dipak2726 | Stripe Developers | Page 1

burnt tapirBOT Feb 16, 2023, 9:07 AM

#

zinc escarp Feb 16, 2023, 9:07 AM

#

hi! what's your specific question?

lavish lily Feb 16, 2023, 9:15 AM

#

we have an app with custom UI for credit card details collection,
we are backend which process the payment with stripe api,
we dont want any kind of verification for transaction,

we want to list the cards and show them to users

#

we are storing details on stripe and showing listing to users that these are your saved cards,
now we dont want user to add same card multiple but we are not able to distinguish between two cards saved in stripe

zinc escarp Feb 16, 2023, 9:23 AM

#

with custom UI for credit card details collection,
why don't you use Elements/Checkout instead?

#

we dont want any kind of verification for transaction,
not sure what that means!
we want to list the cards and show them to users
makes sense
now we dont want user to add same card multiple but we are not able to distinguish between two cards saved in stripe
you can check the fingerprint of card/PaymentMethod objects to identify duplicates : https://stripe.com/docs/api/payment_methods/object#payment_method_object-card-fingerprint

lavish lily Feb 16, 2023, 9:37 AM

#

thank you

lavish lily Feb 16, 2023, 9:53 AM

#

why don't you use Elements/Checkout instead?
we have section like my payment methods where we collect user details without cvc and store to stripe,
at time of actual order we ask to select one of stored and provider cvc,

#

its preference that we want custom

zinc escarp Feb 16, 2023, 9:54 AM

#

fair enough, but by doing that you create the requirement for your company to be PCI audited

lavish lily Feb 16, 2023, 9:55 AM

#

can you give details regarding that audit ?

zinc escarp Feb 16, 2023, 9:55 AM

#

you can just use Elements to collect card details and https://stripe.com/docs/api/payment_methods/customer_list to list details of saved cards to populate an UI, and never have to touch raw card details

zinc escarp Feb 16, 2023, 9:55 AM

#

lavish lily can you give details regarding that audit ?

https://stripe.com/docs/security/guide#validating-pci-compliance under "API Direct", or ask your company's PCI compliance officer

lavish lily Feb 16, 2023, 9:57 AM

#

one more thing,
we are passing raw card to our BE and and our BE create paymentmethod to stripe,

is this violates anything ?

zinc escarp Feb 16, 2023, 9:59 AM

#

depends what you mean by "violate"

#

it is highly not recommended, and it results in the requirement to complete a SAQ D audit every year and submit that to Stripe as documented above. So it's not a way to use Stripe that we recommend for 99% of users

#

but technically you can do it if that's your business's choice

lavish lily Feb 16, 2023, 10:00 AM

#

ok,thank you

#

we are also collecting bank details with custom UI,
does this will require anything

zinc escarp Feb 16, 2023, 10:15 AM

#

PCI regulations only apply to credit card details

#dipak2726