Stripe Passing Credit Card Information and Confirmation
I am following Rails Bates' Railscast when submitting payments to Stripe. It removes the credit card information name attribute so that no credit card information is sent to the server, just to go through the ajax call.
This doesn't work well with jQuery validation as it requires the name attribute.
Finally, I decided to revert to using the name attribute, but set it to null in the Stripe callback.
My question is whether this is still a good, safe practice.
source to share
We recommend that you do not put name attributes on form fields, so you can be sure that inputs are never sent to your server. This can happen, for example, if there is a JavaScript error in your client code that captures the form submit event.
Having said that, this is just a precaution, not a requirement.
source to share
Apjax is not recommended for getting information about PCI payments. I have been doing quite a lot of ant card processing, the best way to proceed is:
- make sure the page is on SSL connection (HTTPS)
- use regular form POST method
- make sure your server settings are PCI compliant.
- never store card data
you can read more about PCI compliance here: http://www.cisco.com/en/US/netsol/ns625/index.html
Please note that if you follow the proper PCI compliance requirements, the company that processes the card data will have no PCI compliance issues. Many banks have already begun to force their customers to comply with PCI requirements as needed.
source to share