Retrieving a users credit card details via paypal

0
votes

I’m building a site to be based in Australia and I have been researching into saving credit card numbers. Currently I have not had much luck with my questions. Paypal was of little help.

The site will run on many small transactions. I plan on using the paypal gateway to handle payment both via credit card and paypal accounts.

What I would like to do is retrieve user’s credit card details so they do not need to input them each time.

How I imagine this to work is that the first time a customer will input their credit card details to make the purchase. Once this purchase has been completed the site will receive a transaction ID from paypal. I then save this ID for future reference mapped to the users ID or email address.

So the next time the user wishes to make a purchase via their credit card I can forward this transaction ID to paypal and it can already have all the fields populated with their card details. Or display a screen with the last 4 digits or similar and ask the user if they wish to use this card again.

This is all assuming that the user does not have a paypal account.

Is this possible? Is there a better/more cost effective solution than this?

1
paypalcredit-cardstoring-data
What exactly did Paypals support say when you asked them about this?Emil Vikström
This is dangerous territory. There are a lot of regulations (government and industry standards) that govern how you treat raw credit card information. I'm going to say that PayPal won't allow you to retrieve credit card information, and you should understand the PCI rules thoroughly before considering implementing this feature.PaulProgrammer
PCI compliance... you really need to read up on it, it will convince you not to go this route.Jeremy Holovacs
I do not want to do it myself. I want to employ the service of a 3rd party to do it. Hence the mention of paypal. They are just not giving me a straight answer. From what I can tell the answer is NO. I know that it is possible and that this service can be provided. It it critical to the website success. However if the fees and charges for this service are too much it might kill it.Shane

1 Answers

1
votes

Your understanding isn't too far off. When you submit card details to PayPal (or any payment gateway) you should get back a token id. You would store that token id instead of the card details, then at any future point you wish to take payment you submit the token id (along with payment value etc)

By only storing the token value (and not the card details) you free yourself of most of the hassle with PCI compliance. PCI does allow you to store part of the card details in plain text (at most the first six and last four digits), so you could safely store these along with your token id. That would allow you to display these details and ask 'use this card again'

An example of this is documented at PayPal's site here:
https://developer.paypal.com/webapps/developer/docs/integration/direct/store-a-credit-card/