Hi, I'm David, one of the engineers at Ribbon.

If you use any payment gateway, you need to send the full credit card number from the client so the gateway can return a token that identifies the card in their vault.

You can do the same and write some JS to get the first 6 numbers and send a GET request to our API without compromising security. The BIN (first 6 numbers of credit cards) is not considered the primary account number so it's safe to send (and even store).

Can I store a BIN and associate it to a customer without breaking PCI compliance?

You're allowed to store up to the first six and last four digits of a credit card number without encryption.

https://www.pcisecuritystandards.org/documents/pci_dss_v2.pd..., PCI DSS 3.3 would seem to be the most applicable section here.

Like Devan stated below - "We position ourselves between Gumroad & Shopify (if they did payments)".

In the future, we plan on adding widgets that will work within our application that will cater to some of the cases you pointed out. Some of these widgets will include date/time charging (tutor offering hours/days of work) and subscription based charging (SaaS service you mentioned). Of course, we're not limited to just that.

As for the PSD, we host the file for you so all you need to do is upload the PSD and after the checkout process, the buyer can immediately download it.

That's a great idea and we plan on adding a sample page very soon.

For now, you can view the video under the "Beautiful Checkout" section on the main page. It will show you a sample page and flow of the checkout.