tags:

views:

320

answers:

3
+3  Q: 

Credit Card - Card on file services?

Does anyone have any experience with card on file services for credit cards, that handle the storage of credit card information for ongoing purchases?

We are looking for a solution that can be integrated with a custom ASP.NET app via a web service or similar but removes the storage of the info from our side of the equation in order to reduce risk and meet PCI compliance issues.

We need a solution that allows for us to do ongoing billing at different varied amounts for a card pass system, not recurring monthly fixed subscription billings.

+1  A: 

I don't mean to sound like a shill, but I would check out Cybersource, which has a storage service like you're suggesting. Cybersource also purchased Authorize.net, which is targeted towards smaller businesses.

mgroves  2009-07-08 13:47:39
We currently use Authorize.net and the CMI service they provide might actually meet the end client needs, thanks for the tip, it wasn't obvious on the main Authorize.net site that they even offered this service when we look previously.
schooner  2009-07-08 14:36:26
It's actualy CIM
mgroves  2009-07-08 17:02:48
+1  A: 

I'd recommend talking to your bank and asking them for recommendations. Then I'd also call Visa and Mastercard directly to see who's at the top of their lists.

I'd basically require a word of mouth recommendation from someone who is going to be part of that transaction process because they have a financial interest in this. ie: your bank.

Of course, there is still the possibility of problems. Big names like ChoicePoint have even had security problems. Try to make sure it's a publicly traded company. That way you can do a little due diligence in checking out their assets and partners to make sure it works for you.

Chris Lively  2009-07-08 13:48:43
We do plan to talk to the current processor and banks as well, was just looking for recommendations from a developer point of view as well to add to the list.
schooner  2009-07-08 14:31:55
Pretty good answer, I've never thought of this approach before
Allen  2009-07-08 14:36:55
+1  A: 

Best thing to do is integrate to a payment gateway that supports 'tokenization'. Basically, when you do the initial transaction, the gateway processes the card and then sends you back a token for that transaction. You can use that token for any subsequent transactions such as repeat sales and refunds of the original charge. I personally have worked with the MerchantWARE gateway which supports these features. There's also a few others out there. These gateways basically act as a vault for the card numbers but since you are just sending the token back and forth, PCI does not apply. Keep in mind that the initial transaction still puts you in scope of PCI since that has the credit card data unless you use a software that offloads that first transaction as well.

markiyanm  2010-03-05 17:02:24

related questions

Displaying Version Information in a Web Service
Example Web Service
SoapException: Root element is missing occurs when .NET web service called from Flex
Best practice for webservices
What is your preferred method of sending complex data over a web service?
.Net - Returning DataTables in WCF
Is it possible to return objects from a WebService?
How much extra overhead is generated when sending a file over a web service as a byte array?
Returning Large Results Via a Webservice
File Uploads via Web Services
best way to persist data in .NET Web Service
What is the difference between an endpoint, a service, and a port when working with webservices?
Calling REST web services from a classic asp page
Best way to write a RESTful service "client" in .Net?
Where can I find some good WS-Security introductions and tutorials?
ASP.NET Web Service Results, Proxy Classes and Type Conversion
Web Services -- WCF vs. Standard
C# WCF Service - Backward compatibility issue
Document or RPC based web services
How to easily consume a web service from PHP
Timer-based event triggers
How to pass enumerated values to a web service
Homegrown consumption of web services
How do I print an HTML document from a web service?
How do I fill a DataSet or a DataTable from a LINQ query resultset ?