Online payment in Nigeria, the quiet session II
As Bankole pointed out, another big problem with the way payment is integrated via the existing local card payment solutions (Interswitch and co) is that recurrent billing is not possible. This is ofcourse because none of the card details is accessible to the client. But that is a discussion already covered. And like I mentioned there, the only way the online payment system can really work in Nigeria is if developers can work directly with the card details through real APIs. Anything outside that won't work. It is that simple.
But honestly, it is not that simple. Technically it is, but think of the chaos that can be unleached when card details fall in wrong hands. In other words, there will always be an argument of security. If security is the only reasonable argument against giving developers access to card details, how can this be solved? And because we are pitching to people who won't accept the PCI compliance BS from us, what are the other ways of tackling this?
There are many random things in my head. They may be faulty (the much I know about these things are just technical parts). However, it's worth putting out these ideas hoping somehow it may work and someone that can make a difference can reason with it.
- What if instead of the existing embedded solution, switches provide real APIs with Oauth authentication. This way, clients will interact with tokens instead of directly with user card details. Users can consequently revoke token access for client apps. Through the API, clients can process payments and have all the freedom. This way, if a client is compromised, users' card details are secured.
- What if we have an entirely seperate debit card for online payments, provided at every bank. It may be provided by a new or an existing switch. (Who remembers GloFirst and MTN Xchange?). The card won't be directly linked to the user account. It will have a different account extension and users can transfer funds from their main account to and from it or even pay directly to it. My GTB dollar credit debit card works this way. If the card detail is compromised, there is little to worry about.
Like I said, these are just random ramblings in my head. We can't deny that payment is a very important part of every startup and developers need better ways to relate with the local solutions.