简体繁体 English

使用Paypal的Website Payments Pro存储信用卡号

[英]Storing credit card numbers with Paypal's Website Payments Pro

原文 2012-03-14 17:38:36 1 3 paypal/ payment/ credit-card/ recurring-billing

We currently use the Website Payments Pro recurring billing solution from Paypal for a SaaS web application (user signs up for a monthly billing subscription to our service) but are becoming increasingly concerned that all of our credit card data is 'locked in' to Paypal and we can never get access to it. 目前，我们将Paypal的Website Payments Pro定期计费解决方案用于SaaS Web应用程序（用户注册了我们服务的每月计费订阅），但越来越担心我们的所有信用卡数据都“锁定”到Paypal和我们永远都无法访问它。

The ideal for us is at the point of signup to store a users credit card details in a third party system (vault) whilst processing the transaction through Paypal's Website Payments Pro billing solution. 对于我们来说，理想的选择是在注册时将用户的信用卡详细信息存储在第三方系统（金库）中，同时通过Paypal的Website Payments Pro计费解决方案处理交易。 This would give us the freedom to change our payment processor without having to ask everyone of our users to re-enter their card details - storing payment details in a third party PCI compliant system would allow us to do this. 这将使我们能够自由地更改付款处理器，而不必要求我们每个用户都重新输入他们的卡详细信息-将付款详细信息存储在第三方PCI兼容系统中将使我们能够做到这一点。

Does anyone know of any such solutions that would allow us to store credit card details without transacting against them and whether these would be available to UK based companies ? 是否有人知道这样的解决方案，这些解决方案可以使我们存储信用卡详细信息而不进行交易，以及英国的公司是否可以使用这些信息？

Thanks - appreciate any help you can give. 谢谢-感谢您能提供的任何帮助。

Mike 麦克风

3 个解决方案

PayPal now offers such a service 贝宝现在提供这样的服务

https://developer.paypal.com/webapps/developer/docs/api/#vault https://developer.paypal.com/webapps/developer/docs/api/#vault

我发现Briantree.com提供了该服务

I'm not aware of anything that does this (but would love to hear otherwise). 我不知道有什么方法可以做到这一点（但是我很乐意听到其他情况）。 The reason it doesn't exist I would assume is because 'my' PCI-DSS requires that any third party that I pass card details to is also PCI compliant. 我认为它不存在的原因是因为“我的” PCI-DSS要求我将卡详细信息传递给的任何第三方也都符合PCI。

Therefore, this 'vault' provider would only be able to return to you a full card number if you were fully PCI compliant (and if you were, then why would you need to use a 3rd party vault?!) 因此，如果您完全符合PCI标准，那么该“保险库”提供商只能将完整的卡号退还给您（如果您使用，那么您为什么需要使用第三方保险库？！）

So the best you could optimistically hope for is a 3rd party that both vaults the details and also allows interaction with 'n' other payment gateways, but this would obviously only allow you to switch between gateways that the vault supports. 因此，您乐观地希望得到的最好的第三方服务是第三方，它既可以存储详细信息，还可以与“ n”个其他支付网关进行交互，但这显然仅允许您在存储库支持的网关之间进行切换。 Given that the 'vault' would need to generate income, as well as the gateways that it communicates with, I can't see this being cheaper than choosing and interacting with a single gateway directly. 鉴于“金库”将需要产生收入以及与之通信的网关，因此我认为这比直接选择单个网关并与之交互要便宜。