Kristi, what are you actually saving to the vault when I use PayPal? I know you present the merchant with a token, but how is it accomplished? Has PayPal had a charge-whenever token capability before that was not widely understood, or are you actually saving the customer's paypal email and password so you can charge arbitrary transactions in the future?
Paypal does have a future payments token capability [1]. The user must explicitly authorize the merchant the ability to use the token in order to use it for future transactions. We save the email for reference, but we never save the password.
Can Paypal (not Braintree) also authorize future Credit Card purchases from the same user without having to enter the CC number again? As in, could PayPal pass me a customer ID when someone purchases with CC via PayPal?