However, there is one additional downside to PayPal: they will oftentimes hold back up to 25% of your proceeds for three months as a fraud prevention/risk management effort. This means if you charge a customer $100, you will only get $75 immediately and will have to wait three months to see the $25 balance. If cash is tight, or you are running inventory, this can kill your business.
This is because they store the credit card information on your behalf (unless you use a standard merchant account and decide to try to be PCI compliant – which is a whole ‘nother ball of wax that requires audits and precludes using cloud hosting for your e-commerce). In particular, if you have a subscription recurring billing model, this vendor lock in can be killer because you can’t switch providers without forcing your customers to return and re-enter their credit card information in a very limited timeframe between your switch and the next billing cycle. To avoid this, there are a small number of vendors who provide “vaults” that store credit card information in a portable manner.
The two most well-known vaults are Authorize.net’s CIM and Braintree’s vault. A newer company focused on their elegant subscription payment API, Recurly, also provides a vault (but they are not a gateway provider themselves). These companies offer credit card portability if you ever choose to store credit card data yourself. (You may be able to move from one vault to another, but I’m not sure if this is actually possible.) These vaults are the only way I know of to offload PCI compliance while still maintaining some flexibility in changing merchant account or gateway vendors.