Level 8
According to Stripe so long as you don't give form input elements names and use the data-* attributes instead the data won't get passed to your server:
Dec 7, 2016
5
Level 11
Stripe / Braintree.. - is in USA standard manipulate with card number and card cvc number?
I and our entire team of programmers is in shock of how to implement credit card payments, when all the tutorials that address the integration of payments to websites and also the official documentation of large companies (eg. Stripe) operate in such a way that the client entered confidential information about your card directly on that particular site.
We do not understand. We are from the Czech Republic, and all of us used in payment systems work so that the client for payment redirected to the secure banking company.
We are now creating a website that will be hosted in the United States and find that elsewhere in the world is a way of making payments completely different (probably based on the fact that the client trusts that it entered data can not and will not be abused). How is it possible that this method can work? The programmer can do (yes, it should not, but it can) save the card information and misuse it. They are used in the US for this type of payment of a special card, which is stored a smaller amount and possible misuse of the card does not matter much to the client? Or how else do you have this in our eyes "naive" to explain?
Level 80
@inyansuta As @DarkRoast says, Stripe uses JavaScript to take what was entered in to a HTML input on your site to their site. So long as you don’t give those inputs name attributes, their values won’t touch your server.
Because the sensitive information doesn’t touch your servers, you don’t have to go through things like PCI compliance.
In the case of PayPal, when I’ve integrated it it’s been an off-site solution. A user clicks a “Buy” or “Checkout” button and they’re taken to a PayPal web page to enter their payment information. Again, your server doesn’t receive it. PayPal then sends you a webhook notification (what they call an “IPN notification”) that a payment’s been made.
Level 8
Can we create a form on our website where we collect information such as first & last name, address, country to save in our database in table orders before we place the order with braintree? We are using Braintree and Cashier and are not going to save creditcard information into our database so PCI compliance is not a problem?
Level 11
@martinbean Yes, paypal solution is correct. But back to my question. How big is Stripe in the US? Clients really do not mind that enter information about your card for any web site? They occur in abundance abuse cases?
Level 8
@inyansuta I would suggest using Braintree since they offer paypal, so anyone who doesn't want to enter their creditcard can use paypal to pay. Stripe does not offer that
Please or to participate in this conversation.