Share this page
Accepting Payments using Stripe
The client was an international hospitality provider based in Europe and the United States.
The client was looking to accept payments via their mobile app, but didn’t know how to securely store their customers’ card details and process payments. They needed a platform for accepting and managing payments from both web and mobile customers, supporting both Apple Pay and Android Pay.
The project required a number of new systems to store credit card details, process payments, send money to merchants, manage refunds and report on transactions.
To handle this, a web platform and a set of microservices was written that allowed customers to authenticate and register their payment details. These were set up to only allow secure communication and had a series of safeguards to ensure that only connections from real customers were permitted.
The payments platform allowed other systems to create transaction records and charge those cards as necessary. Stripe was used as a payment processor and card registrar, accepting Visa, MasterCard, and American Express. Stripe are a PCI Level 1 Service Provider, meaning that card details could be stored using their systems, thus avoiding the additional cost the client to become PCI compliant themselves.
After payments had been accepted, there was a need to support other business flows for refunds and chargebacks. This was done by integrating the new payments features with an existing administrative portal.
Transaction records were stored in a new database, with daily and monthly reporting exports allowing the business to examine performance across different regions and venues.
The system was implemented in C# using a combination of ASP.NET Web API 2, ASP.NET MVC 5 and Azure SQL databases. The backend was implemented using a set of microservices which allowed us to simplify each individual component and achieve 99% test coverage of the platform as a whole.
The service was hosted on Microsoft Azure, with external access to the platform locked down to only a handful of access points and internal access to the servers protected using Azure’s virtual network technology.