Ken is exactly correct. My comment was that the way Stripe encourages you to use them is through their checkout javascript which sends the CC info to Stripe's servers and returns a token that your server can use to create the charge. Their checkout form doesn't include a name attribute on the CC fields so they aren't posted to your server and at least theoretically PCI compliance is not your problem.
The way the cartridge handler works is the CC info is posted to the server and then sent to Stripe using Stripe's API. The CC info is never saved to the database or anywhere else, it is just a question of whether your server ever even sees the CC details or not. On Wed, Feb 26, 2014 at 10:58 AM, Ken Bolton <[email protected]> wrote: > On Wed, Feb 26, 2014 at 1:35 PM, Tom Brander <[email protected]> wrote: > >> Ahh thanks! I agree, don't want exposure of keeping CC #'s! >> > > Cartridge does not store credit card data in any of the payment handlers. > > -- > You received this message because you are subscribed to the Google Groups > "Mezzanine Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "Mezzanine Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
