Sam Hamilton wrote: > Just starting down the path of PCI, so when I know more I will > let the list know. I was more thinking of getting compliance > by moving the storage of credit cards out of the database and > into the payment processors servers (secure storage based on > tokens)
How would repeat billing work with that? Would each payment processing server have it's very own logic for handling repeats? Or would the payment submitter just reissue the request? If the latter, then it's barely more secure then actually having the credit card itself; you can still get the money.
