods:

    1. Credit/ debit cards

    2. Deposit Adjustment

  2. Fees:

    1. The company provides SDK free of charge, and you only need to pay 2.9% + 30¢ per each transaction. In addition, there is the сustom rate option.

  3. Chargebacks and refunds:

    1. No refund or chargeback fees required. Moreover, the company is ready to cover up to $ 250 in the appropriate chargeable payments monthly.

  4. Payouts:

    1. standard option: the money is credited to the bank account on the next business day;

    2. urgent option: 1% commission if you prefer to receive money immediately.

Technical details

Now let’s see what documentation you can use to figure out how to add payment gateway in the Android app.

  1. Supported client SDK platforms:

    1. iOS

    2. Android

    3. Flutter

  2. SDK/Integration guides (Android platform):

    1. Android option

    2. Flutter

  3. Open API