What is Stripe?

A Full Breakdown

I’ve been using Stripe for about two years now and during that time I’ve slowly learned a lot of the nuances and intricacies this software can provide. I’ve given numerous introductory presentations about how we use it in our projects and thought I could disperse some of the knowledge here. This article is a breakdown of Stripe along with important terminology if you are going to be using it in an upcoming project. A lot of the information found below can be read in greater detail on Stripe’s website so if something doesn’t make sense I highly encourage you to go learn more there or ask questions in the comments!

What is Stripe?

When a customer pays your business for products or services using cash or check, those payments can be deposited into a business bank account. If they want to use other forms of payment they’d need a payment processor. At its core, Stripe is a payment processor. When a customer purchases a product online, Stripe allows a safe and efficient means of processing funds and transferring them into the seller's account.

Stripe allows business owners to accept payments from credit/debit cards, digital wallets like Apple/Google Pay, and ACH (Automated Clearing House — Bank Accounts) payments, and more. They usually charge a flat rate for most payments of 2.9% plus 30 cents per transaction. They offer an in-person payment option as well and charge a separate rate of 2.7% plus 5 cents per transaction.

How Does Stripe Work? (High-Level Overview)

1. The customer provides their card information, either online or in person
2. Those details enter Stripe’s payment gateway, which encrypts the data
3. Stripe sends that data to the acquirer which is a bank that will process that transaction on the merchant’s behalf (In this step, Stripe serves as the merchant so users don’t have to set up a merchant account which is a special type of bank account that gives access to funds received from credit or debit card payments)
4. The payment passes through a credit card network, like Visa or Mastercard, to the cardholder’s issuing bank
5. The issuing bank approves or denies the transaction
6. That signal travels from the issuing bank through the card network to the acquirer, then through Stripe’s gateway to the customer — who then would see a message telling them if the payment has been accepted or declined (if your UI was built well ;))
7. Once the cardholder’s issuing bank finalizes its approval, you can transfer funds from Stripe into your business’s bank account

Stripe customers can receive payouts when transactions have finished processing (usually around 2 business days) and can be made on a schedule of your choosing (daily, weekly, monthly).

Stripe customers pay Stripe to facilitate each transaction. These fees vary by transaction type but for online payments, you can expect costs to be 2.9% plus 30 cents per transaction.

What Problems Does Stripe Solve?

The biggest problem Stripe solves is PCI compliance. The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store, or transmit credit card information maintain a secure environment. Stripe has been audited and certified as a PCI Level 1 service provider, which means it has to undergo an annual compliance report, routine security scans, and tests to remain at this level. Stripe encrypts all customers’ credit card numbers and stores decryption information separately, which means Stripe can’t see credit card numbers without taking extra steps. Stripe also mandates that all online transactions take place over the more secure HTTPS network.

How Can You Ensure You Stay PCI Compliant Using Stripe?

• Never see (or have access to) card data at all
• Use one of Stripe’s recommended payment integrations to collect payment information which is securely transmitted directly to Stripe without passing through your servers
• Serve payment pages securely using Transport Layer Security (TLS) so that they make use of HTTPS
• Review and validate your account’s PCI compliance regularly

What is the Stripe Dashboard?

Stripe offers extensive documentation (one of the best developer experiences out there in my opinion) and has an API to interact with all of its services. On top of that, Stripe also provides a Dashboard to create accounts and interact with its services. Inside the Dashboard, you can do a lot of things such as:

• Manage payments and refunds
• Respond to disputes
• Monitor your integration
• Filter/Export reports to CSVs

What is the Payment Element?

The Payment Element is an embeddable component (and one of Stripe’s recommended payment integrations) for securely collecting payment details that lets you add up to 40+ payment methods with a single integration. The Payment Element can:

• Automatically adjusts input fields to collect information based on the payment method and country
• Dynamically sort payment methods based on customer’s local and location to optimize conversion
• Reduce friction for card payments with input validation, masking, styling, and error handling
• Adds new payment methods without any front-end changes (from the Dashboard)

The Payment Element contains an iframe that securely sends the payment information to Stripe over an HTTPS connection

What is a Payment Intent?

A Payment Intent can be thought of as something that guides you through the process of collecting a payment from a customer. Stripe recommends using one Payment Intent for each order. A Payment Intent transitions through multiple statuses throughout its lifetime as it interfaces with Stripe.js to perform authentication and create a charge. Stripe uses a Payment Intent object to represent your intent to collect a payment from a customer, tracking charge attempts, and payment stat changes throughout the process.

The Payment Intent Flow:

The lifecycle of a Payment Intent tends to be the following:

1. When a Payment Intent is created, it has a status of requires_payment_method until a payment method is attached
2. (Optional) After the customer provides their payment information, the Payment Intent is ready to be confirmed and has a status of requires_confirmation. In most integrations, this is skipped because payment method information is submitted at the same time the payment is confirmed.
3. If the payment requires additional actions like authenticating ACH through email, the Payment Intent has a status of requires_action
4. While some payment methods like cards can be processed quickly, other types of payment methods can take a few days to process and may have a status of processing
5. From here the Payment Intent can go in two directions: If the Payment Intent succeeds, it will have a status of succeeded, but if the Payment Intent fails, it will have a status of failure before returning to a status of requires_payment_method to restart the whole cycle
6. If a customer cancels a Payment Intent at any point while it is processing or before it succeeds, it will have a status of canceled. This invalidates the Payment Intent for future payment attempts and cannot be undone

What are Setup Intents?

You would use a Setup Intent if you wanted to set up a payment method for future payments. It is very similar to a Payment Intent, but no charge is created. Setup Intents can be useful for businesses that onboard customers and collect their payment information, but don’t want to charge them right away (e.g. a subscription but you start with a free trial).

What are Mandates?

ACH (Account Clearing House — Bank Accounts) Direct Debit rules require that you first get permission from a customer to take payments before you can debit their bank account. To get permission, you need to present a Mandate to them. A Mandate is a notice of authorization to debit a bank account agreed to by a customer prior to the first debit. The Payment Element displays a mandate for you which you can alter when you set it up.

What are Subscriptions?

With Subscriptions, customers make recurring payments for access to a product. They require you to retain more information about your customers than one-time purchases because you need to charge them in the future. Whenever a payment is due for a subscription, Stripe generates an invoice and a Payment Intent. The Payment Intent attaches to the invoice and you can access it from the Invoices and Subscription objects. Just like the regular flow, a Payment Intent tracks the lifecycle of every payment. The state of the Payment Intent affects the state of the invoice and subscription.

What are Stripe Webhooks?

A Stripe Webhook enables Stripe to push real-time notifications to your applications. Stripe uses HTTPS to send these notifications to your app as a JSON payload. You can use these notifications to execute actions in your systems (e.g. send a confirmation email on a successful payment). You can do all this via the Dashboard by identifying the events you want to monitor, setting up endpoints to receive the payload, and processing the notification as you desire.

That’s pretty much all the major points to understand before getting started with Stripe! If you have any questions or want to know more don’t hesitate to drop a comment. Otherwise, much more extensive information can be found in their documentation on their website. Look out for a future article where I’ll explain setting up a simple checkout page using the Payment Element!