Card On File Options Without Subscription Service?

Card On File Options Without Subscription Service?

alexandernendza
Tourist
3 0 6

I am looking for a solution to keep customer's credit cards on file, primarily for the purpose of being able to process phone orders more easily without having to acquire card info every time. We have a lot of long-term customers who specifically request and expect that we be able to keep cards on file for them.

 

I know that Shopify does NOT keep credit card information in their database. This is a barrier that myself and many other customers are well aware of. When searching for work-arounds or Shopify app solutions, all of the suggestions seem to be "recurring payment" or "subscription service" types of apps. We aren't trying to offer subscriptions or any such thing- we simply want to be able to reference securely-stored credit card info when taking phone orders.

Does anyone have a solution that isn't a subscription service app?

Replies 2 (2)

PaulNewton
Shopify Partner
7096 630 1484

Hi @alexandernendza remember the convenience people want does not outweigh any related business risk.

 

 

Important Preamble:

Keep in mind putting such data on a platform can easily expose that data to staff or admin that should not have such information. ( permissions may not be granular enough).

Any app doing so should not even risk storing it in shopify metafields , even if "private" metafields. And any app doing so have to invest in PCI compliance level security and processes. 

 Storing such information can be a legal liability, consult an attorney about such things before proceeding.

Additionally it can help to talk with an accountant about practices for working with such data in related back-office software like excel.

Before storing such data on a platform review any TOS and contracts.

 

Even if you keep cards on file while taking phone orders you should still have to have staff doing verification or your just asking for problems. So all your doing is trying to trade one annoyance for another, where the only real benefit is when they do not have the cc on hand or the numbers memorized or difficulty speaking. If you are B2B then employees placing orders should have no issues reiterating cc's when spending someone else's money. If they are in a rush consider raising prices if they want you to take on risk. A different story if it's high value clients with dedicated  account handlers who know people by voice,etc.

 

General Answer:

https://www.securitymetrics.com/blog/dos-and-donts-storing-card-data 

Use Excel and you need to be PCI compliant, do your research and implement all associated security protections, the file should be an encrypted password protected workbook only accessible on specific peoples operating system accounts with similar security as the OS level.

The file should not be synced to the cloud, or shared in workspaces, or auto uploaded to googlesheets, onecloud, dropbox etc without consideration such as being a dedicated locked down backup location that is also PCI compliant.

 

This could also be handled with a metafield definition on customer in the shopify admin, but again consider everyone who has access to customers admin, and I'd recommend talking with shopify support beforehand about doing that to be sure it's copacetic.

Contact [email protected] for the solutions you need


Save time & money ,Ask Questions The Smart Way


Problem Solved? ✔Accept and Like solutions to help future merchants

Answers powered by coffee Thank Paul with a Coffee for more answers or donate to eff.org


HTB
Tourist
4 0 1

Did Shopify ever figure out how to add COF feature like square has?