简体繁体 English

使用PayPal的'Website Payments Pro'存储信用卡信息？

[英]Storing credit card information with PayPal's 'Website Payments Pro'?

原文 2009-08-19 21:59:15 6 5 security/ e-commerce/ paypal/ credit-card

I am developing an e-commerce website where some customers will be making frequent online purchases. 我正在开发一个电子商务网站，一些客户将频繁在线购物。 With that said, I am trying to find a solution that will allow me to securely store credit card information, using Website Payments Pro, so customers do not need to re-enter credit card information every time that they make a purchase. 话虽如此，我试图找到一种解决方案，允许我使用Website Payments Pro安全地存储信用卡信息，因此客户无需在每次购买时重新输入信用卡信息。 I am aware of credit card "tokenization" services like Braintree , but they require you to use their entire payment platform. 我知道像Braintree这样的信用卡“令牌化”服务，但它们要求您使用他们的整个支付平台。 PayPal has confirmed that there are third party shopping carts out there that work with Website Payments Pro, that would securely store credit card information (as long as I am PCI compliant), but would not point me in the direction of one. PayPal已经确认有第三方购物车与Website Payments Pro合作，可以安全地存储信用卡信息（只要我符合PCI标准），但不会指向我的方向。

Does anyone know of a third party service that would fit my needs for this? 有谁知道第三方服务能满足我的需求吗？ Thanks for your time and help! 感谢您的时间和帮助！

David 大卫

5 个解决方案

You can make use of PayPal's Reference Transactions API that makes a transaction ID as reference to make future transactions without entering their credit card information.This way your customers can make payments throughout the year. 您可以使用PayPal的参考交易API，该API将交易ID作为参考，以便在未输入信用卡信息的情况下进行未来交易。这样，您的客户可以全年付款。 Alternatively you can also make the billing agreement ID as the reference for future transactions.This way PayPal Payments Pro will pick the required details automatically from the previous transaction.Billing agreement ID has the benefit that it is not time bound for 1 year unlike transaction ID 或者，您也可以将结算协议ID作为未来交易的参考。这样，PayPal Payments Pro将自动从之前的交易中选择所需的详细信息。账单协议ID的好处是，与交易ID不同，它不会受到1年的时间限制。

It is very, very difficult to securely store credit card information. 安全存储信用卡信息非常非常困难。 In fact, it was announced just two days ago that 130 million credit card numbers were stolen from major retail and finance companies that have far more resources than you probably do to secure that data. 事实上，就在两天前宣布，主要零售和金融公司窃取了1.3亿个信用卡号码，这些公司拥有的资源远远超过您保护数据所需的资源。

I fully understand the desire to easily facilitate recurring payments. 我完全理解轻松促进经常性付款的愿望。 However, think though and understand the risk related to storing of credit card numbers before deciding to do so. 但是，在决定这样做之前，请考虑并了解与存储信用卡号码相关的风险。

If you decide that you need to store the card numbers, I recommend hiring a security expert with a proven track record to help design your solution and then audit it once it's in place. 如果您决定需要存储卡号，我建议您聘请具有可靠记录的安全专家来帮助您设计解决方案，然后在安装后对其进行审核。

I think the better solution would be using paypal Vault 我认为更好的解决方案是使用paypal Vault

The Vault API provides a secure way to store customer credit cards. Vault API提供了一种存储客户信用卡的安全方式。 By storing cards with PayPal, you can avoid storing them on your servers. 通过使用PayPal存储卡，您可以避免将它们存储在服务器上。

so the flow should be as follow you store customer credit card to vault, and get a card id back from paypal. 因此，流程应该像您将客户信用卡存储到保险库，并从PayPal获取卡ID。 You can use that card id to make a transaction or save that card id with customer info in your database to make future transactions 您可以使用该卡ID进行交易，或将该卡ID与客户信息一起保存在数据库中以进行日后交易

Note: 注意：

A reference transaction must have occurred within the past 730 days because the ID may not be available after two years. 参考交易必须在过去730天内发生，因为该ID可能在两年后无法使用。

在过去，我使用过aspdotnetstorefront ，但它是一个完整的店面应用程序，包括支付网关。

You can do this with PayPal Express if you don't want to use Pro. 如果您不想使用Pro，可以使用PayPal Express执行此操作。

https://www.paypal.com/cgi-bin/webscr?cmd=xpt/Marketing/general/RecurringPaymentFAQs-outside#Q9 https://www.paypal.com/cgi-bin/webscr?cmd=xpt/Marketing/general/RecurringPaymentFAQs-outside#Q9

Is that what you're looking for or are you looking for the actual code that uses their API? 这是您正在寻找的，还是在寻找使用其API的实际代码？