Level 36
if you are worried about your cc details, pay with Paypal
Jul 14, 2015
10
Level 1
Subscription Payment
Since the begin of Laracasts that i never subscribed to it, despiste i know Jeffry Way video tutorials from Nettuts and all 50% off promotions.
The reason is one:
- i do not like to spread my credit card details over all the internet.
I see in the form submission for the subscription the following text:
Want full access to the Laracasts catalog? Okay, first, let's add a credit card to your account. Don't worry — your private card number will never touch our servers.
But if i inspect it i will realise that the form will touch Laracasts web servers:
<form method="POST" action="https://laracasts.com/admin/card" accept-charset="UTF-8" id="billing-form"><input name="_token" type="hidden" value="AtPMcwCEasTTtiR3QQIvVI6McFZA8E7TO0agbqKy">
<input name="_token" type="hidden" value="AtPMcwCEasTTtiR3QQIvVI6McFZA8E7TO0agbqKy">
<!-- Credit Card Number -->
<div class="form-group row">
<label for="cc-number" class="col-md-3 control-label">Credit Card Number:</label>
<div class="col-md-8">
<input type="text" id="cc-number" class="form-control input-md cc-number" data-stripe="number" placeholder="" required="">
</div>
</div>
<!-- Expiration Date -->
<div class="form-group row">
<label class="col-md-3 control-label">Expiration Date:</label>
<div class="col-md-3">
<select class="form-control cc-expiration-month" data-stripe="exp-month"><option value="1">January</option><option value="2">February</option><option value="3">March</option><option value="4">April</option><option value="5">May</option><option value="6">June</option><option value="7">July</option><option value="8">August</option><option value="9">September</option><option value="10">October</option><option value="11">November</option><option value="12">December</option></select>
</div>
<div class="col-md-2 no-left-arm">
<select class="form-control cc-expiration-year" data-stripe="exp-year"><option value="2015">2015</option><option value="2016">2016</option><option value="2017">2017</option><option value="2018">2018</option><option value="2019">2019</option><option value="2020">2020</option><option value="2021">2021</option><option value="2022">2022</option><option value="2023">2023</option><option value="2024">2024</option><option value="2025">2025</option><option value="2026">2026</option><option value="2027">2027</option><option value="2028">2028</option><option value="2029">2029</option><option value="2030">2030</option></select>
</div>
</div>
<!-- CVV Number -->
<div class="form-group row">
<label for="cvv" class="col-md-3 control-label">CVV Number:</label>
<div class="col-md-3">
<input type="text" id="cvv" placeholder="" class="form-control input-md cvc" data-stripe="cvc" required="">
</div>
</div>
<div class="payment-errors col-md-8" style="display:none">
</div>
<footer>
<button type="submit" class="btn btn-primary">Add Credit Card</button>
</footer>
</form>
Level 26
I think it means the card details won't be stored on his servers but will be on another (guessing Stripe) to take the reoccurring payments.
Basically if laracasts server was hacked and the database dumped then it won't have any records of your card details just an identifier to connect up to the service (guessing Stripe). I would have thought @JeffreyWay would be straight on the case to renew the API keys if those got out. If both db and code got released then it's a bad day for all just like any site with reoccurring payments.
If Stripes servers, (PayPal or whatever) are hacked and card details dumped then everyones fucked.
Level 1
I do not see that ooption to pay with Paypal.
For me as user my card details are travelling to some unknown place.
Personally i do not like to give my card details to any body, but once outside of my country do not exist a really 100% safe way of pay things online, i have limited my self to only use Paypal, once in this way i just have them exposed to the risk of being hacked in 1 single place, instead of several unknown places.
Level 65
Actually, they never touch the Laracasts' server.
It sends those inputs straight to Stripe via JS. The inputs have data-stripe="number" and data-stripe="exp-month" etc so there's no name="" attributes.
2 likes
Level 26
You could always setup a separate card for payments and transfer from your main bank account on the card when it needs topping up. If you have online banking the transfer is instant. That way you could only ever lose whats on the card in a worse case scenario.
Depending on the card the bank will mostly reverse the transactions if reported.
1 like
Level 65
@phildawson I agree, if you're that worried, you'd have multiple cards or maybe even pre-paid cards to use online...
Level 36
I do not see that ooption to pay with Paypal.
write a mail to JW - at the footer -> Related -> Customer support
and Jeffrey will provide you with his PP details
1 like
Level 1
@phildawson i have to see if i can use that option of top up credit card here in UK, once i am leaving here but i am a Portuguese Citizen.
@frezno thanks for the tip ;)
Level 10
I've experience working with Stripe and Laravel. The card information never touches our server. Instead, Stripe takes care of it. (https://laracasts.com/series/billing-with-stripe). All we get is a response with some basic information back to our server such as last4, brand, funding, exp-month, exp-year etc... They never share the full credit card information with us. If Laracast wants to make a subscription payment, they have the card_id (given by Stripe) and customer_id (by Stripe) to request a payment to Stripe. And most importantly, as @bashy mentioned, a name attribute has to be present to touch the data on servers.
Level 9
To expand on how the Stripe setup works.
When you click the submit button, the Stripe javascript library stops the form submission, and sends the credit card details to Stripe. Stripe returns token (a unique ID for your card tied to the Laracasts Stripe account) to the form and then lets the original form submission proceed without the CC data, but with the token from Stripe.
Please or to participate in this conversation.