Long version: We're about to begin collecting payment at our Canadian-based startup (pagerduty.com), but have run into a bit of a snag. All of the Canadian payment processors we've found that support recurring billing require us to handle the CC numbers during the initial signup process. This creates a PCI compliance requirement that we're keen to avoid.

We'd like to use a US gateway that allows recurring billing without requiring PCI compliance (e.x. Braintree), but unfortunately they are all asking us to provide an Employer Identification Number issued by the IRS. Apparently, it isn't difficult for foreign corporations to get an EIN, but we're unsure what sort of tax obligations filing for an EIN will create.

Has anyone else gone through this process? Can foreign corporations collect payment using a US gateway without incurring US taxes?