jonah-card-pci | Stripe Developers | Page 1

ornate lanceBOT Mar 21, 2023, 8:20 PM

#

vocal slate Mar 21, 2023, 8:22 PM

#

Option 1 can be achieved by grandfathering in your existing "trusted" customer via metadata (eg metadata[legacy_no_zip]=trusted or similar) then writing a radar rule exception that examines metadata

#

https://stripe.com/docs/radar/rules/reference#metadata-attributes

small jetty Mar 21, 2023, 8:30 PM

#

Ty @vocal slate . And to be clear, such custom rules to require Radar for Teams, correct? Or can they be achieved with Basic Radar?

vocal slate Mar 21, 2023, 8:31 PM

#

I believe they do require Radar for Teams, yes

small jetty Mar 21, 2023, 8:35 PM

#

And re: the 2nd option, if we do want to start updating existing users to incude zips, is it possible to collect that info ourselves in bespoke UI, and then update an existing stripe profile with it, via Stripe API? Or would there be any kind of PCI/compliance issue around that?

vocal slate Mar 21, 2023, 8:42 PM

#

If you did collect the postal code / zip you could update it on the payment method billing details: https://stripe.com/docs/api/payment_methods/update#update_payment_method-billing_details-address-postal_code

#

(or card https://stripe.com/docs/api/cards/update#update_card-address_zip )

#

Postal code alone is not a PCI scope value, but you need to determine any other PII compliance rules for your business:
https://stripe.com/docs/security/guide#out-of-scope-card-data

ornate lanceBOT Mar 21, 2023, 8:44 PM

#

small jetty Mar 21, 2023, 8:44 PM

#

Great, thanks again.

#jonah-card-pci