SaaS: Resilient payment architecture for subscription models
While deploying their offers internationally, SaaS Companies have to rely on several payment partners to run transactions for their business in different parts of the world. This can be very challenging, given the number of processes that require expertise for payment & billing management:
- Onboarding popular local payment methods
- Fraud management
- Chargeback & refund management
- Collection, conciliation & remittance
- Customer care for payment-related issues
- Dunning strategy (to reduce churn)
- Invoicing, etc…
I have often seen SaaS companies choose to outsource some or all of these tasks.
In these cases however, there is one strategical item which doesn’t draw all the attention it deserves: payment data storage.
If you have a subscription business model, recurring payment management requires card data to be kept in PCI certified storage. Many PSPs offering recurring payments offer their own PCI storage. In most cases, to avoid having to deal with PCI compliance issues, SaaS Companies usually tend to decide not to store this information on their end.
So what happens when a PSP becomes less reliable or the SaaS company wishes to change PSP for any other reason?
The best recommended solution is to set-up a redundancy of all the card data coming from payment partners in a single global PCI storage. This replicated database can then be operated by the SaaS Company itself, if it’s PCI-compliant, or any other global payment partner.
Now, what if your company has already launched subscription on a global scale and didn’t replicate the payment information in a centralized database?
Better late than never. Subscription data is entered and updated everyday and should be captured at every opportunity.