Hello all, I'm looking into using stripe.com as a payment processor for web2py. It looks like web2py provides a nice and easy way for this, but I am a bit worried about pci compliance.
On this site shows an example: http://web2py.com/books/default/chapter/29/14#Stripe.com But no where on the site does it say whether it is pci compliant or not. I would rather not have my server handle any of the customer credit card data. Stripe does provide a nifty stripe.js which enables us to not touch any of that data, but then the form creation and submission will be handled entirely by javascript and not by web2py's nice library. I guess in particular, if I do it just using stripe.js, I don't have to give the form input tags any name. That way, web2py can never grab the data from the dictionary(since I don't know the name of the input tag) that is returned and so the server will never actually touch the data. However, the example link on web2py seems to indicate that this naming is necessary in order to pass the data to the stripe.charge() (since we have to grab the data somehow from the form and feed it to the stripe.charge()). This suggests that the server has the ability to access that data. Could someone clarify this issue? Many thanks! --
