I do not know if it is PCI compliant. The provided code requires that your application handles (although not stores) credit card info.
Massimo On Sunday, 13 January 2013 12:16:44 UTC-6, Ragtime AllTime wrote: > > Hello all, I'm looking into using stripe.com as a payment processor for > web2py. It looks like web2py provides a nice and easy way for this, but I > am a bit worried about pci compliance. > > On this site shows an example: > http://web2py.com/books/default/chapter/29/14#Stripe.com > > But no where on the site does it say whether it is pci compliant or not. I > would rather not have my server handle any of the customer credit card > data. Stripe does provide a nifty stripe.js which enables us to not touch > any of that data, but then the form creation and submission will be handled > entirely by javascript and not by web2py's nice library. > > I guess in particular, if I do it just using stripe.js, I don't have to > give the form input tags any name. That way, web2py can never grab the data > from the dictionary(since I don't know the name of the input tag) that is > returned and so the server will never actually touch the data. However, the > example link on web2py seems to indicate that this naming is necessary in > order to pass the data to the stripe.charge() (since we have to grab the > data somehow from the form and feed it to the stripe.charge()). This > suggests that the server has the ability to access that data. > > Could someone clarify this issue? Many thanks! > --