Hidden costs of accepting online payments

How hidden fees stack up so as to quadruple the cost of using online payments providers

This article is part of my Confessions of an Unintentional CTO book, which is currently available to read for free online.

UPDATE 2020: The original tone of this post wrongly pointed the finger at payment providers. I no longer stand by this statement. In the intervening years, I've learned a lot about how financial systems work, not least from dabbling in the crypto regulation world. In reality, it's not payment providers that cause moving money to be expensive. Instead, a complex constellation of upstream financial parties and the assignment of risks leads to these prices. The content of this post -- in terms of the true costs of supporting payments -- remains approximately true. However any assignment of blame to payment providers does not.

We web application owners often want to accept credit card payments for whatever we sell. Because rolling our own security-compliant merchant solutions is both risky and time-consuming, we usually offload the hassle to payment providers like PayPal or Braintree. (Stripe are a good deal better FYI —— use them if you can.)

At first glance, the fee schedule for these services seems reasonable enough, but sadly, there’s a lot of small print and there are plenty of hidden gotchas that are costly yet difficult to detect up front. To give but one example: When I wrote the first draft of this post way back in December 2015, the homepage of PayPal advertised that “in most cases” they charge a 1.9% transaction fee for their services. Sounds OK-ish, right? In reality, my average fee that month was a whopping 8.8%—four times more than I was led to expect. So where do all these extra charges enter the picture?

1. Forced currency conversions at extortionate, hidden rates

Part of the beauty of the web is that it connects people, despite traditional national borders; there’s nothing stopping customers from Australia or Brazil or Qatar from stopping by your website and buying something. Of course, even though the web transcends national borders, it nevertheless exists in a bordered world. As such, your international customers will want to buy using their own currency, which will probably differ from the one predominant in your homeland.

Web application owners have two choices here: bill in the customer’s currency or bill in their own currency.

For the purposes of illustration, I’ll assume from here that your business operates in EUR and your customer wants to buy with GBP.

Case 1: You bill in your own currency, EUR in this case

The customer will have to pay a currency conversion fee, and this will be levied either by their credit card provider (Visa etc.) or the payment provider you integrated into your website (PayPal et al). Although you personally avoid currency conversion fees in this case, this approach is nevertheless commercially untenable for most businesses. Aside from tarnishing your reputation by exposing the customer to extra hidden fees, this approach has an even more immediate downside: it scares and confuses customers who, upon seeing your website pricing and billing in EUR instead of their home GBP, now feel your products are somehow foreign, inappropriate, or even inferior to those sold by competitors billing in their local currency. This in turn chips away at your conversion rates.

Case 2: You bill in the customer’s currency, GBP in this case

The consequence here is that your payment provider account will accumulate GBP holdings. But because your business needs EUR to pay its bills, sooner or later you’ll have to convert the GBP into EUR. Here’s where payment providers fleece you: there is often a small print stipulation that you are not allowed to withdraw money to your bank account without first converting money to your home currency (EUR) through their platform. The catch is that their currency conversion rate—the one you are forced to accept—is between 2.5% and 4.5% higher than the normal market rates available at that time. The payment providers will tell you that this surcharge exists to cover them in case of “market fluctuations”. This is utter rubbish and represents an almost criminal misrepresentation of the magnitude of the risk. By way of comparison, normal banks—such as Deutsche Bank—are subject to this exact same risk, but they charge only 0.1% above the market rate. Go figure.

In the cases of some payment providers transacting with certain narrow combinations of currencies, there is respite and you can sometimes withdraw money without forced currency exchanges. For example, with Stripe in Germany, you are allowed to withdraw GBP to a GBP-denominated bank account based in Germany, thereby avoiding the forced currency conversion fee that would otherwise apply when withdrawing to a EUR bank account. That said, even Stripe doesn’t offer the same possibility for many other countries and currencies. And, needless to say, the good people at PayPal always force you to withdraw in EUR if you are based in a EUR country, meaning you can never avoid their obscene currency conversion fees. The only way around their system is to open up a bank account in the UK, then open up a separate PayPal account there for your GBP transactions, and then finally build a software merry-go-round to switch PayPal accounts depending on your customer’s currency.

All in all, the accounting and administrative hassle involved with circumnavigating a payment provider’s currency conversion fees may not be worth it for many small businesses, and as such, they are forced to grin and bear the inflated fees.

2. Hidden fees for transactions from overseas customers

The rosy picture painted on payment providers’ home pages also quotes you a rate for domestic transactions, that is, for customers based in the same country as you. Given that the internet is a global community, it could well be the case that more than 90% of your customers are international. If so, you’ll be charged up to an additional 3% in fees. This is in addition to the fees for currency conversion, meaning that the total of extra fees for international customers can amount to up to 7.5%.

3. Chargeback policy

Some payment providers, like PayPal, allow your past customers to file disputes with them directly. All too often, this is a vehicle for fraud. For example, imagine that a rogue places an order on your website, receives whatever electronic service you provide, then files a (dishonest) complaint with the payment provider, claiming that their card was stolen or that the goods didn’t match the description. Meanwhile, this rogue continues to download your digital products or enjoy your service. PayPal claims to look at both sides of the case yet invariably it decides any dispute in favour of the customer, without considering any evidence you have, meaning you automatically lose a percentage of your sales thanks to easily prevented fraud. This is, in effect, an insidious hidden charge they place on your business, and one they use to bolster their reputation at your expense.

More Articles: Click here for full archive

The Key to Good Documentation: Broaden Your Definition of Software

Or how to avoid frustration configuring, debugging, and rescuing servers and third-party services

4 Ideas For Improving Testability in Web Apps

Backdoors, interface hooks, explanatory dry runs, and deep reachability

WWW vs. Naked Domain?

When starting a new website, is it better to choose domain.com or www.domain.com?