💡 How to create a trustworthy pre-payment system with automation

Hey Makers :wave:

:desert_island: The temperatures are through the roof and so is my excitement about sharing today’s story with you! To briefly quote Moss: You best put seatbelts on your eyes because they’re in for quite a ride! This time around, we’re talking to Mitch Schwartz - a certified Make partner and automation expert.

Payment card industry (PCI) compliance is a potential minefield for many businesses, and a key factor for their success is building trust with clients who share their sensitive data.

So, after rendering their services, how can a business safely support prepayments and adjust billing using a low-code app with few or no security protocols of its own?

Mitch Schwartz, partner at product development agency PragmaFlow, tackled this head-on.

:arrow_down: Read his take on this common problem, and check out his instructional videos below :arrow_down:

Mitch proud of a job well done

What problem were you trying to solve with your automation?

How to pre-authorize and post-charge a client in a low-code app using Stripe, without needing to worry about complex and expensive certifications. Since we never actually pass ANY credit card info through the app itself, we avoid issues of PCI compliance, which would be impossible to obtain in many low-code builders. As a bonus, I believe a similar workflow could work for subscriptions.

Why did the problem exist?

There are 2 problems being solved: compliance AND a way to pre-authorize credit cards in a low-code environment. This issue is common for providers who need to adjust billing based on the service used. Some examples I’ve seen:

  • uber-style delivery services
  • online courses or products offering payment plans
  • ecomms or travel apps that take deposits on purchase
  • a laundry company that charges based on weight

We developed the flow for a client who offers consulting services, which bills clients automatically through an app, based on call length after the call is completed.

The bigger problem addressed here is that low-code builders often address less experienced people who do not understand PCI compliance, client vs. server, and many other key security things. We’ve worked with a platform that claimed their Stripe component is PCI-compliant. The thing is, no app built with their product would be so it’s a wash. It can be dangerous to implement credit cards for people who do not understand security well. This approach uses Make to leverage Stripe’s existing workflows, so it is already secure.

How did you solve the problem? What does your solution look like?

:spiral_calendar: We’re using Make to support pre-payments in an app that helps users set up calls with financial professionals.

:credit_card: Before they schedule, we ping Make to get the unique checkout URL from Stripe. We could go directly from Adalo to Stripe, but by storing the authorization info in Make, we avoid exposing it on the client side.

:white_check_mark: Once the call is completed, we send another ping to Make to confirm pre-authorization and charge the card.

What did your solution achieve?

  • Complete data security
  • Freedom from PCI headaches (compliance and certifications)
  • A ton of time saved
  • Priceless peace of mind for our customers

:brain: Itching to see how Mitch made this magic work? Check out the series of videos where he explains everything in the tiniest detail and feel free to let us know your thoughts in the comments!

:purple_circle: Part 1

:purple_circle: Part 2

:purple_circle: Part 3

Helpful Resources:

:make: Stripe on Make
:make: Blog: Stripe vs Square