NAB backs payments startup Stripe

Stripe is the latest payments gateway company to launch in Australia, hiring two sales staff after a five month beta program.

Stripe allows creators of mobile apps or e-commerce stores to accept credit card payments from customers without having to sign up for a merchant account.

Payments are accepted via an API (application programming interface) that can be embedded in a web page or an app in a relatively intuitive way. 

Stripe charges a 1.75 percent cut of the sale plus 30 cent transaction fee, which founder John Collison told iTnews “isn’t drastically different economics” from competing services, but for the fact that Stripe doesn’t charge any hefty set-up fees or monthly fees.

Merchants are only charged at the point of transaction and are charged a slightly higher cut when serving a customer overseas.

The biggest selling point for Stripe is that the transaction remains within the app or web page of the merchant, rather than being redirected via an iFrame or a new web page to Paypal, an app store or some other third party.

“One of the fundamental tensions in ecommerce is when [service providers] keep things in their own walled gardens, versus the merchant owning the experience,” Collison told iTnews.

Stripe is backed by the who's who of venture capital - everyone from Sequoia Capital, Andreeson Horowitz, PayPal founders Peter Thiel and Elad Gil, and Box founder Aaron Levie.

The nitty gritty

The arrival of new online payment gateway providers offers Australian application developers newfound convenience and faster speed to market.

It joins the likes of Paypal-backed Braintree and Perth-based startup Pin payments, both available in Australia since mid-2013. Braintree is used by the likes of the ABC, Airbnb and Uber. 

These payment startups do not have an Australian Financial Services License and are not directly regulated by the Australian Prudential Regulatory Authority (APRA) as banks or other institutions provisioning credit cards might be.

Stripe overcomes this by partnering with National Australia Bank. Stripe uses NAB to pay funds it collects from credit card transactions into merchant’s Australian bank accounts and manage foreign exchange services for Australian merchants. 

On that basis, merchants are asked in Stripe's terms and conditions to assume most of the security and privacy risks involved in a transaction on their websites.

For example, if an app developer fails to meet Stripe’s security protocols (which, among other things, demands PCI compliance), and is suspected of falling foul of a data breach, all the risk remains with the merchant and none with the bank or the payments startup. The same applies yto users of Briantree and Pin payments.

Stripe's terms of service state that merchants are also “liable for any fine imposed on Stripe or NAB by any of the card schemes as a result of your failure to comply.”

Merchants agree under these terms to allow NAB or Stripe to audit their “relevant systems and databases” in the case of a data breach, and agree that NAB and Stripe can force them to undergo a PCI compliance test if a breach is suspected.

That obligation isn’t reciprocal, however.

Stripe offers to maintain “commercially reasonable administrative, technical and physical procedures to protect all the personal information regarding you and your customers that is stored in Stripe’s servers from unauthorised access and accidental loss or modification".

“However, Stripe cannot guarantee that unauthorised third parties will never be able to defeat those measures or use such personal information for improper purposes.
 You acknowledge that you provide the personal information regarding you and your customers at your own risk.”

Further, Stripe’s terms of service request that merchants ‘consent to the disclosure of your personal information” to third parties “where the laws on the collection, use and disclosure of Personal Information are less stringent or protective than Australia”.

The merchant thus agrees to waive its right to pursue Stripe under Australia’s Privacy Principle 8.1.

A spokeswoman for Stripe noted that PayPal's privacy policy for Australian users allows the same disclosure of personal information to affiliates outside of Australia. 

"Please note that these third parties may be in other countries where the laws on processing personal information may be less stringent than in your country. However, we will ensure that we ...  take reasonable steps to ensure the third parties do not breach the Australian Privacy Principles in relation to the personal information.

- PayPal's privacy policy for Australian users