From 1,000 Transactions a Month to 1 million in a Day: Lessons in Credit Card Processing from LivingSocial

I’ll start by showing step by step what happens when a credit card is charged. Then I’ll introduce the different parts of the payment system you need to understand to accept credit cards:

• Merchant Accounts
• Payment Gateways
• PCI Compliance

After covering the high level concepts, I’ll dive into the specifics of accepting credit cards using ActiveMerchant. We’ll walk through (with code):

• a simple example of processing a one time transaction
• how to omit sensitive information from your logs
• processing recurring transactions without storing card information on your servers.

Finally, I’ll talk about real world lessons we’ve learned at LivingSocial while growing from a thousand transactions per month to processing over a million transactions in a single day. I’ll introduce a novel system we built with Braintree Payment Solutions that encrypts card numbers and other sensitive information in the browser and allowed us to build a secure, robust, and highly scalable payment processing infrastructure. This will include detailed code samples of:

• Client Side Encryption of sensitive information using JavaScript
• Queuing requests with Resque.
• Securely handling browsers where JavaScript is disabled.

The client side encryption system that we’ve built is something I think is truly unprecedented. It allows us to offline credit card storage while maintaining the simplified PCI compliance of using Braintree’s Vault and has reduced our average purchase creation request time from almost 3 seconds to under 200ms. Client side encryption further increases customer security as at no point do we have access to the plain text credit card number.