Not sure I get the distinction, is the CC # stored in the cartridge DB or not using the Cartridge handler? If not, as Ken indicates, I'm not sure I understand the distinction you are making?
On Wednesday, February 26, 2014 1:14:29 PM UTC-6, Josh Cartmell wrote: > > Ken is exactly correct. > > My comment was that the way Stripe encourages you to use them is through > their checkout javascript which sends the CC info to Stripe's servers and > returns a token that your server can use to create the charge. Their > checkout form doesn't include a name attribute on the CC fields so they > aren't posted to your server and at least theoretically PCI compliance is > not your problem. > > The way the cartridge handler works is the CC info is posted to the server > and then sent to Stripe using Stripe's API. The CC info is never saved to > the database or anywhere else, it is just a question of whether your server > ever even sees the CC details or not. > > > On Wed, Feb 26, 2014 at 10:58 AM, Ken Bolton <[email protected]<javascript:> > > wrote: > >> On Wed, Feb 26, 2014 at 1:35 PM, Tom Brander <[email protected]<javascript:> >> > wrote: >> >>> Ahh thanks! I agree, don't want exposure of keeping CC #'s! >>> >> >> Cartridge does not store credit card data in any of the payment handlers. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Mezzanine Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> For more options, visit https://groups.google.com/groups/opt_out. >> > > -- You received this message because you are subscribed to the Google Groups "Mezzanine Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
