

Ask HN: PCI compliant service for storing credit cards? - attozk

Is there any PCI compliant service, which is not a payment gateway and allows storing credit cards?<p>There are many payment gateways that have the credit card &#x27;vault&#x27; system but the country I need to make this work for is Pakistan and there are limited number of compaies that accepts credit cards in Pakistan. 2checkout.com works but they don&#x27;t have a vault service and I don&#x27;t want to get into the business of storing such information of my servers.<p>If you know of any such service then please share.
======
wvenable
The point of these vault services is that they are write-only. Otherwise, they
are as good as useless. You put a CC number into them and you can't get them
out again. This is why it's a feature of the payment gateway; you get a token
back for followup charges but you never get the CC number back.

You might not need a vault if you can find a payment gateway supports followup
transactions. So you do one transaction with the CC number and then use that
transaction number to do another charge on the same CC without providing the
number again. I use one payment gateway that supports this instead of a vault
and it works well.

2checkout has recurring payment options which you might be able to use (or
abuse) for your needs. If you're trying to do monthly or yearly charges, that
option might work well for you.

~~~
attozk
After reading your comment about token, yes that makes sense about token being
read only. So having such a service wouldn't make sense.

Actually 2checkout recurring option won't help as I am having to build a
payment profile options - user can choose to pay from stored payment profiles.

------
rnovak
If you're okay having this appliance/container on your own network, StrongAuth
offers such a service/appliance. I'm not sure if they offer a remote solution.

~~~
attozk
Not a solution that would work in this situation but it's good to know about
them. Thanks for sharing.

