This is a question I’d like to broadcast to the community in general. I have a client that wants to charge their users for their usage of their site, similar to how the phone company charges you for the usage of your phone line.
It’s actually somewhat similar to how Netflix charges their customers. If you start out with a one DVD subscription your monthly fee is $X. However, if you decided to add a DVD to your subscription they immediately charge you a prorated amount for the extra DVD and then, on your next billing cycle you start paying $Y.
The problem I’m running into is, really, the prorated fee. From what I can tell most gateways will let you change how much the user is charged on their schedule. However, I’m not sure how to charge the prorated amount.
The main problem is that we don’t want to store the user’s credit card information. My client is a small, one person, business. His server is colocated with a hosting provider. If we store the credit data, even if it’s encrypted, we don’t have the security expertise, much less time, to insure that it’s 100% secure.
Heck, with the best of intentions last week a server I work with frequently somehow had a rootkit installed on it! With root access to the server they could easily get the database and the description keys. What’s the point in that case of even encrypting the data?
We’re uncomfortable storing the credit information locally due to the potential of liability problems.
So, what I’d like to find is a service where I can store the credit card details outside of our system in someone else’s secure systems. I’d be happy to store an identifier for the card locally in the database. Then we could create our own process and system for charging the user against their stored credit details.
Anyone know of anything like this? I’m not having much luck finding anything. I’ve heard people refer to this as a “Vault”, but Googling hasn’t turned up much yet. Any other ideas?