If you wish to store customer credit card numbers for later use and avoid costly and irritating PCI security audits, the easiest way is to store the card numbers with a gateway that offers tokenization (we recommend Samurai).

You pass the card number in via API and get back a token or key that can be used to conduct transactions on the stored card number later, so you are only storing a token, not the actual card number.  If your servers were to be compromised you are safe because the tokens can only be used with your gateway account and merchant account.

Many businesses wish to store customer credit card numbers for later use.  For example, an ecommerce store might want to save payment information on a first purchase so the customer doesn’t need to enter the same payment information again the next time he/she shops.

However, storing customer credit card numbers on your own servers is very risky.  In order to get a merchant account with a credit card processor you will need to certify that your business is PCI compliant.   If credit card data doesn’t ever touch your server it makes being PCI compliant a LOT easier. Keeping sensitive payment data off your servers also eliminates the risk that you will suffer a breach. There are 2 routes we recommend, one is javascript and the other is a transparent redirect. Both post the credit card data directly to your vault so you don’t have to worry about PCI compliance. A breach of credit card numbers can be extremely expensive and painful.