As in "(a) they get consent to bill credit card X once and then multiple times in the future for arbitrary amounts?" and "(b) (a) on a monthly cadence?"<p>The short answer of this is having the right relationship with your payment processor. Just as there is a bank that issues the customer's credit card and manages liquidity in that relationship, there is one for the merchant.<p>As for the customer, the bank assesses the risk of the merchant and you will get some contract as to how you are expected to run payments. Almost anybody can get payments through Stripe: there is a bank behind Stripe and since Stripe never shows you the credit card numbers, has advanced anti-fraud, and submits to auditing of security procedures from the bank.<p>Merchants on Stripe don't get the best deal on terms and conditions, if you shop around you can find a bank and payment processor that will give you a better deal. It's not just a matter of "can I store a customer's payment data and insert an order with the API" but also "am I complying with my merchant agreement?" Otherwise you will be looking for a new payment processor.<p>AMZN gets a better deal than the average merchant for many reasons but that kind of Goliath wishes it could get a better deal than it does. Since the 1980s Wal-mart has wanted to own a bank to "eliminate the middleman" but regulators won't allow it; the banks still have a lot of power in the relationship with AMZN and the like...