What you do to store credit card details of recurring subscriptions for any Payment gateway issues
Wanted to ask how many people store the credit card details of recurring subscriptions at their end or with any other third party to make sure they are safe with any payment gateway related issues.
In order to answer, please log in or become member.
Adam Altman I recommend you always use a gateway agnostic provider (who is PCI DSS compliant) to vault your cardholder data. That way you can move from provider to provider as you wish. And you can sleep well at night. If I had a nickel for every time I heard, “they just closed our account — and they have all our cardholder data!”
Satyabala Pali I would strongly against storing any credit card details due to PCI DSS (payment card industry compliance) because, just in case, If you are caught storing card details incorrectly, you can make yourself fall into some serious trouble. I would leave the specific job to be done by the third parties which will go through the pains of PCI DSS so that, I don’t have to worry about the same. 
🙂
Stick to Stripe and co, they do this stuff in their sleep.
Pankaj Agarwal In such case what-if you have to switch your payment gateway due to some reason. Maybe from Stripe to PayPal.
Hmm. If such a case comes forth then probably a campaign or two leading up to the day of the switch, and once that has occurred, tweak your dunning emails to let people know their card details will need to be re-entered or generally updated 🙂
Changing providers won’t be easy unless you move to someone who can extract the data out of Stripe (I think Chargebee can do that?)
Ashi Rai You need not store credit card detail at all as you do not want to be responsible for the safety of that kind of data. For the same purpose, stripe and Braintree exist, use their services instead, it’s worth it.
We absolutely do not store credit card information anywhere on our servers. We use Stripe, which takes care of all that very easily. So much more secure, and we actually use that as a selling point – that we do not store and sensitive CC information on our systems at all!
Related Questions to this topic
I recommend you always use a gateway agnostic provider (who is PCI DSS compliant) to vault your cardholder data. That way you can move from provider to provider as you wish. And you can sleep well at night. If I had a nickel for every time I heard, “they just closed our account — and they have all our cardholder data!”
I would strongly against storing any credit card details due to PCI DSS (payment card industry compliance) because, just in case, If you are caught storing card details incorrectly, you can make yourself fall into some serious trouble. I would leave the specific job to be done by the third parties which will go through the pains of PCI DSS so that, I don’t have to worry about the same. 🙂
Stick to Stripe and co, they do this stuff in their sleep.
In such case what-if you have to switch your payment gateway due to some reason. Maybe from Stripe to PayPal.
Hmm. If such a case comes forth then probably a campaign or two leading up to the day of the switch, and once that has occurred, tweak your dunning emails to let people know their card details will need to be re-entered or generally updated 🙂
Changing providers won’t be easy unless you move to someone who can extract the data out of Stripe (I think Chargebee can do that?)
You need not store credit card detail at all as you do not want to be responsible for the safety of that kind of data. For the same purpose, stripe and Braintree exist, use their services instead, it’s worth it.
We absolutely do not store credit card information anywhere on our servers. We use Stripe, which takes care of all that very easily. So much more secure, and we actually use that as a selling point – that we do not store and sensitive CC information on our systems at all!
