Does anyone have any experience with card on file services for credit cards, that handle the storage of credit card information for ongoing purchases?
有没有人对信用卡的卡片存档服务有任何经验,处理持续购买的信用卡信息存储?
We are looking for a solution that can be integrated with a custom ASP.NET app via a web service or similar but removes the storage of the info from our side of the equation in order to reduce risk and meet PCI compliance issues.
我们正在寻找可以通过Web服务或类似方法与自定义ASP.NET应用程序集成的解决方案,但是从方程式中删除了信息的存储,以降低风险并满足PCI合规性问题。
We need a solution that allows for us to do ongoing billing at different varied amounts for a card pass system, not recurring monthly fixed subscription billings.
我们需要一种解决方案,允许我们以不同的金额为卡通系统进行持续计费,而不是每月固定的订阅账单。
3 个解决方案
#1
I don't mean to sound like a shill, but I would check out Cybersource, which has a storage service like you're suggesting. Cybersource also purchased Authorize.net, which is targeted towards smaller businesses.
我并不是说听起来像一个小小的,但我会查看Cybersource,它有一个像你建议的存储服务。 Cybersource还购买了针对小型企业的Authorize.net。
#2
I'd recommend talking to your bank and asking them for recommendations. Then I'd also call Visa and Mastercard directly to see who's at the top of their lists.
我建议您与银行联系并向他们寻求建议。然后我还会直接打电话给维萨卡和万事达卡,看看谁是他们名单上的首位。
I'd basically require a word of mouth recommendation from someone who is going to be part of that transaction process because they have a financial interest in this. ie: your bank.
我基本上需要一个能够成为交易过程一部分的人的口碑推荐,因为他们对此有经济利益。即:你的银行。
Of course, there is still the possibility of problems. Big names like ChoicePoint have even had security problems. Try to make sure it's a publicly traded company. That way you can do a little due diligence in checking out their assets and partners to make sure it works for you.
当然,仍有可能出现问题。像ChoicePoint这样的大牌甚至出现了安全问题。尽量确保它是一家上市公司。这样你就可以做一些尽职调查,检查他们的资产和合作伙伴,以确保它适合你。
#3
Best thing to do is integrate to a payment gateway that supports 'tokenization'. Basically, when you do the initial transaction, the gateway processes the card and then sends you back a token for that transaction. You can use that token for any subsequent transactions such as repeat sales and refunds of the original charge. I personally have worked with the MerchantWARE gateway which supports these features. There's also a few others out there. These gateways basically act as a vault for the card numbers but since you are just sending the token back and forth, PCI does not apply. Keep in mind that the initial transaction still puts you in scope of PCI since that has the credit card data unless you use a software that offloads that first transaction as well.
最好的办法是集成到支持“标记化”的支付网关。基本上,当您执行初始事务时,网关会处理该卡,然后向您发回该事务的令牌。您可以将该令牌用于任何后续交易,例如重复销售和退还原始费用。我个人使用过支持这些功能的MerchantWARE网关。那里还有其他几个。这些网关基本上充当卡号的保险库,但由于您只是来回发送令牌,因此PCI不适用。请记住,除非您使用卸载第一笔交易的软件,否则初始交易仍会将您置于PCI范围内,因为它具有信用卡数据。
#1
I don't mean to sound like a shill, but I would check out Cybersource, which has a storage service like you're suggesting. Cybersource also purchased Authorize.net, which is targeted towards smaller businesses.
我并不是说听起来像一个小小的,但我会查看Cybersource,它有一个像你建议的存储服务。 Cybersource还购买了针对小型企业的Authorize.net。
#2
I'd recommend talking to your bank and asking them for recommendations. Then I'd also call Visa and Mastercard directly to see who's at the top of their lists.
我建议您与银行联系并向他们寻求建议。然后我还会直接打电话给维萨卡和万事达卡,看看谁是他们名单上的首位。
I'd basically require a word of mouth recommendation from someone who is going to be part of that transaction process because they have a financial interest in this. ie: your bank.
我基本上需要一个能够成为交易过程一部分的人的口碑推荐,因为他们对此有经济利益。即:你的银行。
Of course, there is still the possibility of problems. Big names like ChoicePoint have even had security problems. Try to make sure it's a publicly traded company. That way you can do a little due diligence in checking out their assets and partners to make sure it works for you.
当然,仍有可能出现问题。像ChoicePoint这样的大牌甚至出现了安全问题。尽量确保它是一家上市公司。这样你就可以做一些尽职调查,检查他们的资产和合作伙伴,以确保它适合你。
#3
Best thing to do is integrate to a payment gateway that supports 'tokenization'. Basically, when you do the initial transaction, the gateway processes the card and then sends you back a token for that transaction. You can use that token for any subsequent transactions such as repeat sales and refunds of the original charge. I personally have worked with the MerchantWARE gateway which supports these features. There's also a few others out there. These gateways basically act as a vault for the card numbers but since you are just sending the token back and forth, PCI does not apply. Keep in mind that the initial transaction still puts you in scope of PCI since that has the credit card data unless you use a software that offloads that first transaction as well.
最好的办法是集成到支持“标记化”的支付网关。基本上,当您执行初始事务时,网关会处理该卡,然后向您发回该事务的令牌。您可以将该令牌用于任何后续交易,例如重复销售和退还原始费用。我个人使用过支持这些功能的MerchantWARE网关。那里还有其他几个。这些网关基本上充当卡号的保险库,但由于您只是来回发送令牌,因此PCI不适用。请记住,除非您使用卸载第一笔交易的软件,否则初始交易仍会将您置于PCI范围内,因为它具有信用卡数据。