Spreedly Core - API powered payments w/o burden of PCI compliance

I heard about this from the team a few weeks ago, and am excited to take it for a test drive with BCC sometime after my development schedule gets less nuts.<p>Basically, instead of doing the traditional "send people off to Paypal to pay" routine, you have a form on your site which posts to a Spreedly server. Spreedly then redirects the user to you. You validate the token (similar to catching someone from an OpenID provider) and, if successful, do whatever was required to effect your purchase.<p>From the user's experience, it sure <i>looks</i> like they were on your site the entire time, but their payment details only ever touch Spreedly's servers. You interface with Spreedly on the backend to do any sort of charging logic that you want -- subscriptions, one-off charges, weird business logic specific to your application, whatever. (This is the main value add over the regular Spreedly subscriptions thing, which works very well if your subscriptions work exactly like Spreedly subscriptions and, apparently, less well otherwise.)<p>Since the data never touches your servers, you never need to go through PCI compliance work.<p>The big win I perceive for my business is that my checkout forms will only ask for name, credit card number, and CCV, hopefully increasing conversions versus Google Checkout / Paypal.

Spreedly CEO here...<p>So, we weren't quite ready to land on the front page of HN, but mission accomplished - we now have a whole list of smart people to invite into the beta, so thanks to bradleyjoyce for giving us that nudge.<p>I'm going to work through the questions that have come up in the discussion - good prep for the FAQ page I need to write - but feel free to email me directly if you have any other questions or just want to chat about Core (my email address is in my profile).

I'm very excited that someone's finally doing this. They have the two key parts down that nobody else seems to offer for small/medium businesses:<p>- A PCIDSS compliant payment information store that's above the level of the payment gateway. The big win is that if you decide to switch gateways (or are forced to switch gateways, because you switched merchant account providers and can't always just relink your gateway to a different bank), you can still keep charging recurring payments to your customers without asking them for their payment info again.<p>- You can take the info with you if you decide, for some reason, to stop using Spreedly Core. And I trust they actually have the process in place for doing so, because it's coming from the Spreedly guys that have been doing this for a while already, not someone new.

Your copy needs work. Most importantly, you need to state what Spreedly Core is before the vague marketing gobbet. Even,<p>"Spreedly Core is &#60;5-10 word description&#62;. // With Spreedly Core you can focus on who you want to charge when, and we'll take care of the rest. [...]"

I've never done consumer facing payments so I don't quite understand what are they selling here.<p>Why not use Paypal directly for example (since that's one of the gateways they support)?<p>My question might sound silly but in B2B you just use wire transfers. So, I don't see the need to stack up too many layers for payments when each layer wants some money for the service they provide.<p>Is their main feature the fact you could switch gateways -- ie. they are selling an API wrapper?

For german users a similar service is offered by 1&#38;1 (iPayment, with "silent CGI"-mode). The form on the site is sent to the ipayement servers and those verify the transaction data, call a URL on your servers with the unique transaction token and success/error message, and only redirect the user back to your site after the callback is finished. Works pretty well, the credit card data never touches your server but the user doesn't notice that he left your site.

This is awesome! I've been waiting for this for a while. Now I don't need to route through PayPal or any other nonsense. Nice and easy, just the way it should be.

How would this work for things like 3-D Secure where you need to be redirected to the card issuer's website ?

Could we get some indication of what gateways are supported during the beta?

I want this so much.<p>That sounds amazing if true, however the design is not trust inspiring.