1. Missed the live Ask the Expert event?
    Catch up on the conversation about fertilization strategies for success with the experts at Koch Turf & Ornamental in the Fertilizer Application forum.

    Dismiss Notice

Online payment set up?

Discussion in 'Digital Marketing' started by Surf'n'Turf, Oct 10, 2006.

  1. Surf'n'Turf

    Surf'n'Turf LawnSite Senior Member
    Messages: 326

    Any LCO's here ever set up thier website for clients to be able to view thier current account status and make online payment similar to those of phone, mortgage and utility companies? I currently run 2 online retail sites and I'm familiar with checkout shopping carts, but looking for something more streamlined, perhaps compatable with QB's or other billing software.
  2. WebMan

    WebMan LawnSite Member
    from D/FW TX
    Messages: 11

    1. The "account status" problem would be creating a secure database with passwords or login information for each user. The level of activity they could do from here and the level of personal detail contained would determine the level of security required.
    2. If you are familiar with e-commerce you know the high cost of processing payments on your site. Otherwise you either use PayPal or some other "off-site" 3rd party service or get ready to "pay the piper" for your own secure e-commerce set-up.

    The main thing to remember is security and the associated costs. Of course it can be done, you can bank on-line, make payments, see balances etc. BUT those people have a fortune to spend on all that and a dedicated IT & security staff working 24/7/365.

    Usually anything "simple" for the customer would become too costly for the contractor. Example: You could give them a password where all they could do was login to see their balance with a fairly low level of security (if the only "associations were their "login" and the balance) But if it associated their name address etc. the security level must increase. Then if you don't want them to have to leave there and go somewhere else to pay you have to be as secure as the bank. You have too much of their info in one place. (everything a cracker would need to get their bank/CC information, become them, and start shopping.)

    If you make them leave the area with very basic "non-personal" info (like all they see is account #1234 has a balance of $65) and they go to some other service like PayPal or similar to pay, then security isn't as high of a requirement on your end. BUT customers today would expect the payment to be instantly reflected by their balance going to zero (using PayPal or similar with low security it wouldn't update until you manually sit down, open your payment account like PayPal, see the payments, login to the main web site and manually change the balances. Maybe that night or whatever) so they might not be satisfied with the experience and you might get calls like "I made a payment at 8am and my balance still shows I owe $65!!!"
    So you went to a lot of effort and they are unhappy.

    You can invoice on-line & track balances etc. with Quickbooks but that's nothing they can login and see & do, they just get the bill by e-mail and when they pay it you enter it in Quickbooks then it can send them an e-mail receipt.

    If you do e-commerce I don't know if you really "do" it or if you use some on-line store service like eBay & PayPal have (and many others) where they do all the secure parts. If you are not familiar you are responsible for all the information you collect, keeping it secure (which adds $$ to the costs of a site in itself) , and can potentially be liable if it is compromised.
    I know it would be "neat", I can see if I was a super-programmer where it might be profitable to develop such a service tailored for lawn people and charge everybody $X a month then handle all the stuff for you like other services do for other industries so it "looked" like you but was not really on your site (like a lot of the "store" services) but I'd have to know if the market was big enough to make it profitable (anybody doing it would need lots of "subscribers") But you would need to be a BIG lawn company to develop and maintain something I think customers would really like on your own. (I think the part where they could only see their balance but had to login somewhere else to pay would just aggravate more people than it would impress)

    I'd probably stick with Quickbooks to simplify your life, give them an e-bill, and make it easy to remind you to remind them if they didn't pay on time all at a low cost with a program you probably use anyway.
    Just my 2 cents.
  3. Surf'n'Turf

    Surf'n'Turf LawnSite Senior Member
    Messages: 326

    Thanks, that's the kind of info I was looking for. I'm familiar with paypal and propay, but use neither of them unless dealing with a private ebay sale. Currently, with both retail websites I own, the customer pays through a secure SSL checkout through my server and the transaction is instantly processed by my merchant service. On one site (OS Commerce template based) customer can create an account with login ID's, but I believe you could not go and review a previous account balance unless info was posted by me or IT guy. They can view past purchases, but what if they paid with check the month before? It'd be nice to offer this, as my wife and I enjoy the conveniece of paying everything we can online, just not sure if it is worth the headaches at a small (300 accounts or less) level.
  4. WebMan

    WebMan LawnSite Member
    from D/FW TX
    Messages: 11

    If you already have a merchant bank, payment portal, SSL, etc. it could be done (you would need an SSL for the lawn business) the main problem would be just what you suspect. The "history" of those transactions is available to you at your merchant bank but it would take some serious programming to create a running balance & credit for each individual account so when the transaction went through the "payment gateway" it also reflected in their on-line display on your site and it would need it's own secure database etc. and a programmer would have to be good enough to be sure all that scripting was secure also so there was no "backdoor" to your payment gateways somebody could find a hole in through your "customer side". (If you use OS Commerce you know how often they issue patches for it, and it's very popular)
    It could be done, but would that feature bring enough added business to pay for itself as opposed to having them just be able to pay a single bill on-line...that's the $64 question and my guess would be no, not by the time you paid a programmer to write all that for you and integrate it with your merchant account securely where a particular customer's payments could go in but no one else's information could be compromised by some "reverse coding" ...that's just what the bad guys love to try to find a hole in.

    That's why I said if it was of enough interest enough "lawn people" would be willing to pay for the software it might be a doable idea for some seriously gifted programmers, but it's all about numbers of users.
    1,000 users and the cost for such a program might get down to $50 but 100 users and it would be $500 a copy and a lot of "lawn people" might not think it was worth that. :confused:

    It is an interesting idea though, I just wish I was a very gifted programmer about 30 years younger...the kind of guys who sometimes develop projects like this for their doctorate project in computer programming or something and end up being wealthy... because over the years there might be enough people in the industry who would want such a thing.
  5. topsites

    topsites LawnSite Fanatic
    Messages: 21,653

    There is a guy on here that did it, forget his name, but his site uses SSL and the mysql database...
    Unfortunately, I believe the work was neither easy nor was the sum that was paid for this to happen cheap.
    I think my Z was cheaper lol.

    It truly is about popularity, the more popular something is, the more bad stuff it also attracts... One of the main reasons windows gets hacked isn't because it's not secure, it's one of the tightest programs in the world, but when billions use it, millions will try and hack it.

    I think to simplify the matter (it's still anything but) one could use the mysql db and while you offer online payments, the software simply subtracts the amount immediately (whether the payment goes through or not, so as to keep yourself from having to set up some type of online banking WITH the database), but still there are issues (such as when a payment does not go through).

    For one, the customer's increasing balance needs updating somehow... If you physically cut their lawn today, then their balance increases in the real world and you create more work for yourself as you get to enter this manually every night. Even with quickbooks, I doubt there is a cross between that and the sql db...

    The customers would have to be assigned a code or number for an ID, rather than using their name. This code / ID is then associated with the balance, while a third party handles the credit card (the bank), so no cc info or real life info is in the db.

    Otherwise you will have more than your fair share of decreasing balances.

    So, here's the deal LOL:
    First, get a notebook and software to use in the field. Then, have satellite Internet so you can uplink your notebook in the field and do an 'update.' Of course, the software has to be smart enough to update both your Quickbooks at home, and the database on the server. I suppose, in a pinch one could USB the stuff for home, still there has to be an easier way to update the db than to enter it manually every evening.

    The other way would be to use software at home that uses the server's db for information, but here we really get into security issues.
  6. WebMan

    WebMan LawnSite Member
    from D/FW TX
    Messages: 11

    Yep, there are lots of ways for YOU to easily keep track of it. BUT when you create a place a customer can enter a username & password to see their personal balance on-line it means that program is accessing the same database that has every customer's info on it.
    The main thing is the skill of the programmer. Of course the site would have to be secure (https) but with programming languages like PHP (what they would probably use) or anything that "calls" to a database to display information the security is only as good as the code it uses to retrieve that information. Other programmers (bad guys) know common tricks where you can enter lines of code into the "password" box for example and it might give them an entry point to the whole server or just that account.
    Basically anytime you can enter active code into a box and trick the box into taking it, there can be problems.

    Like this forum has a function to be able to use some types of code in a post BUT the developers of the software have put safeguards on what that code can and cannot do so I can't enter something and wipe out the whole forum (and yet because this site uses popular software I am sure somebody somewhere is looking for a hole in that feature right now, not because of LawnSite but because this is very popular software and thousands of forums use it. Like the above post said about Windows, it's popular so lots of damage could be done to hundreds of forums if they hacked it)
  7. topsites

    topsites LawnSite Fanatic
    Messages: 21,653

    Ohhh yeah, or they enter some stuff into the url bar, php is famous for passing along unwanted information that way.

    Crap like:
    (I dunno, just making it up but I've seen this crap in my logs and ended up reading up on it, it's definitely a security risk).
  8. WebMan

    WebMan LawnSite Member
    from D/FW TX
    Messages: 11

    Actually the URL bar isn't nearly as much concern as the text box, (box where they enter the password or username) the right command of PHP code in there can tell the database to return a list of usernames or passwords or worse give them complete data access.
    PHP is commonly used because it is so versatile, efficient and powerful but the same can be done with any programming language. PHP is just very powerful and can be made to do many things so you see a lot of programs like what the OP was describing where a programmer will use it. (Note: these forums are entirely in PHP)
    However all programming languages are equally vulnerable if someone knows what to try or wants in bad enough.
    That's why I mentioned the type and amount of data, like a store or safe thieves go "where the money is" so if your program stored payment information like a name and address associated with a credit card or other payment info it makes the data far more valuable, and to allow them to make payments on-line they would have all that.
    If it just stored for example and address and balance (so a customer could just see that the balance at 1234 AnyStreet was $87.45 of which $37.45 was past due that's nothing vavaluable to a thief but it isn't a much good to the customer either. Tie that info to a "click here to pay your bill" and credit card/name with the address info and then there is something useful for the customer but also just what a cracker wants to steal to have both that credit card and enough of their identity to get others not even involved with your site :nono:
  9. chipk1

    chipk1 LawnSite Senior Member
    from Florida
    Messages: 398

    I am pretty proficient in php/mysql programming. I have been playing with the idea of developing a online invoicing solution for LCO's. I have been debating whether there would be enough demand for this project or if my time would be wasted.

    My idea would be to offer a complete online invoicing solution with features like:

    . automatic reoccurring invoicing

    . option to send email invoices

    . offering a invoice mailing service for around $1.25 per invoice snail mailed

    . customer entrance for viewing invoices and sending them to a gateway like Paypal credit card processing which would allow for invoice to automatically be marked as paid. This method would alleviate any responsibility from the LCO for some kind of hack that resulted in exposing customers CC numbers

    . sending late payment reminders.

    The features that could be integrated into a project like this are endless. The question is how much is one truly willing to pay for a service like this. In my opinion, this would be a BIG help for smaller LCO's that remain scheduled to the hilt and dread having to spend their day off printing, stuffing, and mailing invoices.

    Would you honestly be willing to pay for a service like this or is this all wishing think on your behalf? Your comments are very much welcome. Also what features would you want in a online invoicing system?

Share This Page