Ah, so I’m guessing you’re processing transactions on their behalf then?
Hmmm. Obviously some things to consider. No massive show-stoppers just yet to de-rail the idea.
I’m doing some late night reading of the FCA handbook. LOL! Developers, what are we like?!
The FCA are (quite rightly) looking to make sure that client money and operating fees are kept in separate accounts and that there’s clarity when fees are deducted from their money before they withdraw it.
I’m 99% certain I’m okay. My plan is that if they get a £10 donation, that goes straight to their Stripe account, Stripe will only pay them £9.66 after their fees which they deduct. I’ll charge them some nominal fee (e.g. 2%) so that next month they get billed 20p for me hosting the donation page, tracking Gift Aid, tracking referral sources etc. I’ll never have access to their money.
I only plan on using standard Stripe, not Stripe Connect where you can establish accounts on other people’s behalf. Payments are automatic: the API cannot change the bank account details for payouts.
I will have to put a serious warning on my service to tell people not to use the same password for my service as for Stripe!
Thinking about it - there’s not much anyone can do even if they get the API keys, it’s largely designed to accept payments, not pay them out!
I’m sure there’s other things to think about. I’ll definitely get some 3rd party opinions if it gets to the beta stage.