• Engine Yard
  • LivingSocial
  • VMware
  • Heroku
  • Rackspace Hosting
  • Blue Box Group
  • JetBrains
  • New Relic
  • Percona
  • Pivotal Labs
  • Rails Dog
  • WyeWorks
  • Chargify

Sponsorship Opportunities

For information on exhibition and sponsorship opportunities at RailsConf, contact Yvonne Romaine at yromaine@oreilly.com.

Download the RailsConf Sponsor/Exhibitor Prospectus

Contact Us

View a complete list of RailsConf contacts.

From 1,000 Transactions a Month to 1 million in a Day: Lessons in Credit Card Processing from LivingSocial

Patrick Joyce (LivingSocial)
General
Location: Ballroom III
Average rating: ***..
(3.25, 28 ratings)

I’ll start by showing step by step what happens when a credit card is charged. Then I’ll introduce the different parts of the payment system you need to understand to accept credit cards:

  • Merchant Accounts
  • Payment Gateways
  • PCI Compliance

After covering the high level concepts, I’ll dive into the specifics of accepting credit cards using ActiveMerchant. We’ll walk through (with code):

  • a simple example of processing a one time transaction
  • how to omit sensitive information from your logs
  • processing recurring transactions without storing card information on your servers.

Finally, I’ll talk about real world lessons we’ve learned at LivingSocial while growing from a thousand transactions per month to processing over a million transactions in a single day. I’ll introduce a novel system we built with Braintree Payment Solutions that encrypts card numbers and other sensitive information in the browser and allowed us to build a secure, robust, and highly scalable payment processing infrastructure. This will include detailed code samples of:

  • Client Side Encryption of sensitive information using JavaScript
  • Queuing requests with Resque.
  • Securely handling browsers where JavaScript is disabled.

The client side encryption system that we’ve built is something I think is truly unprecedented. It allows us to offline credit card storage while maintaining the simplified PCI compliance of using Braintree’s Vault and has reduced our average purchase creation request time from almost 3 seconds to under 200ms. Client side encryption further increases customer security as at no point do we have access to the plain text credit card number.

Patrick Joyce

LivingSocial

Patrick Joyce is a Software Engineer at LivingSocial where he is responsible for a billing system that has processed hundreds of millions of dollars in credit card transactions. He has worked with credit cards in Ruby since 2007 and contributed the Authorize.net ARB (Automated Recurring Billing) and CIM (Customer Information Manager) gateways to ActiveMerchant. He fell in love with Ruby and Rails in 2005 and hasn’t looked back.

Comments on this page are now closed.

Comments

Picture of Shirley  Bailes
05/18/2011 11:41am EDT

@Louis: They are available via the link above now.

Louis Leung
05/18/2011 11:21am EDT

Hey Patrick,

Great presentation. Can you put up the slides of the presentation?

Thanks.