funkthat | Stripe Developers | Page 1

low basaltBOT Dec 18, 2023, 5:31 AM

#

Hello! We'll be with you shortly. Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.

funkthat-addresselement, 3 days ago, 22 messages

spice geyser Dec 18, 2023, 5:31 AM

#

how can I get approved to have my account be able to send new payment methods via the api?
Could you elaborate on this part? Do you collect or not collect the customer card details and what do you send specifically?

bleak kettle Dec 18, 2023, 5:34 AM

#

Sure, when attempting to create a new payment method using the payment method api and pushing through card details that we are capturing from the user - I am met with this message:

"Stripe API error: Sending credit card numbers directly to the Stripe API is generally unsafe. We suggest you use test tokens that map to the test card you are using, see https://stripe.com/docs/testing. To enable raw card data APIs in test mode, see https://support.stripe.com/questions/enabling-access-to-raw-card-data-apis."

#

I have dropped an email however, I wasn't sure if there was another way around this without waiting for a support response via email - generally I find that email support is very slow.

spice geyser Dec 18, 2023, 5:36 AM

#

So you actually send the card number, and you are confident with PCI Compliance?

bleak kettle Dec 18, 2023, 5:37 AM

#

An FYI, we do not store anything on our servers, the server/site is simply a proxy to the stripe api

spice geyser Dec 18, 2023, 5:38 AM

#

But at the moment you are "pushing through card details that we are capturing from the user" you already have the card details on your server

#

That means you'll need to be PCI Compliance

bleak kettle Dec 18, 2023, 5:40 AM

#

Yes, but we are not storing or logging any of this data, it's just passing proxying. So in order for this to pass, regardless if we have the stripe PCI script attached to the page, that is not enough for compliance, is that correct?

spice geyser Dec 18, 2023, 5:43 AM

#

Regardless of storing or logging, if the data ever touches your server then it's considered your need to be PCI Compliance.

bleak kettle Dec 18, 2023, 5:44 AM

#

Gotcha, understood. Thanks for that.

spice geyser Dec 18, 2023, 5:44 AM

#

I would really recommend against letting that happen in the first place, unless you are ready for PCI Compliance

bleak kettle Dec 18, 2023, 5:44 AM

#

So you would suggest just using prebuild elements for adding new payment methods then?

spice geyser Dec 18, 2023, 5:47 AM

#

Yep!

#

Here for details https://stripe.com/docs/security/guide#validating-pci-compliance

Integration security guide

Ensure PCI compliance and secure customer-server communications.

#funkthat