Storing CC Data so that a user can pay anytime like in App Store?
Hi Everyone, I have this huge issue because this is such a complex topic for a beginner like me to understand.
I want my users to be able to place reservations with their account, without having to re-enter their CC details every time. This would work like the app-store, where you press "buy", and after you confirm your order - it's a done deal.
Now, from a technical standpoint (I want my own payment gateway) this shouldn't be an issue if I stored the encrypted CC data in a DB and retrieve it to use with paypal pro.
However from what I read it's always a security issue, and even without that there are apparently strict restrictions and audits required for this to work. For a company located outside of US, this is even more difficult.
I looked into having the payments done in-app using Apples and Android's systems, however apple takes 30% of the cut. If a reservation were ever to come to $1000, it's impossible for this to work.
Look into auth-capture requests through a payment gateway. You will not be able to store the CC details in a database in the manner it sounds like you are suggesting as it violates the PCI and will also require SOX consideration.