0

I am working on a subscription-based project and I am looking for a way to store card information data in case I would be switching my payment processor provider to another one. In which case I would have to force all users to re-subscribe which would most definitely cause a massive loss of revenue(at least initially). So by having access to the card data I can "upload" card data into the new payment processor and continue operations without outage.

What would be a good way to approach this that would not bankrupt the project from the get-go(ie. PCI DSS certification and infrastructure costing hundreds of thousands of dollars)?

1 Answers1

1

Tokenization (specifically tokenization-as-a-service) might be the solution you are looking for. In short, you send the card data to the tokenization provider, who can then securely store and forward the information where needed. This avoids vendor lock-in with your payment processors (and allows you to easily use multiple processors at any given time). Depending on the provider and how you've implemented it, you have effectively removed a significant portion of your application out of PCI scope.

(Full disclosure, I currently work for Basis Theory, which provides tokenization services. There are other companies that offer similar platforms, such as SkyFlow, VeryGoodSecurity, and TokenEx.)

Nathan Loding
  • 3,185
  • 2
  • 37
  • 43