9

Obviously I'd love to use a credit card vault to store cards. But our business model doesn't allow for this.

For example: our clients are corporations, they create accounts in our software. Each account has its own set of users. They want to charge their user's credit card through their own gateway. On the other hand, we service their users as well. So we will need to charge their cards through our own gateway (which is different).

That said, we both need to charge the same card on different gateways. Not to mention it is possible that our client's gateway won't have a credit card vault. So this makes using a traditional credit card vault impossible.

The only feasible solution, as far as we can tell, is to store the card in our own database. I'd like to avoid this if possible.

Does anyone know if there are 3rd party vaults that let you store sensitive information, and pull that information out? Or if there is an alternate solution to the problem I'm describing?

I've yet to find a credit card vault that lets you store the card information and also retrieve it (read & write).

I'm sure I'm not the first person to encounter this, any help is greatly appreciated. Thanks.

Paul Roub
  • 36,322
  • 27
  • 84
  • 93
Binary Logic
  • 2,562
  • 7
  • 31
  • 39

2 Answers2

4

For anyone curious about what we decided to do. We decided to support payment gateways with a credit card vault. Each card is stored with each gateway. So if we charge a card on gateway #1, it gets stored in gateway #1's credit card vault. If we charge that same card on gateway #2 we require the user to enter their card again and store the card there.

After doing some research, storing cards on our server was simply not an option and the risk associated with it outweighed the benefits. PCI compliance is something our clients relied on us to provide.

The other solution we considered was picking a major gateway such as authorize.net and using a shared credit card vault. Any customer that wanted to accept cards would be required to setup an account there. This would give us a single place to store credit cards.

Binary Logic
  • 2,562
  • 7
  • 31
  • 39
3

You can check out spreedly.com They allow charging to different Gateways.

dwaynemac
  • 1,076
  • 1
  • 13
  • 24
  • It's not obvious from the answer, but Spreedly vaults cards in a way that allows you to use multiple gateways with the same token. Reading the card data isn't easy, and not all gateways are supported, but that would provide the client some leeway in choosing a gateway independently of the poster's choice. – eswald Feb 26 '14 at 00:46