#chris_paymentintent-rawpans

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1242162500279996426

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Hi 👋

You do not provide card numbers or CVV when creating a Payment Intent

I've attached an image of my code

OK where do I supply the credit card number

1. Are you fully PCI compliant?

Handling raw card numbers comes with a very high compliance burden

Yes. This is a desktop application used by our CSRs

What kind of framework are you building?

Sorry, what tools are you using to build your desktop app?

Stripe would be replacing our existing CyberSource API.

The CyberSource API accepts credit card numbers, CVV, and so on for charging customers.

C#

C#? So .NET?

yes.

I have already added the Stripe.net package using NuGet

chris_paymentintent-rawpans

@hushed shale Accepting raw card details this way comes with a way higher PCI compliance requirement and it's something you need to be approved to do. The stripe-dotnet SDK is designed for server-side API requests made with your Secret API key and should not be used for client-side calls either. We won't really be able to help you with your ask if you go down that path.

?

server-side is fine,

I'm just not seeing a place to provide the credit card number and CVV.

this is pretty basic stuff. PayU, CyberSource, NAB all provide this.

we do not use client-side javascript for any payment processing.

Even the website is using .NET web forms and the payment is processed by server-side code.

we have a PCI compliant environment and are audited annually.

Yes and to do this server-side you need approval first, it's not supported by default because many developers will incorrectly use this and end up putting their entire business at risk.
Assuming you have all the right levels of PCI compliance you would talk to our support team for help and they would also explain how to pass the information in the API

The call looks like this curl https://api.stripe.com/v1/payment_intents \ -u sk_test_XXXXX: \ -d amount=1000 \ -d currency=usd \ -d confirm=true \ -d payment_method_types[]=card \ -d payment_method_data[type]=card \ -d payment_method_data[card][number]=4242424242424242 \ -d payment_method_data[card][exp_month]=12 \ -d payment_method_data[card][exp_year]=2026 \ -d payment_method_data[card][cvc]=123 \ -d payment_method_data[billing_details][name]=name \ -d payment_method_data[billing_details][address][line1]=line1 \ -d payment_method_data[billing_details][address][city]=city \ -d payment_method_data[billing_details][address][postal_code]=90210 \ -d payment_method_data[billing_details][address][state]=CA \ -d payment_method_data[billing_details][address][country]=US but if you're not approved it will fail

ok so we need to go through our account rep to turn this on?

if it's not turned on yet yes. You can try that curl command on your account and see if you get an error or not in Test mode

ok thanks. Also where should we put our merchant reference order number?

we'll need that in any back-end reports we run from the stripe dashboard for accounting to do reconciliation.

Use metadata: https://docs.stripe.com/metadata

ok thanks!