How do I integrate cryptocurrency payment handling into my website 24 Aug 2023

An introduction to Info Rhino and our software

We are a data oriented software solutions development provider. We build bespoke solutions for customers and build our own platforms for different business verticals. This article discusses how we set about creating a payment handling process using cryptocurrencies within our web data platform to ensure that we minimise risk to the payment handling process.

Our software is operational. If you would like this implemented for you - get in touch with info rhino at www.inforhino.co.uk/contact

Our objective is to offer payment handling resilience for companies concerned about their payment providers ability to guarantee payments. Our solution uses proprietary software and we develop custom components as the solution requires. The important attention is on the mechanisms to ensure businesses can receive capital flows whilst operating their business.

Abstract - understanding what is involved in taking payments online

Our software is operational and if you would like this implemented for you - get in touch with info rhino at www.inforhino.co.uk/contact

Anti-fragile businesses

Those that keep abreast of developments in the regulation of financial markets and regulations for businesses operating online whether at the national, supranational, or global marketplace, we are seeing many threats to businesses by regulatory changes. Legitimate businesses should be in a position to operate in a fairly censorship resistant manner without fear of harm to their business from actors.

For those that are not software engineers, most will do a web search and find significant online payment providers offering to integrate their services into your website. What they fail to mention is that there are many steps involved in handling online payments. The complexity of implementing any payment provider means that there is much more work needed than is often portrayed on websites offering these services. There can be a need for significant development expertise that isn't just adding a plugin or shopping cart website platform.

Traditional cash payments - Fiat based payment handling Conventional cash payments

Merchant bank payment handling

Companies that are well established with a good reputation are able to use their current business banking payment gateway to accept payments from credit cards and debit cards. They typically add checks to avoid fraud and services to give vendors access to extra services to help with account management.

Payment gateway wrapper around merchant bank payment handling

Intermediate payment gateway handlers act as a layer between the customer's bank account and the vendor's bank account. Payment gateways charge a slightly higher fee than merchant bank payment providers That is passed on to the vendor.

Cryptocurrency payment handling - Digital payment handling for exchange of value being settled on a blockchain

Famous crypto currencies such as Bitcoin, LiteCoin, Cardano, and Ethereum, use a mechanism to journal entries and write them to the ledger. Blockchains use a consensus algorithm to verify with whether a journal entry is valid. An advantage of blockchains is that most of them have publicly available ledger history that is immutable and therefore non-corruptible.

The key advantage of accepting cryptocurrency payments is that they are far more secure than online payments using fiat.

The key disadvantage of cryptocurrency payments is that there can be a lag whilst the payment is confirmed by the blockchain. A moot point to consider is that in reality digital payments can take days to settle via conventional fiat banking but from a user-experience perspective, there is a lag with many blockchains. There are new ways for payment handling to be settled faster on the blockchain.

Specific blockchain currency payment handling

Each blockchain may support one or more tokens and these transactions are available on a ledger and blockchains provide additional technology to monitor them to post and retrieve journal entries (payments). A customer buying a service will send a set amount of currency to the vendor's blockchain address and the vendor will monitor that blockchain, once the payment is verified they vendor will verify that the payment has been made and deliver the services to the customer.

Cryptocurrency payment provider gateway

Writing additional code to monitor a blockchain is quite an involved process, payment providers using economies of scale can monitor blockchains without incurring penalties smaller enterprises do verifying payments on the blockchain.

Pros and cons to accepting payments online

Fiat based payment handling

Cons

• Payment handlers can impose severe penalties through chargebacks
• Merchant accounts can be quite inflexible in terms of onboarding new customers and set strict rules
• The vendor tends to be the one that is out of pocket whenever fraud occurs
• Money isn't decentralised

Pros

• Native fiat currency unlikely to suffer currency volatility
• Transactions are on the same bank account
• Assistance with fraudulent charges
• Easier to handle in your native currency for most

Cryptocurrency based payment handling

Cons

• Payment handlers can impose severe penalties through chargebacks
• Harder to implement refunds
• When the underlying product is physical extreme cryptocurrency price volatility can be a disaster when buying goods and raw materials
• Payments on blockchains where the transactions are public can be subject to censorship of payments where they are associated with crime

Pros

• Better custody of your own capital, whilst most businesses aren't looking to beat the bank, being in control of your own capital is a powerful way to help some businesses survive regulation
• Virtually no risk of fraud. Customers never share their private keys and thus make payments purely from their wallets to your blockchain address
• Better traceability of payments on many blockchains, customers can trace their payments and liaise with vendors if needed - no middle men
• Perfect for accepting payments for digital services where payments all relatively low
• Reliable
• Smart contract ready, many blockchains provide smart contracts where capital can be moved around automatically - rarely possible with conventional fiat bank accounts

Proposal for handling cryptocurrency payments online

What has not been considered yet is the sheer complexity of handling payments and protecting your businesses from fraud when taking payments online in exchange for goods and services. We are not just referring to the risk from fraud by people taking payment details and fraudulently gaining access to private keys and credit cards. Instead we are seeking to ensure a business can reliably handle payments and minimise the risk for payment providers removing your services from their business.

We do not wish to comment on any specific payment provider, but we do see many scenarios where access to accounts can be pulled by payment providers including within the blockchain space. Our goal is to sacrifice some of the convenience of hooking our technology into just one single payment provider and to make it possible to quickly switch to a different approach with our payment architecture remaining relatively unscathed.

In our case example, we are piloting using a single cryptocurrency payment provider. After extensive review of both fiat based and cryptocurrency based payment providers we determined that the best option for us right now is to use a blockchain cryptocurrency payment provider. We have also written our own prototypes to monitor blockchains for payments, and would be comfortable making this production ready for ourselves and customers.

After considerable research we feel that the current version of the Coinbase commerce API Meets our needs at this moment in time. Despite the platform looking like it will do what we need we want to make sure that any of our software architecture is insulated from risks associated with choosing any payment provider. To insulate a solution architecture we are building our platform in as an agnostic manner as possible. We have sought to only code specific checks on payment related data exchange with Coinbase in an isolated application that sits off of our web solution architecture. This introduces some interesting possibilities, the main one being that we could start to add additional payment verifiers with completely different types of payment handling but still issues token of value to our website. We could potentially provide promotional quasi payment verifiers to add tokens to accounts based upon completely non-monetary exchanges.

Our website has content - mainly reports which users can consume. Our specific use case is that we maintain a balance of credits for access to content, produced each time the user requests them. In terms of separating responsibility the website simply needs to concern itself with the following;

• Accepting payments from customers
• Accepting payment notifications from payment providers
• Saving this information in a secure fashion to be made available to other payment monitoring services
• Receiving notification of successful purchases
• Securing access to chargeable content on the website platform
• Passing access requests to content to the Account Balance

The number of functions that needs to be provided by the website may seem quite large but by separating out much of the coordination of payment handling from the website technology the website is more geared around accepting payment provider confirmations and limiting access to reports that users have not paid for. In terms of fraud the worst thing that could happen is that somebody gained access to the account balance database and allocated high balances to user accounts. That much of this information is stored offline/offsite and will also be on blockchain this makes it a little easier to recover this information. Furthermore, we don't need to concern ourselves too much in terms of e-mail addresses and recommend our users use e-mail accounts that are relatively anonymous.

Our specific business model is that users pay for access to content for a set time. We are not charging a relatively low cost per sale and thus any fraud will only involve small amounts of money per user.

Introducing a new solution for integrating cryptocurrency payments into your website

The following section will include two diagrams demonstrating the process flow both payment handling architecture. The simple diagram is still quite involved and this is simply a function of payment processing involving many different stages. This section will try to explain how the software architecture works for providing anti-fragile payment processing.

Please do not be overwhelmed by the number of processes and data stores involved in this process. When designing anti-fragile systems we are faced with two definite choices;

1. Tightly coupled the solution locking it into specific solution providers making it inflexible but slightly easier to build in the short term and harder to maintain in the long term
2. Build a solution ecosystem that is more responsive to changing variables and offering interchangeability of components to make the solution more resilient and therefore anti-fragile

Well you know that at info rhino this is exactly what we look to do, build anti-fragile systems that are flexible and allow for external and independent verification to decouple solutions to make them much more resilient.

User paying for access to online content - simple version

We have four processes;

• The website accepting the users payment
• The payment provider supplying payment statuses
• The payment verifier confirming that the payment has been made successfully and posting that to the account balance if successful
• The website checking the users balance and providing access to premium content if in balance

We may say - "What is remarkable about this?" In the context of a website data platform, the remarkable feature is that there is no building in of logic specific to any payment provider within our web data platform. Furthermore the verification process could be run from anywhere and is therefore extremely secure. The website accepts messages from the payment provider and automatically encrypts them storing them for consumption by the payment verification process. The real win is that we do not need to make any changes to the website technology if the payment provider changes the format or content of their notifications. Furthermore, we do not need to accept payment notifications to our website from our payment provider, we could Instead create a payment provider payment status verifier that checks their API. This has the benefits of adding extra flexibility and adding resilience in the event that any mechanism or process goes down.

Users paying for access to online content comprehensive workflow example

In this example we explain how different processes take responsibility for performing specific actions. When looking at this diagram it is important to observe the two purple processes; the timed retriever and the time checker. By us making these a timed base process we have reduced coupling and therefore eliminated a highly linear process workflow. In simple speak - this means we have now created a much more flexible process and reduced critical dependencies. This is important to allow us to scale out the processing of this payment processing architecture.

This current model may incur a certain amount of latency, we have the blockchain payment which takes time to confirm and we have the additional processes running to verify and move information to the right locations. In a blockchain environment where users are paying access to resources for a set period of time this is more than reasonable and we would expect our users to always be ahead of any potential delays to their service requirements.

We have eight main processes;

• Payment API - this could be our API or more likely a third party API. The important point is that payment status notifications are pushed to our callback end point. This endpoint does not need to sit on our website but does at the moment.
• Callback controller - playlist for endpoint that accepts notifications and will automatically encrypt these to a store to be made available for consumption.
• Timed retriever - an offline process ones that regularly cheques for new payment notifications pulling means down to a local encrypted store. It is important to note that we could run multiple time to achievers in a distributed fashion.
• Timed checker - an offline process runs independently of the timed retriever and is responsible for decrypting the payment messages and passing them to the payment validator. We could have created a dependency between the times retriever and time checker but felt allowing him to run independently gives them more autonomy.
• Payment validator - this could be an online or offline restful endpoint microservice that contains logic to verify the payment and submit a message in a format that the website can interpret and pass to the account balance store. This is transmitted not only securely via HTTPS but also in an encrypted format that is tamper proof. This pretty much eliminates spoofing of fake verification messages.
• Success controller - accepts and decrypts the payments verification message and passes this to the account balance.
• User Content Access - This is responsible for verifying the account balance and decreasing that account balance per access request.

Questions and Answers

How can I implement blockchain based cryptocurrency payment handling into our business?

A second question may be - "How can we integrate your solution into our platform, we have an existing website and are looking for ways to integrate cryptocurrency payment handling within our website?"

It is important to realise that we may not be able to build the website components in your specific website technology if it sits outside C#/.Net/dotnetcore/VB/Visual Basic. The main reason is that this is largely an architectural implementation that developers expert within your website technology can implement. The focus of where we put our efforts is more to do with how the data is maintained, preserved, protected, and derived. Our consultancy would focus on which specific process is we would take responsibility for developing and implementing versus the processes which would be either sourced and provided by third parties or developed by yourselves.

As a potential customer the first thing you can do is reached out to us at solutions@inforhino.co.uk.

Couldn't this all be done on-chain and avoid so many independent processes running across different architectures?

When implementing our solution we looked at various blockchains with their smart contract technologies and they are more than capable or performing many of the processes for implementing the solution we have developed. We would not want to start going down the route of verifying payment providers messages which are likely to change over time on an immutable blockchain. If there was an agreeable protocol which was common for spot chains then this definitely becomes a real mechanism for implementing an on-chain solution.

Is this a "Beat the banks" solution?

Our opinion on cryptocurrency evolves overtime. We are heavily invested in the fiat based monetary system with a deep understanding of financial markets due to significant time spent implementing solutions for multiple financial institutions. To answer this question is not a simple "yes or no", indeed there are many directions that cryptocurrency versus conventional investment banking and indeed retail banking, can take.

Rather than think about this in terms of cryptocurrency versus banks, think of this in terms of allowing a business to take payments that can be held outside of the system to add extra resilience to their operations. Extrinsically, all systems for exchanging value are just systems for exchanging value. What is important is that legitimate businesses should be able to exchange that value as freely as possible.

Our solution is therefore nothing to do with beating the banks, it is about ensuring that businesses can accept value in exchange providing their services where there may be some potential risk to the mechanisms by which conventional payment providers could interrupt their operations.

Is your solution just for cryptocurrency payment handling or can it be used for payment gateways?

The main reason we added this extra technology into platform architecture is to allow us to decide whether or not to use crypto currencies when accepting payments for delivering online services to our customers. Indeed, our suspicion is that we will add online payment handling for fiat payment providers as the diversity of our services grows.

As in our answer with regards to "Beat the banks" we are open to handling payments from any mechanism. It is all about choosing the right tool for the job.

What is the problem you are attempting to solve by providing a cryptocurrency payment layer on your website platform?

When we think about the above question, we are not really thinking in terms of cryptocurrency at all. The focus instead is on providing the architecture that can handle any type of payment and allow for us to switch to a different payment provider within relative ease. We're delegating responsibility to either the blockchain or Fiat and cryptocurrency based payment providers.

Is your solution on top of the conventional payment handling infrastructure provided by the retail banking sector necessary?

We have to recognise that money is effectively digitalized already with payment exchange tightly controlled to the point that in many situations entities trying to start something are prohibited because of regulations and restrictions. In many ways we are offering a portal search permits organisations too have some degree of flexibility in accepting value in exchange for their services.

Is that you have to build the solutions and architecture to make it possible for companies and organisations to operate relatively freely outside of the fiat based money system prohibitive to your solution working for those entities due to costs?

It is indeed the case that small businesses may not be able to take advantage of the services we are providing. However many businesses would benefit by adding our solution to their platform to add resilience to their payment handling.

It is worth reiterating we are not trying to replace the fiat based monetary system, instead the focus is on providing a buffer and level of protection to organisations trying to retain their ability to accept payments when providing value to the customers.

Is that the entirety of the solution you are providing?

Not in the slightest, indeed we think there are deployments for more processes depending upon the type of payment handling required by a client. That our solutions are decoupled means that many of our customers may have different use cases. The important fact is that we can cut through the complexity of handling online payments for customers.

I see that many online payment providers are asking for us to join a wait list to access their payment handling capabilities, is this similar with you as a consultancy? Are you considering adding a subscription based, cloud model for your services?

Whilst architecturally the individual processes are quite straightforward, what will become a challenge are the number of different payment status data structures that are provided by third parties. For this reason we see it more that specific customers will use our services that we will develop for them on a proprietary basis.

In you opinion, what type of services are a good fit for using cryptocurrency payment handling?

Any product that is not tightly coupled to material costs or could suffer refund requirements. Whilst this is outside of their area of expertise and very relevant in terms of commercial law and consumer protection, goods that can be consumed digitally are less affected by immediate currency price volatility. There are of course cryptocurrency payment providers that settle immediately to try and maintain a balance of fiat to mitigate cryptocurrency volatility.

Why should I accept payments in cryptocurrency?

There are many reasons, many have been discussed within this article. We think that the main reason you accept payments in cryptocurrency is to protect your customers by avoiding involving third parties to process their payments.

Done properly, taking cryptocurrency payments allows you to see these transactions on a blockchain and not be tide to a specific merchant bank.

Remember that in almost all circumstance,s accepting cryptocurrency is not a replacement for merchant banks but a mechanism to accept value in exchange for provision of services whilst your business finds the right payment processing model. This can be a great way to get off the ground without having to go through many of the hoops that small businesses encounter when starting up.

Is cryptocurrency payment solutions better for accepting donations , for example there are examples of crowdfunding websites withholding payments for political movements and/or Politically Exposed Person(s)?

This is definitely a contentious subject to consider. What we would say is that many of the online payment handling platforms that exist are subject to acting on behalf of agents that may not be operating contrary to your ideals. Again rather than thinking in terms of beating the banks, beating the system, our thoughts are more in terms of being able to distribute capital to your enterprise. For example you may be excepting donations to build a website that helps people in under privileged areas. Many developers may accept cryptocurrency and you would be able to pay them from the proceeds of the donations received by your enterprise.

Could your cryptocurrency payment handler be used for truly nefarious purposes involving anti money laundering, crime, and other terrible uses?

Would we spend time building a solution full an enterprise that seemed truly immortal and not acting in the interests of the individual? This question does not even need to be answered because we are focused on delivering solutions of resilience to organisations acting ethically. Given that the number of customers requiring these types of services would be relatively small, we don't see there being a huge proliferation in the introduction of nefarious parties using our services.

Could your services being offered grow to such a scale that you cannot meet the demands of your customers?

We see it that many businesses should be using a service such that we are offering. What is service businesses may prefer to divest their services by accepting cryptocurrency payments Services despite accepting Fiat for physical goods and services.

Is your payment processor technology a pathway to censorship resistance?

Censorship resistance is the ability for information to pass freely without interference from third parties. A simple example would be a WhatsApp account where the message layer is encrypted point to point. Does most people use WhatsApp for nefarious purposes? The answer is most definitely not. In terms of payment handling, censorship resistance is the ability for payments to be processed without banks and government agencies stopping those payments happening.

If an entity wants to exchange value with another entity electronically in a censorship resistant manner, the best mechanism would be to both use a blockchain that anonymized the transactions. The more layers involved, the more opportunity there is for agencies to interfere and seize assets or very appropriate capital. It is worth highlighting that blockchains hwere the Ledger is open such as Bitcoin are not truly anonymous and for that reason larger entities can identify transactions and potentially categorise those addresses as being marked for none acceptance for payments. Without mentioning specific companies large trading exchanges may identify certain settlements of cryptocurrency as having come from illegal activities and therefore block that value exiting their wallet. There are private block chains which would negate the need for this to occur.

In the context of our software solution we are therefore focused more on the ability for websites to protect themselves from rug pulling or services that no longer meet their needs. For example a company can be operating legitimately but a financial institution may decide they no longer want to provide services to that organisation. Another example may be that these institutions are simply discontinuing certain services. In a situation where services are no longer provided by a payment processor the service provider must be able to keep there online services available as relatively easily as possible. The Info Rhino payment processing solution is to is to not put payment processor code into the website application or application and delegate the decision making elsewhere so that if we need to then move to a different mechanism we can simply change the payment validator. To that end we would need to right specific functionality to handle knew payment processes but it would minimise disruption to the website itself.

Exchanging value privately on a blockchain between two individuals is never going to scale in the same way as a business wanting to provide digital services where they may have relatively high numbers of users wanting to pay for their services. Payments linked to the services being provided must be automated.

Our thoughts are that our solution does support censorship resistance but that objective is not the real service. Our objective is simply to offer a buffer service for companies wishing to have a little bit more resilience with regards to accepting payments.

We have to be mindful not to discuss specific companies or cases. To a company knowledgeable in the blockchain space and thinking in terms of the fiat based financial system, many organisations have been naïve in how they decided to try and accept capital.

It should be remembered that censorship resistance is not simply offered by the blockchain. By having more than one payment provider accepting cash on your platform, you do de-risk your business.

How do I find a technology company that can build crypto currency related payment gateways

The real challenge is finding companies to build solutions in anti fragile manner. An important facet of payment processing is the volume of information that can be created. You want a company that has expertise in working in financial institutions in addition to building large data solutions that can scale.

Another recommendation is not to put all of your energy into one single company unless they build the solution in a modular consistent fashion. For example whilst we use our crypto currency solution within web data platform the principles are such that we could use a different set of web services and infrastructure to manage the payment process.

Exchanging value with Cross Border (xborder) for both B2C and B2B

An important feature of cryptocurrency is its permissionless nature, making it perfect for xborder payments when playing for digital services and content. In a world where companies and individuals are accountable for paying the appropriate tax to their jurisdictions passing value in a currency which it's far easier to settle and is more secure make sense for businesses.

In B2C solutions, accepting cryptocurrency from individuals paying for online services can simplify the process with regards to chargebacks and refunds. Businesses will still be subject to consumer protection laws but it can be a lot easier to simply handle payments to digital wallets and cryptocurrency wallets.

With peer-to peer payments, most can be transacted on an individual basis through cryptocurrency wallets.

Do I need to pay attention to AGI/LLM with regards to newer AI based technology when thinking about payment processing?

For those that aren't aware , technologies such as open AI/ChatGPT are a large language model for Artificial General Intelligence that interprets different bodies of text to respond to questions and provide answers. We have gone from thinking that ChatGPT as an interesting diversion to realising that it can help speed up the development of systems and integration of information between systems. For this reason we recommend that individuals and organisations thinking about implementing payment processing architecture capabilities, should ensure that whomever they engage has a good understanding of working with large language models to help build solutions. This is because it can speed up development and give more feedback to the client.

An example is where we have built several blockchain validators which are currently not in use, but we could productionise to replace using intermediate payment processors. The key point being we prototyped this using ChatGPT to help tease out our proof of concept.

We need forward looking technology development companies that embrace change.

Summary on our introductory service for handling payments online using crypto currencies and/or normal merchant bank solutions

So much ground has been covered in this article. Our hope is that it has given you many different ways to think about accepting payments online and when investigating payment providers for your business. The focus is on ensuring your business can accept payments due to unforeseen risks. This solution will not be for all businesses but we say this need increasing as regulations advance.

This solution works perfectly well with traditional merchant bank payment providers and intermediate payment gateways.

Our hope is that you enjoyed this article, feel free to reach out at solutions@inforhino.co.uk or complete our contact form - www.inforhino.co.uk/contact

Written with StackEdit.