Hey Tom, in no case is the CC info ever saved to the database. The distinction is whether your server ever even sees the CC info.
In Stripe's default use case your server is never sent the CC info, instead Stripe takes the CC info and provides a token that allows your server to create a charge using the Stripe API. The cartridge Stripe handler, on the other hand, does take the CC info and then submits it directly to the Stripe API. Here is Stripe's description of their security (using their default js implementation, not the cartridge handler) https://stripe.com/us/features#seamless-security On Wed, Feb 26, 2014 at 11:28 AM, Tom Brander <[email protected]> wrote: > Not sure I get the distinction, is the CC # stored in the cartridge DB or > not using the Cartridge handler? If not, as Ken indicates, I'm not sure I > understand the distinction you are making? > > > On Wednesday, February 26, 2014 1:14:29 PM UTC-6, Josh Cartmell wrote: > >> Ken is exactly correct. >> >> My comment was that the way Stripe encourages you to use them is through >> their checkout javascript which sends the CC info to Stripe's servers and >> returns a token that your server can use to create the charge. Their >> checkout form doesn't include a name attribute on the CC fields so they >> aren't posted to your server and at least theoretically PCI compliance is >> not your problem. >> >> The way the cartridge handler works is the CC info is posted to the >> server and then sent to Stripe using Stripe's API. The CC info is never >> saved to the database or anywhere else, it is just a question of whether >> your server ever even sees the CC details or not. >> >> >> On Wed, Feb 26, 2014 at 10:58 AM, Ken Bolton <[email protected]> wrote: >> >>> On Wed, Feb 26, 2014 at 1:35 PM, Tom Brander <[email protected]> wrote: >>> >>>> Ahh thanks! I agree, don't want exposure of keeping CC #'s! >>>> >>> >>> Cartridge does not store credit card data in any of the payment >>> handlers. >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Mezzanine Users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> >>> For more options, visit https://groups.google.com/groups/opt_out. >>> >> >> -- > You received this message because you are subscribed to the Google Groups > "Mezzanine Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "Mezzanine Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
