#tsahnar_api

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1220069334563684374

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Is there a way to mask the info that is sent in the payload of the setup intent confirm?

As mentioned, this is currently in plain text

Any info would help here if this can be a security issue. According to one of our customers it might be, and we were wondering if there is any way to encrypt / mask this plain text

Hi, yeah what you're seeing is expected. That card number is only surfaced on the browser the user is inputting their card number. This is how Stripe attains the card data.

And this is not a a possible security issue? No way of masking this info in the nwtwork request?

That it right - the person inputting the card number is the person who can see this. There is not way

Ok thx. Is there a place in the docs that I can send the customer to - just to make him clear about compliance and that this by no means can be an issue?

I do not think there is. If you have quesitons on the compliance side, please reach out to out support team. Our support team will be able to assist you better than I can: https://support.stripe.com/contact