Category Archives: ecommerce

PayPal vs GoogleCheckout revisited

I wrote back into December 2007 that 70% of my customers prefer PayPal over GoogleCheckout, given the choice. I re-checked the figures today to see if GoogleCheckout was gaining traction with my customers. It isn’t.

% of UK customers[1] choosing PayPal vs GoogleCheckout by month

I’m glad. Despite PayPal’s recent flakiness (since improved) and higher transaction fees[2], I still prefer them as a payment processor due to Google’s confidential email option (which a pain in the butt for support), lack of multi-currency support, chargeback fees and slow processing of many orders. It is useful to have an alternative to PayPal though.

[1] GoogleCheckout only lets me accept payment in pounds sterling, so I only offer it to UK customers.

[2] For a £19.95 transaction PayPal charges me £0.68 and GoogleCheckout charges me £0.45. But Google currently refunds transaction fees for 10x my adwords spend, meaning I don’t pay any transaction fees at all to Google in a typical month.

PayPal reliability problems

paypalPayPal appear to be having major reliability issues over the last few weeks. When someone buys my software through PayPal I should get a PayPal notification email and PayPal should send an IPN to e-junkie. The IPN to e-junkie causes a temporary licence key to be emailed to the customer immediately and the full details of the transaction to be emailed to me (I then send a permanent licence key at my leisure). But sometimes the IPN is sent 30+ minutes after purchase. The leads to very unhappy customers. They have paid for their licence and they want the key. Now. Other times the PayPal notification email never arrives. This is less of a problem, but it doesn’t inspire confidence.

It is not just me having these problems. I have seen complaints on quite a few blogs and forums. The problems seem to be particularly acute for subscription payments. This is causing huge problems for some companies. It is rather worrying that:

a) PayPal broke something so fundamental as subscription payments. Don’t they have proper testing before they roll out changes?

b) It still wasn’t fixed 12 days later.

c) PayPal seem completely unresponsive to requests for information from developers when problems occur.

I have also noticed the PayPal sometimes includes the referral data I read from cookies in customer notification emails. There is no reason why customers should see custom data I pass through to PayPal for tracking purposes. I’m not trying to hide the fact I use cookies. But I don’t want to shove it in their face either. Whether they include this custom data in notifications emails seems quite random. Sometimes they do, sometimes they don’t.

Reliability is my top requirements for a payment processor. PayPal can’t really afford to drop the ball on something as basic as this with GoogleCheckout and Amazon payments breathing down their necks. If I was running PayPal head would be rolling. I hope they sort all these issues out soon. A bit more transparency wouldn’t hurt either.

RegSoft customers beware

It looks like Digital River have added ‘Reservation rewards’ to at least some of their RegSoft customers’ shopping baskets, as they did earlier with SWREG. If you take the bait and sign up for Reservation Rewards, you will be billed $9 per month forever, and get nothing useful in return. It is an absolute disgrace. If you are with RegSoft (or any other Digital River company) I suggest you check your shopping backet ASAP and seriously consider moving to an non-Digital River alternative.

Credit card fraud

mount seftonFraud can be a very big problem for online software vendors. Fraudsters can easily use throwaway email addresses that can’t be traced back to them (e.g. Hotmail) and IP addresses aren’t difficult to hide. Not only does the vendor lose the payment when the fraud is reported, they also often get hit with a chargeback fee. This is pretty outrageous when you think about it – the credit card companies are charging vendors for the fraudulent transactions that they themselves have failed to detect.

Thankfully I have had relatively few fraudulent transactions in the last 3 years of running my own business. However some more mainstream B2C businesses aren’t as lucky. Below are the experiences of one software vendor I have corresponded with [1]. It makes for scary reading. The vendor wishes to remain anonymous for understandable reasons.

I tracked one of our recent chargeback emails to a forum were they had been openly selling stolen credit card information for $2 each. If you do have a popular product that may be prone to chargebacks then it is a small nightmare unless you have a fraud system in place as there are 1000s of credit card info out there with full contact details. There is not a day goes by that we don’t get at least 3 stolen credit card purchase attempts.

We use WorldPay and they have a quick check on cv2 code and if the country, postal address and postcode match. But almost all of these purchases pass the simple fraud checks. You cannot even rely on IP checking as the fraudsters are pretty smart and use proxies, or even hijack PCs to make purchases from the same country the credit card is issued. PayPal is not quite as serious, but we do still receive quite a few hijacked account purchases also.

WorldPay fraud checking is next to useless. Even the ones they warn on are usually legitimate. They have recently released a new backend, but they have made the problem worse as they seem to warn if the IP address isn’t from the same country. The problem with that is we get a lot of sales that don’t match, from military based in different countries. Our whitelist used to let them go through automatically, but now we have to manually capture the payment.

The number of fraudulent purchases changes depending if you make a new release etc or if your software is hard to find an easy crack. It can be from 1% to 15% depending, as you may have a single user trying to hit you on certain days.

We were forced to make our own fraud checking system. At least we had all the information at hand as we make users sign up to our site before making a purchase and we log all activity from a user, but to get that information we had to lose many thousands of pounds in fees. Since implementing our own fraud check (as fraudsters do tend to use amazingly similar criteria each time) we have reduced it to on average 1-2 a week, which are almost impossible to catch.

I think the level of fraud has to do with the type of users we sell software to. They are the sort of people that know exactly where to find cracks/keygens. Our software does have pretty good protection and online activation, so it is not so easy to get an easy “working” crack/keygen for it. We also have large volume sales over the past few years, so we have more information than most developers would see.

The credit card companies can’t really lose, especially with “no card holder signature” sales. Chargebacks cost on average 15 Euros. I have even contacted the likes of PayPal telling them that sales are fraudulent, and quite a lot of times they do not care.

We get to see all our sales, I would hate to think what is happening at these merchant services like Regsoft etc. How many sales are being refused that may be legitimate? I tried paying a programmer once who accepted payments using Regnow from my PayPal account and they refused it. My account was verified and had been in good standing for many years. It wouldn’t have been so bad but the person I was paying did not have a clue it was refused.

So, if you have a successful consumer product that fraudsters might be interested in, be prepared to expend a significant amount of money and effort dealing with online fraud. And don’t expect the payment processors and credit card companies to give you much help. I guess the credit card companies don’t have much incentive to reduce fraud. As long as they can keep pushing the cost of fraud onto the vendors and the fraudsters don’t bring the whole system down, the credit card companies seem quite happy. Why wouldn’t they be?

[1] I have spliced together the contents of several emails and edited it for continuity and brevity.

Brand recognition: PayPal beats Google

I offer both PayPal and GoogleCheckout as payment option on my pounds sterling payment page (GoogleCheckout only allows me to price in pounds sterling, unfortunately). As GoogleCheckout is effectively free to me at present[1] I put the GoogleCheckout button on the left in the hope of getting more payments through Google. But 70.5% of purchasers clicked on the PayPal button.

I have since then become a bit disgruntled with GoogleCheckout for their slow processing times, chargeback fees, lack of multi-currency support and use of anonymised email addresses[2]. So I swapped the button order in the hope of increasing the number of purchasers using PayPal. 69.3% of purchasers now click on the PayPal button.

paypal-vs-googlecheckout.gif

From this I conclude that GoogleCheckout still has a long way to go to beat PayPal in brand recognition, positioning on the left may not be more prominent (although 1.2% may be statistical noise) and button order is less important than I thought. Or perhaps the PayPal icon is just more compelling. I wonder if GoogleCheckout have tested their icon against the PayPal icon?

[1] Google currently process £10 of payments free for each £1 I spend on Adwords.

[2] The user can opt to have their email anonymised at time of purchase. The vendor then recieves an email address like Miss-abc123xyz@checkout.l.google.com. Google forwards email from this address to the purchaser, until they choose not to receive further emails. In theory this protects the purchaser from vendor spam, but in reality it makes support more difficult. For example, the purchaser can’t retrieve their key from your online key retrieval system unless they remember to use the anonymised address (they never do).

First charge-back from GoogleCheckout

google_checkout2.gifI have just had my first charge-back through GoogleCheckout. I shouldn’t moan at one charge-back in 8 months use as my secondary payment processor – except:

  • the credit card address was in the UK, the IP address was in the Netherlands and the email address was .ru (Russian Federation)
  • the payment failed authorisation twice, before succeeding a third time

Despite the above, Google apparently just processed the payment automatically, without referring it for further checks. How many Google Phds does it take to write a scoring system that can figure out that this was a suspect transaction? To rub a bit more salt in the wound Google have debited a £7.00 charge-back fee on top of refunding the payment.

I guess Google must need the money.

GoogleCheckout takes 22 hours 28 minutes to clear a payment

GoogleCheckout

I am a big believer in having more than one payment processor. I use PayPal as my main processor with GoogleCheckout and 2Checkout as alternatives (GoogleCheckout for pounds sterling and 2Checkout for dollars). But I haven’t been overwhelmed by GoogleCheckout so far. This is how long the last 10 payments for PerfectTablePlan through GoogleCheckout took to clear:

  • 4 hours 5 minutes
  • 5 minutes
  • <1 minute
  • <1 minute
  • 22 hours 28 minutes
  • <1 minute
  • <1 minute
  • <1 minute
  • 1 minute
  • <1 minute

That is quite some variation. I assume it is due to some orders being flagged for manual fraud checking. This is response I got from Google when I complained:

…for your protection, Google may review certain orders before passing them to you for processing. Some reviews may take slightly longer as Google performs more comprehensive analysis of the order to minimise your exposure to fraud risk.

Our specialists are working hard to address all orders in a ‘Reviewing’ state as quickly as possible. These reviews may take up to 24 hours…

So 22.5 hours appears to be acceptable as far as Google is concerned. But they managed to reply to my support email within a few minutes.

GoogleCheckout may be cheap (effectively free to Google Adwords customers at present) but keeping my customers waiting up to 24 hours for their licence isn’t acceptable to me. It makes me look bad. Go and hire some more people Google – you can afford it. Otherwise PayPal are going to wipe the floor with you as soon as you start charging comparable fees.

Despite the leisurely time they take over fraud checks they still managed to pass a payment with a postal address in Scotland, an IP address in the Netherlands and a Romanian email address. I am still waiting to see if I am going to be charged a £7.50 fee by Google for the privilege.

Cost effective software registration with ejunkie

ejunkieMost small software vendors don’t want all the hassle of taking payments direct from customers, so they use a third party registration service. Registration services provide payment processing plus additional services, including handling of:

  • licence key emails
  • coupon codes
  • affiliate payments
  • taxes
  • invoice sales

But these services don’t come cheap. According to this calculator some registration services charge as much as 15% commission on every £20/$40 sale. 15%! I find that quite staggering. 10% is more typical, but personally I don’t intend to give 10+% of my hard earned income to anyone, except my wife and the government. To add insult to injury some of these services also try to upsell questionable ‘offers’ to your customers. For example KAGI upsell a licence look-up service for which the software vendor gets a, frankly insulting, $1. I understand from reading the macsb forum that the upsell will be added automatically to the shopping carts of all software vendors selling downloads and will be checked by default. You then have to opt out if you don’t want it. Personally I think every software vendor should offer licence retrieval for free. And don’t even get me started on Digital River/SWREG and their Reservation Rewards ‘offer’.

PayPal and GoogleCheckout are much cheaper, with rates of approximately 3.4%[1] and 2.25%[2] respectively on a £20/$40 sale. But PayPal and GoogleCheckout are just payment processors and don’t provide all the additional services most software vendors need. They provide extensive APIs so you can ‘roll your own’ service, but this sounds like a lot of work reinventing the same old wheels.

Alternatively you can use a third party to provide additional services on top of PayPal and/or GoogleCheckout. I use ejunkie which provides most of the services you would expect from a fully-fledged registration service from just $5 per month[3]. The savings can be considerable, for example (all figures approximate):

number of $40 licences sold per year

yearly costs
10% commission registration service PayPal +e-junkie[4] GoogleCheckout +e-junkie[5]
1,000 $4,000 $1,420 $1,060
5,000 $20,000 $6,820 $5,060
10,000 $40,000 $13,660 $10,060

If you can offset your GoogleCheckout processing fees against your Google adwords spend your monthly costs could be as little as just the $5 ejunkie fee.

On the whole I have been very happy with the service I have received from e-junkie, once I got it all working. It has been very reliable and the support has been very responsive. ejunkie does seem to be more geared to selling downloads (e.g. e-books and MP3s) than licence keys and the documentation is thin in places. Consequently I had a few issues trying to bend it to my particular requirements. I will try to find time to cover these issues in another article.

You can find out more about ejunkie and try their 1 week free trial here.

Other possible third party integration solutions are PayLoadz and Linklok. For those of you who prefer a more traditional registration services, I have heard some good reports about Plimus and Avangate on various forums. Neither of these companies has been bought out by SWREG owner Digital River (yet). I haven’t used any of these services myself.

It remains to be seen whether pressure from PayPal and Google forces registration companies to reduce their fees, add more services or just puts them out of business.

Thanks to Patrick for first alerting me to ejunkie.

Full disclosure: The above ejunkie links are affiliates links. If you follow these links and sign up with ejunkie I will get a commission. It is not a lot, but I won’t need many people to sign up to cover my ejunkie fees completely.

[1] PayPal rates vary according to volume. Currency conversions cost an extra 2.5%.

[2] Google have sweetened the deal by offsetting processing fees against adwords fees until the end of 2007. This means the rate is effectively 0% if you have a moderate spend on Google adwords each month.

[3] The monthly fee depends on number of products. $5 per month covers 10 products and 50MB of storage.

[4] Based on 3.4% PayPal fee + $5 per month ejunkie fee.

[5] Based on 2.25% GoogleCheckout fee + $5 per month ejunkie fee.

Interview

adriana iordan.jpgI was flattered to be asked to do an interview by Adriana Iordan of Avangate (pictured left). How could I refuse given that the previous 3 interviewees were Bob Walsh (author of “Micro-ISV: From Vision To Reality” [1]), David Boventer (founder of ESWC) and Eric Sink (top software blogger and almost legendary founder of SourceGear)? Adriana, if you could interview Joel Spolsky, Bill Gates and Steve Jobs next, that would be perfect. ;0)

The interview is here.

[1] This is Bob’s affiliate link. If you follow the link amazon.com are currently offering Bob’s book together with “Eric Sink on the Business of Software” for $36.28. They are both well worth a read for any budding software entrepreneur. The price is nearly double (pounds for dollars) if you buy them from amazon.co.uk. How can Amazon justify that sort of price difference?

SWREG customers beware

swreg upsellIf you are a customer of the ecommerce provider SWREG you should beware that they may be upselling highly questionable ‘discount’ schemes to your customers. From a post on the Business of Software forum:

This unannounced change was placed at the point of order completion where and leads to a $10/mo discount coupon scheme unrelated to the sold shareware. The way the offer is presented is deceptive – after the order is complete, they show a button with the word “Continue” on it. It looks like you are supposed to press the button to complete your order. Instead, you end up paying for something you probably didn’t want – and it’s a recurring charge.

Another posting suggested this only happens if your customer is in the USA.

I am not based in the USA and haven’t bought anything from SWREG recently myself, so I can’t personally verify the above. But these comments are backed up by posts I have seen on other forums from unhappy vendors and their unhappy customers. If you are using SWREG I suggest you buy a copy of your own software and see for yourself (you can always refund the payment later).

Assuming the above is true – what are they thinking? Either they don’t see anything wrong with it (which is very worrying) or they know its completely unethical, but are doing it anyway (which is even more worrying). It reeks of desparation to me. I thought their upselling of a registration backup service was highly questionable (I think vendors should provide this service for free), but at least it was clear what you were getting.

Vendors looking to move from SWREG to a different ecommerce provider might like to consider companies not owned by SWREG’s parent company Digital River. I use e-junkie.com with PayPal and GoogleCheckout. Other people have recommended Plimus and Avangate. You can compare processing fees here.