[Asterisk-biz] Opportunities for good billing solutions

[snacktime]

Well it appears that I wasn't the only one thinking about this:) 
Which is good because I do not have the time or desire to do a project
like this all by myself anyways.

Right now the software pieces I have is the credit card processing
engine.  It's written in python using the twisted event driven
framework and postgresql as the backend database.  Being event driven
it's very easy on resources.  Pushing 100 tps takes about 1% cpu if
that. It's modular so you can plug in additional payment networks.  At
the moment I have a working module for Vital.  Paymentech and
Firstdata are next on the list.  I still need to get Vital certified,
but that's just a formality pretty much since I've certified with them
half a dozen times already on other projects.

IMO the coding isn't the biggest challenge.  It's getting a good team
together to get something like this started.  IMO you also need a
fairly conservative development structure.  Something like how Freebsd
structures things.  Only core developers get to approve anything that
goes into the codebase, and only after review and extensive testing.  
Having your recurring billing go wild and overcharging half of your
customer base, or the same batch getting settled 3 times in one hour
isn't something you want to happen.   I would much rather see a solid
base system without all the bells and whistles being released first,
and then going from there.

Off the top of my head, I would think that a complete, basic system
would need the following:

1. credit card/ach processing engine
2. recurring billing engine
3. administrative interface for customer management/reporting
4. customer interface for viewing bills,cancelling services, etc..
5. interfaces to * to collect whatever data is needed for all of the above

Another route might be to start with 1,2, and 5, and let merchants
design their own frontends for now.  Then once the basics are solid
add on from there.


Also, a couple of other items that might make this a bit more
complicated than most open source projects...
 
First, most of the processing networks make you sign an agreement to
develop software around their api.  Most of the agreements prohibit
distribution of the source code that implements their api, which
basically comes down to the message formats.   What I'm hoping is that
Vital will let us give full access to any developer that is willing to
sign the agreement, without that developer having to become a vital
partner (which costs $150).

Worst case, some of the code is only distributed in binary format, but
is still free.  My main concern is having as much peer review as
possible.  No one outside of the core developers will be changing any
of the processor specific code because it's just not something you
would ever want or need to do.  In addition those types of changes
require recertification anyways.

Secondly, the new Visa/Mastercard security programs (CISP/SDP) have
some restrictions on handling credit card data.  If you are a third
party payment processor such as verisign/authorizenet/paypal or a
large merchant you have to go through a full audit done by one of the
approved auditors on their list.  The average price is $30,000 or so,
although I just recently had one done for $5,000.  Since the auditing
companies know they are one out of 30 or so that are approved to do
the audit, they stick it to you.  They charge you a ton of money and
then bring in a bunch of people to make it look like they are actually
doing something.  IMO the whole thing is more about control than
security, but I'll leave that for another discussion...

Most merchants can just have a quarterly security scan done though and
be done with it.  I believe you can get by without an audit if you
process under 2 million per year, but I don't remember off the top of
my head.
 
Well my brain is getting tired at this point....  I have some more
questions but I'll come at it again tommorrow.

Chris