Is not an option.
There, now that I have your attention, I have an interesting problem.
We are a portal for non profits. We have no leverage over what payment gateway a non profit uses. We need to token-ize credit card details, regardless of the gateway. Whether a gateway supports this process , even without first having a successful transaction seems to be a flip of the coin.
For example, paypal pro and stripe will return a token during the checkout process, but you have to go through that process, with a dollar amount. Authorize.net and transnational allow you to "vault" the credit card details.
Paypal pro will let you capture details, and change the capture amount, but is limited on how much that amount can change.
Our current project is a auction app, and we need to insure that someone can't skip out on a won auction. So we would like to get credit card details, and store them at account creation.
It seems the only option is to store these details ourselves, but of course this leads to HUGE complications, risks and will require a substantial cost in time on a regular basis for the entire lifespan of this project. Continuously insuring compliance, and keeping up with changes to be secure would almost be a weekly task.
So what do we do? If we can't/shouldn't store the credit details, and we can't get a non-profit to use a payment gateway of our choice, what are our options?
We cannot be a middle man for the payments as it goes against a message.
Thoughts, recommendations? Ropes to hang myself with as this seems like it's a lose lose situation?
lol, thanks!