According to PCI rules (and Vista/MasterCard guidelines) merchants are not allowed to store CVV (CVV2) numbers. To process recurring payments (monthly subscription etc.) most payment processors offer “Subscription” payment option, where full credit card details (including CVV) are submitted only during the first (initial) transaction. Subsequent payments are than handled by payment processor, so merchant don’t have to store/resubmit credit card details. This obviously means all subsequent payments have to be handled by the same payment gateway.
Now my question: What if I wanted to change my payment processor? What if my payment gateway (for whatever reason) ceased to exist? Is my only option to ask all my customers to re-submit their card details? How to avoid payment gateway “lock-in” described above?
The solution would be of course to store full card details (including CVV) and submit them in monthly (or whatever other) billing cycles to whichever payment gateway I want. But this is not allowed…
I would very much appreciate any suggestions from eCommerce experts here.