tags:

views:

595

answers:

3
+2  Q: 

Storing credit card information with PayPal's 'Website Payments Pro'?

Hi there,

I am developing an e-commerce website where some customers will be making frequent online purchases. With that said, I am trying to find a solution that will allow me to securely store credit card information, using Website Payments Pro, so customers do not need to re-enter credit card information every time that they make a purchase. I am aware of credit card "tokenization" services like Braintree, but they require you to use their entire payment platform. PayPal has confirmed that there are third party shopping carts out there that work with Website Payments Pro, that would securely store credit card information (as long as I am PCI compliant), but would not point me in the direction of one.

Does anyone know of a third party service that would fit my needs for this? Thanks for your time and help!

David

A: 

in the past, I have used aspdotnetstorefront, but it is an entire storefront application, including the payment gateway.

Josh  2009-08-19 22:08:33
+1  A: 

It is very, very difficult to securely store credit card information. In fact, it was announced just two days ago that 130 million credit card numbers were stolen from major retail and finance companies that have far more resources than you probably do to secure that data.

I fully understand the desire to easily facilitate recurring payments. However, think though and understand the risk related to storing of credit card numbers before deciding to do so.

If you decide that you need to store the card numbers, I recommend hiring a security expert with a proven track record to help design your solution and then audit it once it's in place.

Eric J.  2009-08-19 22:39:32
I agree that it's difficult and very expensive to securely store credit card information. Go with a third party, but keep in mind that some service providers won't give your data back to you if you want to leave. We (Braintree) started a credit card data portability standard to address the problem http://bit.ly/a2uEvm .
dan-manges  2010-04-27 16:19:40
A: 

You can do this with PayPal Express if you don't want to use Pro.

https://www.paypal.com/cgi-bin/webscr?cmd=xpt/Marketing/general/RecurringPaymentFAQs-outside#Q9

Is that what you're looking for or are you looking for the actual code that uses their API?

Andy Gaskell  2009-08-19 22:55:44

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security