Ask HN: PCI compliant service for storing credit cards?

[attozk]

Is there any PCI compliant service, which is not a payment gateway and allows storing credit cards?

There are many payment gateways that have the credit card 'vault' system but the country I need to make this work for is Pakistan and there are limited number of compaies that accepts credit cards in Pakistan. 2checkout.com works but they don't have a vault service and I don't want to get into the business of storing such information of my servers.

If you know of any such service then please share.

[wvenable]

The point of these vault services is that they are write-only. Otherwise, they are as good as useless. You put a CC number into them and you can't get them out again. This is why it's a feature of the payment gateway; you get a token back for followup charges but you never get the CC number back.

You might not need a vault if you can find a payment gateway supports followup transactions. So you do one transaction with the CC number and then use that transaction number to do another charge on the same CC without providing the number again. I use one payment gateway that supports this instead of a vault and it works well.

2checkout has recurring payment options which you might be able to use (or abuse) for your needs. If you're trying to do monthly or yearly charges, that option might work well for you.

[attozk]

After reading your comment about token, yes that makes sense about token being read only. So having such a service wouldn't make sense.

Actually 2checkout recurring option won't help as I am having to build a payment profile options - user can choose to pay from stored payment profiles.

[rnovak]

If you're okay having this appliance/container on your own network, StrongAuth offers such a service/appliance. I'm not sure if they offer a remote solution.

[attozk]

Not a solution that would work in this situation but it's good to know about them. Thanks for sharing.