

Ask HN: Outsourcing credit card data storage? - transmit101

I'm currently developing a complex recurring payment system. Our payment gateway does not offer a "secure vault" service, and we will need to charge customers a variable amount each month. Therefore we will need to store customers' credit card details.<p>However, ideally I would like to avoid having to be compliant with PCI level D, so I'd like to find a company which:<p>* Will allow us to securely store customers' credit card details on their PCI-compliant servers.<p>* Allow us to retrieve one or all of the stored card details via their API at any time, so we can submit new payments using them.<p>I'm pretty new in the world of payment processing. Is there a company offering this kind of service?<p>(NB: I'm not looking for a full billing service like Spreedly or Chargify. I just want secure storage for credit card details, nothing more.)
======
apowell
If it isn't too late to select a payment gateway that supports a secure vault,
perhaps Recurly.com would fit your needs? Personally, I don't know of any
services that provide only the vault without the gateway or billing logic
attached.

Plus, if a service had an API to transmit customer credit card data to your
server so you could forward it to the payment gateway for processing, I don't
see how that adds much security over encrypting and storing them on your own
server (yes, I know this is a bad idea). A malicious individual with access to
your server could still compromise your customer data.

