Why Payments Suck

It’s hard to overstate how important user experience is to the success of web and mobile applications. It’s why developers spend countless hours agonizing over small things like button placement, menu color and transition animations.

But that focus on user experience makes the terrible user experience around payments incredibly obvious. While most interactions in the app happen with a few clicks or swipes of a touch screen, as soon as it’s time to check out or link a merchant account, users hit a brick wall. Suddenly there are multiple screens to click through, there are colors and logos that clash with the rest of the app, and there are countless fields of personal information that have to be filled out.

In a world where everything is A/B tested and obsessed over until its perfect, why does that divide exist?

The problem with payments: it’s not just moving money

The reason that the user experience surrounding payments is bad is because of the risk of fraud.

Fraudsters purchase stolen credit and debit cards through a variety of “dark” online marketplaces, and use these stolen cards at online merchants to buy merchandise fraudulently.  When the cardholder sees these charges on their bank statement, they chargeback the transaction, and the merchant is out the money.

Merchants are heavily incentivized to minimize fraud and chargebacks, but here’s the rub: nearly everything they do to catch fraud adds friction to the user experience. This is especially true of the checkout flow — the more information you require to checkout, the better chances you have at detecting and preventing fraud - but it also means that more people will drop out before they complete the process. Fraud mitigation becomes a delicate balance between fraud and conversion, and it’s one that it’s very easy to get wrong.

For marketplaces and other platforms that operate by connecting buyers and sellers, this effect also manifests itself as friction for sellers. If a marketplace, for example, is processing payments on behalf of their sellers, the marketplace is liable for fraud.  Many times, fraudsters will signup on these platforms as both fraudulent merchants & fraudulent buyers and pay themselves with stolen cards, in a scheme known as collusion.  To prevent this, platforms underwrite merchants before letting them sell.  But the more data they collect from sellers for underwriting, the less likely they are to finish signing up. [1]

Another tactic for platforms to reduce fraud exposure is to delay payouts - but this is an exercise fraught with user experience peril.  Hell hath no fury like a user kept from their money.

The solution: Great risk management

The art of balancing user experience with risk mitigation is known in the industry as risk management. It has three pillars:

  • Data collection:  Great risk management means collecting data from sources other than the user. Leveraging alternative data sources like social media profiles and third party data stores can help paint a fuller picture of the user.

  • Decisioning: Good decisioning is like a dolphin safe fishing net. It has a high catch rate (your net catches a lot of tuna) and a low rate of false positives (your net doesn’t inadvertently harm dolphins.) This also means hiring a competent risk team to supplement and train automated decisioning.

  • Controls: The data will never be comprehensive enough and the decisioning will never be precise enough make a perfect call every time, so a good risk management system is designed with intelligent controls on things like transaction size, funds held in reserve, payment timing, etc. This lets platforms process transactions that are in gray areas while still controlling overall exposure to risk.

The costs of risk management

Unfortunately, nothing in the last section is at all easy or cheap to do, and performing great risk management constitutes large upfront and ongoing costs. And even more problematic, it’s a massive distraction from whatever the core function of the application is.  

The realization by many entrepreneurs that building this in-house is too difficult is why there are payment companies like PayPal, WePay and Stripe - and why many developers choose to leverage them as payment providers for their users. Leveraging a partner for payments is a great way to get to market while avoiding a lot of headaches. But while working with a 3rd party payment provider saves a lot of time, money and frustration, it exacts its pound of flesh in the cost to the user experience.

Payment processors are self interested - they’re more interested in reducing their risk exposure than in providing a short signup or checkout experience.  That’s why they typically require a lot of fields you can’t change, tools you must use, and branding for the 3rd party provider so they can reach out to users for risk purposes. This means that the payment experience doesn’t feel like an integrated part of the application.

In today’s market, where sub-par user experiences are unacceptable, this means that many companies bite the bullet and take on risk management themselves (Airbnb and Uber are great examples). They use a payment partner behind the scenes, but they aren't leveraging their risk management capabilities.  In order to do this, they’ve built massive Trust & Safety teams tasked with risk management - a simple search for “Airbnb trust and safety” on LinkedIn gives you a sense of the size of the team required. [2]

WePay Clear

At WePay, we’ve learned a lot about this problem from our customers, and last week we unveiled a product that meets this challenge: a payment system that offers a seamless and white-label user experience while still taking on risk management.  

Because of the unique risk they face, we specifically targeted “Platforms” for this product - online companies that have three parties in a transaction like marketplaces, crowdfunding sites and small business software.  [3]

If you haven’t yet checked out the amazing user experience of Freshbooks Payments - it's worth a look.  Small businesses on Freshbooks can now accept credit card payments by checking a box, and they never have to know what WePay is - even though we're powering it behind the scenes using our risk engine, Veda.

We think that the best payment systems will be the ones that allow platforms and merchants to offer the user experience they want while still being protected from fraudsters who seek to exploit them.  If you are building a 3-party platform business, I encourage to check out our API, read our guide on Platform Payments, or send me an email to see if we can help.  

[1] The conversion impact can be quite large. In our experience, we’ve seen conversion rates increase by as much as 20 percent by delaying data collection to later in the process.

[2] Admittedly, Trust & Safety at a marketplace company has a broader role and purpose than pure risk management, but risk management is their primary function.

[3] We're really excited about platforms and think they're the most exciting segment of e-commerce.  They differ from pure retailers in that they help connect buyers and sellers instead of selling things directly to buyers.

Half a Decade After Demo Day

Later today, Y Combinator will host its demo day for the summer 2014 batch. I know exactly what those founders are feeling, because I was in the exact same position five years ago, when my co-founder and I were part of YC’s 2009 class. 

I remember nervousness and excitement, tempered by the difficulty of delivering a three minute pitch that does justice to many months filled with days where we didn’t stop working until we were literally too exhausted to go on.  Most distinctly, I remember a sense that the fate of WePay hung in the balance. Succeed or fail, it all came down to those three minutes, or so I thought.

I was wrong. What I didn’t realize at the time was that demo day, while incredibly important, wasn’t the end-all be-all of WePay.  I mean, rationally I knew this. But there’s a difference between knowing something and feeling it.  Life after demo day felt as distant as the “real world” felt when I was in college.

The day came and we pitched.  To be honest, I was nervous and it wasn’t my finest work. We really didn’t get a ton of interest, overshadowed by friends’ companies like Bump, Mixpanel and Dailybooth.  In fact, I think only a few meetings came directly out of demo day, and none of them resulted in investment.

But you know what? Life went on. We ended up raising a great seed round, then a Series A, then took the company through a pivot and into a Series B and a Series C.  Demo day was a great launchpad, but as time went on it quickly became one moment in a long list of challenges met and milestones achieved.

With that in mind, I’ll offer a few thoughts to this batch of YC companies:

Rounds live and die by momentum.  

The problem with fundraising is that it's feast or famine: when things are great, they’re really great, but when they suck, they really suck. Realize that this is normal. 

I met with 47 investors before we closed our first round.  This was partially because it was 2009 and nobody wanted to back a financial services company during the “worst recession since the Great Depression”, but mostly it was because that’s just how the game is played. 

One person or pitch can change the entire process instantly. In our case, that person was Eric Dunn, former CTO and CFO and now SVP of Strategic Payments at Intuit.  Eric was willing to suspend the commonly held, pre-Square and pre-Stripe belief that payments were too hard for anyone besides PayPal. Eric introduced us to David Hornik at August Capital, and with them leading the round, we went from broke to oversubscribed in three days.  

I was shocked at how dramatic the shift was.  Investors who wouldn’t call me back showed up at my house, demanding a $500,000 allocation.  It was incredibly vindicating when we closed, raising $1.7 million from Eric, August, Max Levchin, SV Angel and others - and turned down an additional $2 million.

Great fundraisers can navigate the ebbs and flows like a skilled driver utilizing the clutch of a manual transmission on a steep hill. Remember that the dynamic of a round can change very quickly with interest from the right people, but also know that there are times to back off to avoid stalling. [1]

Think beyond your seed round.  

The relationships you are building with investors now will follow you for the rest of your company’s lifecycle, and probably your career.  Invest in them and treat them with care.  

Over-inflating valuation makes the next round much harder.  It can be tempting to minimize dilution in the short-term with a high price, but it can destroy you if growth slows even slightly, or if you require any course correction before the next round like we did. We were fortunate that we raised at a valuation that allowed us to raise another round at a healthy step-up, despite going through a pivot in between. 

Fundraising is incredibly hard, but it’s easy compared to what comes next. 

I remember freaking out in the car with my cofounder after we closed our first round. I was so excited because it felt like the hard part was over. 

But that feeling didn’t last — in fact, there was a very distinct “oh shit” moment that followed, and that I’ve had with every round since. The cause: a sudden mentality shift from selling people on our vision to actually executing on it. 

Coming out of demo day, we were a group payments company — we made it easy for groups to collect money for shared expenses.  As we dug deeper into group payments, we started to come to terms with two fundamental truths: our users were reluctant to pay fees for this type of service, and our users didn’t send money all that often (a few times a year, on average). We saw decent growth, but it didn’t matter: there was a limit to how successful we could be with a customer base that didn’t use us frequently and who didn’t want to pay when they did. [2]

No amount of fundraising prepares you for a realization like that.  But if you’re like most startups, you’ll have to tweak your business model several times before you get it right. It’s normal. So don’t be too discouraged when you find that life after demo day gets harder, not easier. 

Don’t get too high on your own supply.  

Be honest with yourself about the complexities and difficulties of your business. Better to acknowledge difficulties so you can mitigate them than ignore them until it’s too late.

Our willingness to question our vision saved WePay from stubbornly spending its capital down a dead end. As our doubts around group payments continued to grow, we started experimenting with an API that allowed developers to build on top of our payment system.  

We were quite good at building easy payment signup flows for individuals while still mitigating fraud (most payment companies primarily serve businesses).  And so we found great product/market fit with crowdfunding companies like GoFundMe and Fundly, since they too served individuals instead of businesses, and they too wanted to prevent fraud.  Veda, the fraud engine we’d initially built to handle group payments, worked far better for this use case than PayPal’s risk technology did — enabling easier signup, faster payouts and less frozen accounts, while still protecting us and the partner from fraud. [3] [4]

We saw so much traction from our API that we eventually decided to discontinue our other products to focus exclusively on it, and we haven’t looked back.

The caliber and commitment of your team makes a huge difference when things are going sideways. 

Very early stage startups should focus on product, almost exclusively. But a great company is more than just a great product. A great company is the team of people that makes the product vision a reality, especially in the face of inevitable adversity. 

This is most apparent when things are going wrong. A great team bands together when fundraising is tougher than expected, it adapts to changing market conditions and it isn’t afraid to explore new ideas. Building that team is the single most important thing a founder can do post-demo day.

Hiring might seem like a distant concern — you might wish you had the luxury of bringing on more people. That's normal - pre-demo day, the "team” is usually composed of the founders and maybe one or two early employees. Make sure that post-demo day, you’re building a team that can help you weather the storms to come.

Five years later, I’m excited about the market we’re in, the traction we’re seeing, and the team we’ve built.  But that didn’t happen overnight, and we are far from done — it will take many more years of hard work to become the company we ultimately want to be.

So that’s my advice to the founders pitching today. Remember that the things that seem like mountains in the moment will be remembered as molehills in the future.  See demo day for what it is — an incredibly important milestone in your journey. But don't lose sight of the fact that the journey is only beginning.

[1] Paul Graham uses this analogy in his Hackers & Painters essay here: http://www.paulgraham.com/hp.html  I’ve also heard him apply it to fundraising.

[2] Which isn’t to say that person to person payments are a dead end, either. Our friends at Venmo proved that the need for better person to person payments was very real and very compelling, and built an awesome product to serve that use case.  Facing the economic realities of group payments on a standalone basis, they became part of Braintree in 2012 and PayPal in 2013, and have continued to grow a great product.

[3] http://www.nytimes.com/2012/08/02/technology/paypal-antifraud-measures-are-extreme-some-users-say.html?pagewanted=all&_r=0

[4] http://techcrunch.com/2013/05/09/wepay-debuts-veda-an-intelligent-risk-engine-that-leverages-social-media-data-to-prevent-merchant-fraud/

Thanks to Richard Aberman, Slava Akhmechet, Paul Graham, Semil Shah, Katey Sullivan, April Rassa & Jon Xavier for both encouraging me to write and reading my drafts.