@auxbuss - Probably does need checking out!
@wallmari - That's a useful link (bit dry, lacks a main protagonist though!), however I think it does not apply as all donations will go straight to the charity via their payment provider account.
In answer to your questions:
1) Many charities have donation forms - smaller/new ones need something simple, mobile friendly, perhaps allowing them to download the data to make Gift Aid submissions. It might also be good if they could have some idea of MRD (Monthly Recurring Donations!) and ARD (Annual Recurring Donations) or see what %age of their money is raised by Gift Aid. That's the MVP at least. If you've ever donated money via form, in person or online I'm sure you can imagine possible expansions. Some small charities probably already use Stripe via a WordPress plugin or custom page.
Think Google Analytics crossed with one of those SaaS revenue trackers. Give people an easy way to use Direct Debit or card, handle dunning etc.
2) Charge a small %age of their transaction total. They get the donation (with payment provider fees deducted). I charge a small %age on top for hosting the forms and giving them some analytics on who has donated the most/been a long term donor etc.
For reference: most of the providers are charging 4–5% (some even take a percentage of the Gift Aid as well!). Even after they pay the Stripe/DD fees themselves, there's some fair margin in there as far as I can see. Certainly one "well known" donation website that charges to make a profit "to invest in services" seems to be based in central London in some expensive offices. That irks me somewhat.
3) Fraud would be something to be thought about (even if it's just handling Stripe's API so the charity is notfied get an email). Direct Debit is largely secure with ways for people to make contact with the provider if payments are unexpected (I've done a bit more reading up on that).
Yes, that's kind of the angle I'm going at, but without having to do PCI/DSS myself. For the charity:
1) Register for Stripe and/or DD provider.
2) Add webhooks as I tell them.
3) Add API keys on my web service.
5) Profit!!!! (for charity and me)
Whether a charity would be comfortable with parts 1, 2, and 3 is a question I have no answer to.