Flex API is suitable for use cases that require access to the PAN in client-side code.
For example, you might use this API to detect gift cards and route them differently. You can also use the Flex API for native app implementations. This can qualify you for PCI DSS assessments based on SAQ A-EP . There is a Flex-SDK-Web SDK to help with a Web-based client-side implementation of Flex API.
Storing your customer’s card data can dramatically increase your repeat-custom conversion rate, but it can also introduce additional risk along with a PCI DSS overhead. This can be mitigated by tokenizing card data. CyberSource will replace your customer’s card data with a token and store it, so it can only be used by you.