09-27-2011 10:18 AM
I have a subscription based system and I am considering using CIM for a new billing system. Subscriptions can last for many years. My concern is that if I use CIM for months and at some point want to use a company other than Authorize.net I need to be able to retrieve the actual credit card information stored in CIM so I can move to a new company. I like the security of using CIM but don't want to be locked in for life.
Is this possible? If so is this done through the API or is there another process?
09-27-2011 11:57 PM
Has nothing to do with Authorize.net preventing you from moving - the credit card companies just don't want card numbers and expiration dates and so on easily accessible if your account gets compromised. I don't think you'll find any modern system that lets you take full credit card data back out. The most you'll get is the last 4 digits of the credit card number, which is something Authorize.net does allow.
You could of course layer a database of your own on top of Authorize.net and store the credit card numbers locally, but you have to be darn sure you have a million layers of security and even then it's probably illegal to do it for more than a short period of time. Not that that seems to stop a lot of companies, mind you. I've written systems for storing credit card data for a few days (encryption, data written over before deletion, etc.), storing it for longer periods would be just a matter of changing a couple variables.