So I know there have been numerous posts about storing credit card information. We are building a mobile application and want people to be able to enter in their card information once, not with each purchase.
We looked at Authorize.net CIM, and it appears to be an ideal solution (we just store a profile ID or Token that returns the credit card number)... but it might fall short of our needs, since the credit card information isn't processed (necessarily) by authorize.net but by whatever merchant account we are sending the payment too. In other words we want to store the credit card information like a wallet... not necessarily process with Authorize.net every time.
Reading the CIM XML documentation (p.94), it looks like the getCustomerPaymentProfileResponse masks the credit card return data... so I don't see how that would be useful for processing if the data is masked?
We do have some other options for implementation but I was really hoping to have a web-based way for customers to manage their payment accounts. Does anyone know of any ways to store credit card data that can be called on demand to be passed to any given merchant's processor?
EDIT 4.28.2011 - I'm hitting a wall with this. What if we don't store the credit card information at all, have customers enter it and then pass it... how do we do that securely? No storing it, pass along HTTPS, encrypt card data while in transit?