PW Interview: Michael Schonfeld of Dwolla API on Innovation Meeting the Payment Web

Dwolla is an extremely innovative Payment API and the site allows you to transfer money with one of the least payment charges. We have covered Dwolla before here. Here is an interview with Michael Schonfeld, Developer Evangelist of Dwolla API.

Ajay- Describe the Dwolla API's success and acceptance among developers.

Michael- Moving money has always been hard. And while Stripe has been amazing job at simplifying the job for developers in terms of accepting credit/debit cards, there is still a giant entry barrier to charging bank accounts. Even with cards, developers still need to concern themselves with security issues (such as traffic sniffing, etc). I think the success of Dwolla's API stems from 2 major factors: its simplicity, and the fact that developers can enjoy an OAuth-based approach to payments - which is something that has never before been tried.

Ajay- What are some of the usage and volume stats that you can share about Dwolla API.

Michael- In all honesty, we've seen moderate and consistent growth across the board, and we've hit our internal goals month over month, but we're not big on releasing specific numbers. My apologies...

Ajay- What is your pricing strategy for enhancing usage of Dwolla API. What are some of the ways you are trying to encourage developers to use your API more including language support.

Michael- A major feature we've been seeing a lot of usage from is our "Facilitator Fee". This feature allows developers to facilitate money transfers between 2 parties, while taking a cut from the transaction for themselves. Not only does the developer not have to worry about the responsibility of holding the money, but they also avoid the hassle of being considered the "merchant of record" on those type of transactions. This has been a big incentive in terms of developer adoption.

Additionally, our super straight-foward pricing schedule makes sure that developers (and consumers alike) always know what they'll be paying. $0.25 for transactions over $10. That's it. A major pain-point for developers has always been the fact that you never truly know what you'll end up paying (*cough* Paypal) until the transaction goes through. Removing the mystery behind fees has gotten us a ton of support.

But above all, I think that our free micro-transactions (anything under $10 is completely free to move) policy has attracted a lot of developers. Think about it -- as an app developer, or a musician, or anyone who routinely transacts under $10, the fees (Paypal: 15% + 5c, Apple: up to 30%, etc) that are associated with those are huge. Buying a $0.99 app and having 100% of it go to the developer makes a huge impact on the bottom line.

Ajay-Fraud is a constant concern in Payment APIs. What are some of the anti-fraud safety mechanisms that ensure peace of mind to developers using the Dwolla API?

Michael- Fraud sucks. Hands-down, it's the single biggest problem any financial institute/service encounters. Luckily, we have some smart people manning our compliance + fraud department. Our approach has always been to strip away as much responsibility from the developer and, by introducing an OAuth approach to payments (rather than the traditional card's 16-digit ID), we've been able to mitigate the time-suck and liability developers usually have to deal with. This means developers need only to store a temporary, easily-revokable and easily-reissuable OAuth token.

Ajay-What are some of your plans and future product road map for Dwolla API.

Michael- We're actively working on exposing every feature from the web interface to our API, but we need to do it in a way that is safe and reliable an honestly that can take time. In the future, I see developers being able to interact with Dwolla and user accounts 100% from the API. Safely exposing such features will enable a more transparent and seamless experience for consumers. A more robust Sandbox environment is on its way, as well :)

Ajay- What measures have you made sure to withstand another round of DDOS attacks on your website or APIs. In this age and era, can any website startup truly afford to have impregnable DDOS defences?

Michael-We've definitely been a victim of a massive DDoS attack between Mar 26, and Mar 29. The good news is, that we are certain that no user information was compromised. That's good news. That said, DDoS is a very tricky subject. But, because we're using our own private servers, we have a few advantages over the standard shared-hosting/VPS solutions. Unfortunately (seriously, I wish I could), I can't go into too much detail about the measures we've implemented for combating these in the future. Obviously, as with all DDoS attacks, no one can guarantee complete protection -- there's just no such thing, and that is especially true for API servers (as opposed to GUI interfaces), mostly due to the lack of human interaction in the process. Bottom line: Although no startup can guarantee complete availability during DDoS attacks, we feel confident in the measures we took, and remain vigilant in the future.

The payment enabled web? Just another (Dwolla) API call away!

Be sure to read the next Best Practices article: PW Interview: Jeh Daruwala CEO Yactraq API, Behavorial Targeting for videos