Is it okay to store my customer's credit card info

Question

I'm working on a SaaS business and for some reason there's very limited info on this topic on the internet. With solutions like Stripe or PayPal, my customers need to sign in with their own Stripe or PayPal account for one-click payment. However for people who just check out with their credit cards, Is there any legal implications in the US if I want to help save their cards for one-click payment?

mtmail · Accepted Answer

Nobody but the most secure payment providers store credit card information. The legal requirements and implications are so big you never want to have credit cards touching your systems directly. Think about storing private healthcare information, the credit card industry is in some respects even more strict. https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Sec... I'm not even sure if you could get business insurance, mine forbids dealing with credit card data.
> However for people who just check out with their credit cards
There are plenty of solutions by the various payment providers, e.g. https://stripe.com/docs/payments?payments=popular ranging from buttons that open a new webpage (on the payment provider domain) and return after success to iframes that look like your own website but securely transfer input to the payment provider's systems. Paypal does ask the user to login but I think that's optional. Stripe doesn't have user accounts so Stripe doesn't ask users to sign in.

mytailorisrich · Answer

The topic you need to research is, among others, "PCI compliance".
The bottom line is that you do not want to handle payment cards' details.
With modern solutions like for instance Stripe's this is not a problem (apart from somewhat locking you in): they transparently handle cards' details and can store them so you can access that card later for further payments if needed. Customers need not be aware of anything or that you're using Stripe at all.