WePay’s Bill Clerico talks DevOps at Rackspace Solve

Monday, we at WePay had the pleasure of attending Rackspace Solve in San Francisco, the first of several major conferences by Rackspace aimed at showing how various companies are using the cloud to solve tough business problems.

Our CEO Bill Clerico gave one of the first talks of the morning on a problem that every startup eventually runs into: scaling up to meet massive user demand without falling flat on your face.

Anybody who’s not gone through it would probably put that in the “good problems to have” category, but make no mistake: scaling is one of the toughest challenges in the technology business, something that takes a robust DevOps strategy to tackle. We would know, since WePay has faced some unique scaling challenges. Put it this way — the payment volume we process is set to more than double this year, and it will double again next year if we have anything to say about it. To keep up with demand, we’ve hired about 20 people in the last month, mostly in engineering, at a company that’s only about 60 people strong.

In other words, getting to scale is a major initiative here at WePay, one on which we’ve worked closely with Rackspace. We were one of the first customers for Rackspace’s DevOps Automation Services, which helped us to keep our service running at a time when we were facing unprecedented demand, and has continued to help us as we look to take on even more volume.

You can watch Bill’s full talk at the video above, but here’s some takeaways in the meantime:

The time to think about DevOps is now: Bill said that if he had one do-over at WePay, it would be to have started thinking about building great infrastructure earlier in the process, because it’s something that sets a company up for success at every stage. In the early days, the understandable temptation is to focus technical talent exclusively on product, but if you don’t also spend time building out great infrastructure, it’s easy to get stuck with early mistakes that will hurt you down the road, Bill said.

“As a technical founder, you think you can just go on Stack Overflow and find what you need solve any problem, but that’s really not the case,” he said. “You can’t have great DevOps just by reading some blog.”

DevOps isn’t just a technical problem: Because DevOps is a problem with a technical solution, it’s tempting to think of it as just a problem for the technical side of the business. But a poor or non-existent DevOps strategy hurts every part of a company. It’s a customer service problem, because especially in the enterprise  zero downtime is the one of the No. 1 demands that your customers make of you. It’s a product problem, because bad infrastructure limits how fast product teams can work and how well they can innovate. (With due respect to Mark Zuckerberg, you need to move fast, but if you break things every time you do, that’s a problem.) DevOps even affects recruiting, Bill said.

“I’ve certainly found it to be the case that the best engineers, the ones you really want to hire, won’t want to work on crappy infrastructure,” he said.

Just because DevOps is important doesn’t mean it needs to be entirely in-house: At the same time, DevOps is often a problem with peaks and valleys — sometimes your servers are getting hammered and you need a full team working around the clock, and sometimes nothing is happening and you’ll struggle to find work for just one person. That being the case, don’t be afraid of working with an outside team, Bill said. In WePay’s case, working with Rackspace enabled the company to be very agile, scaling up to meet demands and get support when it was needed and then scaling down when things were more stable. Outsourcing can be an important tool in the arsenal.




Want to delay payments? Here’s what you need to know about escrow

image

One of the common questions we often get here at WePay is about offering escrow — understandable, since many of our platform partners are services uniting a buyer and a seller who don’t know each other, and escrow offers a way for both sides to be comfortable with a transaction even with that unknown.

Yet like a lot of things in the payment industry, escrow is something that seems like it should be simple but is actually surprisingly complex when you really look at it. Given that, we thought a little primer might be useful.

What is Escrow?

Here’s the first bit of hidden complexity, because when people ask about “escrow,” that’s not always what they mean. Oftentimes, what they’re really talking about is the ability to delay payments.

There are any number of situations where a platform might need to do this. An obvious one is where a payer is buying something from a seller that can’t be readily evaluated for quality. Take a marketplace for concert tickets, for example. In this instance, the product could ship immediately, but until the buyer actually brings the ticket to the venue and is actually let into the concert, it would be very hard to say whether they got what they paid for.

The ticket platform therefore might charge the buyer but only release the funds to the seller after the show, and only if they don’t get an angry message from the buyer saying the tickets were bogus. That cuts down on fraud, because unscrupulous types know they won’t get any money from just printing out and selling fake tickets. It also might increase conversion rates for the platform, because buyers might be more comfortable using the service if they’re getting some guarantee that the things they buy will be genuine.

This might look like an escrow. Or, it might look like a money-back refund policy that the platform helps to enforce.  

And that’s an important distinction, because escrow agents are actually something that is regulated at the state level, meaning anyone who wants to offer escrow services needs a license from the states they’re accepting funds in. There’s good reason for this regulation. Since the escrow agent is holding other people’s money, there’s a lot of potential for wrongdoing. Licensing requirements help prevent the escrow agent from just disappearing into the night with the buyer’s money, or from saying they are holding something in escrow when they’re really using it to play the stock market, or any other potential abuses you can think of.

Here’s how California law sees escrow with regard to Internet companies: 

"With regard to Internet escrow companies, ‘escrow’ also includes any transaction in which one person, for the purpose of effecting the sale or transfer of personal property or services to another person, delivers money, or its Internet-authorized equivalent, to a third person to be held by that third person until the happening of a specified event or the performance of a prescribed condition, when it is then to be delivered by that third person to a grantee, grantor, promisee, promisor, obligee, obligor, bailee, bailor, or any agent or employee of any of the latter.” — California Financial Code 17003(b).  

So wait, does that mean that ANY platform that delays payments has to be licensed by the state?

The short answer? Probably not, but maybe.

You’ve probably noticed that definition looks very close to what our hypothetical ticket platform was doing in the earlier example — it was a 3rd party that was holding on to funds until a transaction could be verified to have occurred satisfactorily. But there are a couple of differences that might be relevant, legally speaking. For one thing, the escrow it’s providing here is not its primary service — rather, it’s the technology that lets ticket sellers find ticket buyers and vice versa. It’s also not the buyer or the seller that’s choosing to put the funds into escrow, but rather the platform itself that’s choosing to hold onto funds as a part of its normal efforts to fight fraud and keep everyone using its service honest.

That might make the ticket platform materially different enough that it can essentially hold funds in escrow without actually being an escrow agent. Or it might not. Like a lot of legal issues, once you get outside what’s clearly spelled out in the law it becomes more a matter of probability and risk assessment than hard and fast rules.

What is clear is that, if the platform is holding the money, regulatory compliance is a burden that would fall on the platform. If the ticket platform were found to infringe, the regulators would be sending angry letters to them, not the company processing their payments.  That could be true even if the platform holds the money in a bank account “For the Benefit Of” (FBO) its customers, or if the platform uses a third party payment processor to hold customers’ money for the platform.  If the customers’ money appears on the platform’s balance sheet, the platform is exposed to regulations that apply to that money, such as the California internet escrow law.

How WePay handles delayed payments

At WePay, we hate legal ambiguity. Our promise to our partners is that they will never have to concern themselves with the regulatory risk and compliance, because we will cover that all for them. They expect us to keep everything on the up and up, so that any potential downside is minimized. Consequentially, we’re very cautious about anything that introduces additional risks.

That being said, we offer our partners a way that they can do delayed payments and ensure that they don’t have to worry about hard legal questions about escrow.

It starts with the way we process our payments: our platform partners never hold customers’ funds.  WePay assures that those funds go straight from the buyer to a special bank account, then to the seller, without ever being held by the platform or appearing on the platform’s balance sheet. That means that WePay, and not the platform, is on the hook if the states ever do decide that marketplaces (or other types of platforms) need to be licensed escrow agents to provide delayed payments.  

We also offer two options that act like escrow, but which we think are compliant:

  • Delayed Payouts: This works in a straightforward manner: collect a payment from the payer, but then hold onto the funds for a short time before sending them on to the payee. Because this looks the most like escrow, we currently set a limit of 14 days as the maximum time the payment can be held. We’ve generally found it to be the case that the longer you hold onto a payment before sending it to its eventual destination, the more nervous the regulators get. So we felt that this limit struck a good balance between a level of risk we were comfortable with and a level of flexibility needed by our partners.
  • Tipping Point Payments: For this method, the platform collects the credit info from the payer at the time that the transaction is initiated. However, we don’t actually charge the card until a later date when a given condition is met. This is a very common feature for our crowdfunding partners, who use it to create campaigns where donors’ cards aren’t charged until a fundraising threshold is met. It’s flexible enough to be used as a practical alternative to a delayed payment, but doesn’t present as much risk, because the platform is never actually holding on to funds for any length of time.

If you’d like to learn more about how our delayed payouts work, contact our API team at API@wepay.com

 

The Rise of the Bottom-Up Economy

There’s a revolution in full swing that is changing the way ordinary Americans make a living.  From internet commerce technology has sprung forth the Bottom-Up Economic Revolution. It’s dramatically altered the way business is conducted by both the seller and consumer.  Front and center in this shift is platform businesses – small business cloud-based companies, online marketplaces and crowdfunding sites.  They bring buyers and sellers, as well as non-profits and donors together in new ways to interact and do business.  

Now the average Joe and Jane can create income, and in many cases a livelihood, with relative ease compared to the offline brick and mortar approach to business.  Thanks to websites designed to bring sellers and buyers together in new ways, the possibilities are virtually endless. You can find homeowners in need of your maintenance services sell your own custom made clothing, rent a room on Airbnb, to name just a few opportunities.  Need capital? Funding opportunities are also available and could be just a few clicks away at crowdfunding sites for the everyday entrepreneur.

This new group of self-employed individuals who are making part or all of their income online are fueling the Bottom-Up Economic Revolution like never before.  As traditional employment opportunities continue to be in flux, these proprietors are increasing at a fast pace.  The numbers tell it like it is:

  • Proprietors have steadily increased every year since 2000, in terms of a percentage of total US employment.

  • Between 2000 and 2012, the US labor force lost over a million private wage and salary workers yet in that same time frame, over 10 million working proprietors entered the marketplace.  Furthermore, 21% of working Americans received at least part of their income through self-employment.

  • Enterprises with over 1000 employees lost over 1 million employees between 2002 and 2012 while enterprises with less than 25 people gained over a 1.5 million employees—nearly half of those 1.5 million employees are with enterprises that had 5 or fewer total employees.

As the Bottom-Up Economic Revolution grows, we see two categories of platform companies driving it: marketplaces and cloud-based small business software.  These small business platforms must provide not just an excellent overall user experience, but also an easy-to-implement payment experience that protects the consumer, the seller, and the platform business itself from risk and fraud.

This new wave of ecommerce is perfectly complemented by WePay.  Unlike other general-purpose payment APIs, WePay is designed for platforms. Our patent pending risk engine technology, Veda allows us to underwrite businesses of any size and shape.  Platforms can feel confident that a robust system of fraud protection is in place to protect them as a payments process is weaved into their product seamlessly.

The Bottom-Up Economic Revolution represents a massive opportunity for enterprises that can successfully bring three key ingredients together:  new ideas for solving old ways of doing things, ample drive and a competent team. We plan to keep the Revolution booming by continuing to support the backend transactions in the world of e-commerce.   It’s an exciting time and we couldn’t be more thrilled to see where the creative players in this vital new economy head next.

Team Topia Uses WePay to Create World’s Friendliest Swim Team Management Platform

swimtopia.png

When Team Topia founder Mason Hale first got involved with swim teams, he wasn’t thinking about building a sports management software business. Rather, he knew two things: his kids loved to swim, and as the family “computer guy”, it was his job to support their team with technology.  

At the time, Mason had been chief technologist at the cutting-edge product design firm Frog Design for over eight years, so he thought “How hard could it be?”

Really hard, it turned out.

Like many swim teams, Mason’s daughter’s group had more than 200 members, so keeping everything organized was a massive logistics undertaking. To make matters worse, they were managing things with a clunky software package that was designed in the 1990s, the same as 90 percent of swim teams in the country.  Mason quickly found himself spending more than 15 hours a week just keeping track of swim meet information.  Add to that the need to coordinate the army of volunteers needed to run each swim meet, and it was a major headache.

Being a developer, Mason turned to technology and created a solution using Ruby on Rails. He built SwimTopia initially as a side project and hosted it on Heroku. People loved it.  Parents were happy, swim meets were running smoothly, and preparations now took minutes instead of hours. Mason knew a business opportunity when he saw it. Team Topia was born.

In 2011 Mason’s company was accepted into the Capital Factory startup incubator program and won the top prize at the Capital Factory Demo Day pitch competition. After that, Mason was ready to go big.

One of the the top priorities was finding a flexible payment platform that would scale to meet his future business needs. Mason initially started with PayPal, but quickly realized it wasn’t quite right for his business model. PayPal’s complicated onboarding process, which asks for a lot of information up front, stymied efforts to sign up new accounts, and some parents found the checkout process confusing. The difficulties were enough that Mason decided to look for a payments processor that more closely aligned with his vision for SwimTopia as “the world’s friendliest swim team management platform.”

Mason wanted to help swim teams across the US manage not just their meet schedules but also to collect their membership dues and support their fundraising efforts by enabling them to sell branded merchandise, swimsuits and other gear online.  Above all, the user experience was top priority. He needed it to be as seamless as possible with every action from account setup to checkout taking place inside the SwimTopia application.

When Mason looked at WePay, it felt right.  

“SwimTopia is a platform and WePay really caters to developers building platforms,” he said.  “My customers can now setup a new WePay account right from within SwimTopia. By doing so, I was able to replace a page of step-by-step setup instructions and with a single button and a streamlined, integrated experience.”

 Team Store   SwimTopia.png

WePay enables the SwimTopia Online Team Store customer to:

  • Sell any item to their members without leaving the SwimTopia application;

  • Offer items for sale on any page of the web site;

  • Check out with most major credit cards;

  • Assign processing fees to be paid by each customer or team.

Additional Resources

12 data sources that help WePay detect and fight fraud

Online businesses in the US lose an estimated $3.5 billion to fraud every year. That number is only set to rise as long as we keep having security breaches like the Target hack, which put an estimated 40 million credit card numbers in the hands of fraudsters.

The payments industry has typically fought fraud by making merchants go through a lengthy and involved process to prove they aren’t risky before they accept their first cent from customers. Yet in today’s digital economy, that just doesn’t cut it anymore. The platform businesses that are the real drivers of growth in the new economy — things like crowdfunding sites, marketplaces, and small business software providers — need to sign on new merchants fast and start processing payments immediately. That requires a new kind of payments system — one that’s faster, more secure, more flexible and backed by more machine intelligence than ever before.

At WePay, we’re building that payments system. It’s a tough engineering challenge, something our VP of Risk John Canfield laid out recently for attendees to Q Conference in New York at his talk “Leveraging Big Data for Payment Risk Management.”

You can watch the whole talk here, but one of the more interesting bits was John’s take on what data to actually look at — a bigger problem than you might think. Machine intelligence approaches rely on having data points that are actually predictive; so choosing what to focus on is an important first step in creating a system for assessing payment risk.

Here are some of the data points that can help a payments company assess risk:

·    Know Your Customer, or KYC info: This is the classic information like name, address, date of birth, and social security number that is required by all banks to open a merchant account. Everyone requires this because it works — although fraudsters can gain this info too, so it can’t be the whole of a fraud assessment strategy. It’s good for a first pass —You can check it against records held by companies like Experian and Equifax to verify that a person by that name actually exists.

·    Traditional business credit reports: Assuming you can get a business credit report, this is a great source of insight into a potential merchant. The problem is that this isn’t usually available in the Bottom Up Economy, the fast-growing e-commerce space in which “merchants” are often individuals able to punch above their weight thanks to small business software, online marketplaces and crowdfunding. If a merchant isn’t a traditional business, then the credit reporting bureaus generally won’t have the same level of data about them.

·    Business License: Again, this isn’t going to be available for many payers. But if a business is registered, that’s a signifier that it might be legitimate.

·    Business Social Media: This varies from business to business because businesses use social media to greater or lesser extent. However, if a business has a social media profile, that can be a good thing to look at. It’s not a 100 percent signal, because it can be faked, but if a social profile has accumulated a great deal of likes or followers over a long period of time and sees regular engagement, that’s an excellent sign of legitimacy.

·    Editorial reviews and ratings: This can be even better than social media, because these are outsiders evaluating a business, and even businesses that aren’t especially active on the Internet might have garnered reviews or been mentioned in newspaper articles. The issue is that it can be a difficult process to gather this info, because it’s not usually packaged neatly into an API for you. Often, checking for this can be a very manual process, but parts of it can be automated as you get a better understanding of the sources for this data.

·    Street view addresses: Also a manual process that can be automated somewhat later on. Street view is useful because it allows a payment company to answer a simple question: does the building at the address the merchant has given me look like it matches the kind of business they’re representing themselves as? A word of warning, however: small businesses very often try to make themselves look larger than they are by doing things like giving a mail forwarding address that belongs to a large, professional looking building.

·    Personal Facebook pages: A person’s social media profile is an incredibly valuable source of data — it establishes their identity online in much the same way a drivers license does in the offline world. What’s more, it’s hard to fake. Even a person who doesn’t use Facebook much will look very different from a fraudster — they’ll likely have had the account for years and have many followers that have built up over time. This is doubly so if you can confirm the merchant has control of this account.

·    Device ID: These are newer technologies that try to tie a transaction to a specific device offered by companies like ThreatMetrix, Iovation and Experian/41st Parameter. This goes beyond just looking at the IP address — these technologies look at a variety of data points to establish a unique fingerprint for each device. And that’s useful because it lets one establish blacklists, allowing one to prevent further fraud from the same device once fraud is found.

·      Google: When you do a Google query for the name of the business or individual, does it return results? Is their website or social profile in those results? It’s a simple test, but still useful. Google search results provide 3rd party verification of the existence of a business or an individual, and they could lead to other potentially useful sources of data like reviews and blog posts about the business.

·      Control Verification: This requires users to take an additional step to sign into an account by entering a code sent to their cell phone. This protects against takeover attacks, because in order to takeover an account an attacker would have to have the victim’s cell phone in addition to their username and password. Passing a control verification is thus a very good sign, from a risk perspective.

·      Transaction History: Not all sources of data are external. If a merchant has been using your service for a decent period of time, then their transaction history is an excellent source of insight. Fraud might look very different than the baseline behavior you see from this merchant — think a Halloween store that normally does all of its business in October which suddenly sees a spike of transactions in March. It can also give you early warning that a merchant is starting to go down hill. If a usually good merchant starts generating an unusual number of chargebacks, that’s a sign that fraud or something like it is occurring.

·      Partner Data: It turns out that most platform companies actually have a lot of data about the people using their service that would be very helpful for a payments company trying to assess fraud risk — things like the kind of payment being made, what’s actually being bought, how the service will be delivered and 3rd party data that they’ve collected themselves. Yet tradition payments vendors have had no way to see this data, so they can’t use it.  

WePay’s answer to that problem is Veda Risk API, our patented method for collecting a range of data from our partner platforms easily, securely and without any impact on the user experience. Not to toot our own horn, but we think it’s pretty great. Obviously, the kinds of data varies a lot from platform to platform — a crowdfunding site knows different things about its users than a small business accounting software. That’s why we’ve built Veda to be extremely flexible. Here’s a sampling of some of the things Veda can look at:

image

If you want to learn more about how our risk assessment system works, contact our API team at api@wepay.com