Credit Card Tokenization - FeeFighters

Credit Card Tokenization

If you wish to store customer credit card numbers for later use and avoid costly and irritating PCI security audits, the easiest way is to store the card numbers with a gateway that offers tokenization (most gateways do) or use a payments abstraction layer like Spreedly Core that offers tokenization.


You pass the card number in via API and get back a token or key that can be used to conduct transactions on the stored card number later, so you are only storing a token, not the actual card number.  If your servers were to be compromised you are safe because the tokens can only be used with your gateway account and merchant account.


Many businesses wish to store customer credit card numbers for later use.  For example, an ecommerce store might want to save payment information on a first purchase so the customer doesn’t need to enter the same payment information again the next time he/she shops.


However, storing customer credit card numbers on your own servers is very risky.  In order to get a merchant account with a credit card processor you will need to certify that your business is PCI compliant.   The easiest way to be PCI compliant is to not store card numbers locally because it avoids the need for a security audit.

About the Author

Leave a Reply 0 comments