[yookd]

Hi, I'm David, one of the engineers at Ribbon.

If you use any payment gateway, you need to send the full credit card number from the client so the gateway can return a token that identifies the card in their vault.

You can do the same and write some JS to get the first 6 numbers and send a GET request to our API without compromising security. The BIN (first 6 numbers of credit cards) is not considered the primary account number so it's safe to send (and even store).

[kirkbackus]

Can I store a BIN and associate it to a customer without breaking PCI compliance?

[duskwuff]

You're allowed to store up to the first six and last four digits of a credit card number without encryption.

[bradbeattie]

https://www.pcisecuritystandards.org/documents/pci_dss_v2.pd..., PCI DSS 3.3 would seem to be the most applicable section here.