9
votes

I am developing an e-commerce website where some customers will be making frequent online purchases. With that said, I am trying to find a solution that will allow me to securely store credit card information, using Website Payments Pro, so customers do not need to re-enter credit card information every time that they make a purchase. I am aware of credit card "tokenization" services like Braintree, but they require you to use their entire payment platform. PayPal has confirmed that there are third party shopping carts out there that work with Website Payments Pro, that would securely store credit card information (as long as I am PCI compliant), but would not point me in the direction of one.

Does anyone know of a third party service that would fit my needs for this? Thanks for your time and help!

David

5

5 Answers

7
votes

You can make use of PayPal's Reference Transactions API that makes a transaction ID as reference to make future transactions without entering their credit card information.This way your customers can make payments throughout the year. Alternatively you can also make the billing agreement ID as the reference for future transactions.This way PayPal Payments Pro will pick the required details automatically from the previous transaction.Billing agreement ID has the benefit that it is not time bound for 1 year unlike transaction ID

2
votes

It is very, very difficult to securely store credit card information. In fact, it was announced just two days ago that 130 million credit card numbers were stolen from major retail and finance companies that have far more resources than you probably do to secure that data.

I fully understand the desire to easily facilitate recurring payments. However, think though and understand the risk related to storing of credit card numbers before deciding to do so.

If you decide that you need to store the card numbers, I recommend hiring a security expert with a proven track record to help design your solution and then audit it once it's in place.

1
votes

I think the better solution would be using paypal Vault

The Vault API provides a secure way to store customer credit cards. By storing cards with PayPal, you can avoid storing them on your servers.

so the flow should be as follow you store customer credit card to vault, and get a card id back from paypal. You can use that card id to make a transaction or save that card id with customer info in your database to make future transactions

Note:

A reference transaction must have occurred within the past 730 days because the ID may not be available after two years.

0
votes

in the past, I have used aspdotnetstorefront, but it is an entire storefront application, including the payment gateway.

0
votes

You can do this with PayPal Express if you don't want to use Pro.

https://www.paypal.com/cgi-bin/webscr?cmd=xpt/Marketing/general/RecurringPaymentFAQs-outside#Q9

Is that what you're looking for or are you looking for the actual code that uses their API?