Implementing Paypal with Meteor to receive payments

I have a question: How would I tokenize a credit card number in order to create necessary charges and subscriptions on the server in my Meteor app to be PCI compliant? I’m using Paypal’s official paypal-node-sdk package and I’m trying to set up subscription/recurring payments.

For example, for stripe, I load a client side script, that gives me access to a method that turns the credit card info into a token, so it’s safe to send to server and do all the necessary manipulations.

Let’s say user fills out form, enters credit card information, what do I need to do to be able to send that info to the server in order to stay PCI compliant? There are a number of neat Atmosphere packages that can do basic authorization methods, but that’s where it ends. None deal with subscriptions or vault card storage. I need a way to be able to take credit card information on the server and somehow get it to the server in a PCI compliant way.

Any help is much appreciated on this.

It’s actually a much better idea if you didn’t touch financial information like that at all - you hand off all payment processing off to a 3rd party and get back only a token which tells you that the transaction went through or not.

This one here offers recurrent billing:

https://www.braintreepayments.com/en-de/features/recurring-billing

And here’s the Node.js sdk:

https://developers.braintreepayments.com/start/hello-server/node

I agree with you, but I’m in a dilemma.

I sold my SaaS to a guy in UAE. He can only accept PayPal to manage transactions, but my entire application is wired to accommodate Stripe. So my only option right now is to get this to work.

Not sure if Braintree supports UAE or not.

No, it doesn’t.

And you won’t have much luck with your first approach - because, and I quote:

Anything on the back side and CID must never be stored.

https://www.pcisecuritystandards.org/pci_security/why_security_matters

Which means that, if your node package does not do recurring stuff then you’ll need to do this:

https://developer.paypal.com/webapps/developer/docs/classic/express-checkout/ht_ec-recurringPaymentProfile-curl-etc/

I.e. your server needs to do the talking itself.

My node package does do recurring stuff. It does everything PayPal offers. I just need a way to safely pass user information from client to server.

Glad you posted the PayPal express, because that’s the only way that I can see this working. But the downside is that it takes the user to the paypal website and the whole process becomes unsightly and ugly.

That’s the way it works. Because otherwise you will not be PCI compliant. The less financial information you store about the user the better.

I won’t store any information about the card on the server. I only wish to send the number to the server in order to do the transaction. Any card information is never stored, other than the last 4 digits of the CC number.