I agree with the foregoing.   You must use a technique that is approved by your payment processor.   In fact, PayPal has a product-offering specifically designed to handle this scenario of “third-party payment.”

In fact, your entire complex existing scheme might be replaceable by switching to PayPal as your payment processor.   You literally wash your hands by offloading the responsibility, securely, to them.