The setup took maybe 15min, and an hour later we had already received our first PayPal payments.
Beyond the fact that this is EU only, it does seem like ON_BEHALF_OF will probably never be supported considering PayPal would be directly feeding their competitor with the same functionality that their own platform offers.
That being said... onboarding into PPCP feels like getting selected for the lottery compared to just how easy it is to get running with Stripe's platform. If Stripe ever does support PayPal payments on behalf of I'd be switching over in a heartbeat.
This essentially means you still cannot accept PayPal as a payment method if you're a platform using Stripe.
¹) I’d estimate some 95% of all small online business are doing sales tax wrong. Hell, Basecamp just now cleaned up their act.
Gumroad should’ve gone about it another way; just do fixed price extra’s for instance. Ah well.
And also why I'm working on completely migrating off.
Icelandic banks pushed some bad code for Mastercard to meet a Paypal standard. This caused transactions to have an extra 00 added to each transaction. Took a week or two to resolve.
Many of contemporary financials are also still being worked on the mainframes, utilizing the technology stack of 80s, and there are many differences between vendor implementations in the space.
While there are many argues about usability of crypto for payments today, crypto standards do exist in form of RFCs that are open source, produced by community, and are enforced world wide by application developers.
Very progressive step forward IMO as compared to software side of traditional finance today.
There have been plenty of bugs and vulnerabilities in blockchain technologies over the years.
The mature and well architected tech stacks in traditional finance come from the economy of the scale, from where also comes funding as you metioned. Crypto currently has the blockspace problem which prevents from scalability. So, while there are some well performing companies in crypto (dozens of them), there are much more companies in traditional finance, just because of scale.
The problem of blockspace have been solved in smaller networks with use of sharding, and will be rolled out to bigger networks in form of upgrades. If the world does not see regulation uproar banning crypto everywhere in coming years, crypto will endure true economies of scale. Think every PoS app, every B2B payment gateway, every web application in the wild accepting both Visa and crypto based payments, with crypto fee -- and price -- being less. I don't see how traditional finance can withstand this challenge. IMO this is also like BBS forums vs. Web technologies in 90s. I say it as someone who worked on parsing and producing Mastercard related file formats, and also worked on enterprise crypto applications. While I agree right now the crypto is laughable from many aspects, so it was the web in it's early years.
From the Stripe page OP link: PayPal is available for online marketplaces using Stripe Connect. These online marketplaces include businesses such as Deliveroo and ManoMano that collect payment from customers, and later pay out to sub-accounts or service providers. PayPal isn’t available for platforms that onboard other businesses and enable them to accept payments directly, such as Shopify or Squarespace.
Most marketplaces are not Shopify or Squarespace, and most customers on those few are probably already able to take PayPal payments via their marketplace where appropriate.
Stripe does not allow customers from the US to participate in this.
Some integration happened, but there are still separate parts, so they're not one and the same at the moment.
My site (mage.space) has hundreds of potential customers waiting for this. It was our most asked for feature after releasing our premium features this January.
Do Canada next!
I actually got really confused by the instructions because I went into the dashboard and couldn't find PayPal.
(Personally I fucking despise PayPal so much but lately I see more and more foreign companies start offering iDeal payment option. Even though they charge an extra fee for it I'll gladly take it over PayPal).
I think in general they experiment with building lots of connections that most customers never see. At my previous place of work we integrated Klarna with Stripe, I see this has also now launched, but we used it in private beta for a long time.
While it's nice that this is now available, I wonder how well it works in practice. We had numerous problems with our Klarna integration – mismatches in expected flows between Stripe/Klarna, needing to use some Klarna APIs directly and some via Stripe, and neither Stripe support nor Klarna support having any idea how the integration worked.
Yesterday I login to PayPal and it text messages a 2FA auth code to an old, supposed-to-be deleted, phone number. There is an option to "try another way" where they call the new phone on file and I dial in a code they show on the web. This worked yesterday and I confirmed the old phone number is not visible in the UI.
I've been living abroad and originally signed up for Google Fi. One day, Google Fi disconnected my data and phone access. SMS still works, but there are cases where you need to "authenticate" with a phone call. Turns out Google Fi has a policy in place where they disable your data/phone access if you've been abroad for over a year. Due to covid and other situations, it didn't seem worthwhile to return to the United States just to resolve this phone issue. CSR didn't seem to be trained on this case, and it took several hours and multiple escalations before anyone in customer support knew about this policy existed. Google has a bad reputation for customer service, and they made a half-baked attempt at building out a customer support team with Google Fi, but it's a joke. As a former Google employee, I understand but still find it absolutely unacceptable. The performance review cycle is broken when no one has any ownership about the product after it's shipped. Customer Support felt 80% implemented, and the product manager moved on to the next shiny thing. Google's effort to invest in training the customer support staff to be exceedingly nice and soft spoken really shows. I just wish the customer support staff were trained to actually fix issues instead of re-iterating the also useless online documents and in-app copytext of Google Fi. I've worked with GCP tech writers to publish some docs for GCP, and if it's the same org producing the customer support FAQ/script and peripheral copy in the app/online docs, I'm not surprised why it's useless.
Google Fi has all the traits of an abandoned Google project. Funny enough, I noticed yesterday they rebranded to "Google Fi Wireless". I'm sure someone got a promotion as part of that initiative. At any rate, because of the inability to do authentication over the phone, I migrated to Google Voice as I was able to keep my phone number. Google Voice has signs of age and abandonment too. But it did the job... for a while.
Today I followed the same pathway to login to PayPal and was locked out.
Yesterday there's a bug in Chrome where I do not hear sound from Google Voice calls. The initial ring makes a sound, but then nothing, so I know my browser and OS has been configured to play sound for Chrome. This was after Google showed a banner linking me to docs, which in turn instructed me to go to chrome://settings/content/sound to allowlist Google Voice. Not sure why this is needed, when the default behavior is "Sites can play sound". Still didn't work. Hopped over to Firefox and got a warning that "this browser is not supported" when attempting to login to Google Mail. Not sure what kind of security vulnerability exists at the seam between Google Account login and a few months old version of Firefox. Thankfully with an update I was able to get Firefox to produce sounds for Google Voice calls and was able to 2FA into PayPal.
Today I forgot about the Chrome bug, and after 3 attempts, PayPal locked me out. I was told to call customer support. The CS rep said they will "disable 2FA" on my account. They noted that did not see the old number listed on their side either. PayPal still has my old phone number in a database somewhere, even though I requested it deleted. Can't tell if this is or isn't a data retention violation. I received three separate emails in the following order: "you added <new phone number>", "<old phone number> removed", "<new phone number> removed". I attempt to login and greeted with "Confirm your phone number with a code ... <new phone number>". The two options are to receive a text or a call. Immediately after the clicking, I see "Sorry, we couldn’t confirm it’s you". The two options now are to "try another way" which goes back to that previous screen, or to call customer support. Customer support said I might have issues if I am using a VPN. I told them I have not been using a VPN. Customer support tells me I might have issues if I am accessing PayPal from abroad. Customer support tells me to try again in 24 hours. I ask CSR if they know it will work or they think it will work. They tell me they think. Everything was a "maybe" and that there was no way for them to override the automated system. I told them the automated system is throwing me in a loop and to contact customer support. I understand they are in a bad position due to corporate, but I asked them what is the escalation path. They said there is none. I asked to speak to a supervisor. The supervisor had a novel idea of initiating a password reset. They issued a password email. While we're waiting for the reset email, we're going back and forth on the absurdity of this process. I asked them why am I seeing the screen to confirm my phone if 2fa has been "disabled". They explain that the phone number is used as a means of confirming my identity. I told them I'm calling them on the phone right now. How else am I supposed to prove my identity if they say the phone number is the source of truth of my identity? They're vehemently defending PayPal, but reiterated there was no escalation path. All they can do is report asynchronously to "IT" and hope one day things change. 15 minutes go by and the email finally comes. Unfortunately the password reset link expires after 10 minutes. I asked the CSR rep if think it's absurd that control is handled over to the automated system, and customer support can't do anything. There should be an escalation. For example, why is there a 10 minute limit on the password reset email if it takes 15 minutes for them to come. They told me this is a "one off" and "industry standard security policy". We do this password reset thing three times, but the emails always comes in after the expiration time. They told me these systems have been in place before they joined PayPal and will remain in place after they leave PayPal.
I've been responsible for building auth/identity systems dealing with security reviews. A lot of these processes at PayPal seem illogical security theater and there is no feedback loop to fix them. The CSR rep practically told me it's best not to rely on PayPal if I don't live in America, even if I am American. They proposed a create a PayPal account in the country I currently reside in. Yeah, no. I am dubious when they can barely handle the United States case well, and I am living in a country with a much more byzantine bureaucracy. Funny enough, I've worked on an analytics / operations team at one of the largest FinTech players in the US where one of my projects was optimizing the CSR operations. Our products handled diverse user base pretty well. I don't understand how PayPal can succeed as a multi-national business.
Our lives are growingly dependent on digital systems that are increasingly complex, but they are still so jank. In this case of PayPal, they've prematurely handled off control to the machines without any way for customer support humans to intervene. At least in the country I live in it's acknowledged that the IT infrastructure sucks, and so there is always a way for human intervention. Corporate America's quarterly business cycle leads to these cost reductions that delegate more and more to automated systems that aren't robust. I feel like we've past the inflection point of where digital technology was without a doubt improving our lives.
Instant payment networks: https://news.ycombinator.com/item?id=36012262
Ah yes, the little known EU payment provider PayPal.
To the point: is Paypal even popular in Europe?
For my app, I offer purchase via Stripe, wiretransfer or PayPal. 75% choose PayPal.
Stripe's "solution" is especially ridiculous, since it theoretically sends the info directly to Stripe... but it still runs in the merchant's browser origin and can be phished trivially.
Stripe supplies a script that merchants embed and style themselves. In theory the script sends the payment info off to Stripe directly for tokenization... but the user has no way of knowing that the merchant site didn't sniff it, or even that the script was used at all.
Unless it is something that I've misunderstood?
But a Stripe token (as implemented correctly) is still not quite as powerful as the card info itself, since it can only be reused with Stripe by that merchant.
It’s quite convenient as a payment method if you don’t want to use a credit card. Especially for international purchases.