özgür-subscriptions | Stripe Developers | Page 1

gentle hamlet Oct 6, 2021, 12:52 PM

#

@jaunty lintel hi! well ideally you would change your flow to not do that, and instead operate the way in the documentation(create an incomplete subscription on the server ,return back the PaymentIntent to the frontend, and have the frontend call confirmCardPayment which will collect the card details, do 3D Secure if required, charge the card, and activate the subscription).

#

can you say more about how exactly you collect the card details right now?

jaunty lintel Oct 6, 2021, 12:55 PM

#

const paymentMethod = await this.stripe.paymentMethods.create({
            type: 'card',
            card: {
              exp_month: subscription.paymentCard.expireMonth,
              exp_year: subscription.paymentCard.expireYear,
              number: subscription.paymentCard.cardNumber,
              cvc: subscription.paymentCard.cvc
            }
          });

#

we send card object to server

gentle hamlet Oct 6, 2021, 12:55 PM

#

ok so you pass raw credit card numbers from your backend Node.js server?

#

are you PCI compliant? https://stripe.com/docs/security/guide#validating-pci-compliance under API Direct, you need to submit a SAQ D(https://www.pcisecuritystandards.org/documents/PCI-DSS-v3_2_1-SAQ-D_Merchant.pdf) annually if you process that way).

jaunty lintel Oct 6, 2021, 12:57 PM

#

previous dev implemented in that way but as a downside we cant use 3d secure

#

so I try to migrate to the doc I send

gentle hamlet Oct 6, 2021, 12:59 PM

#

I'd start by making sure you understand the PCI implications of sending raw cards that way first before building more code on this base.
Overall you should maybe start somewhat fresh with those guides so you do use Elements, or just use Checkout, it's much easier! (https://stripe.com/docs/billing/subscriptions/checkout)

#özgür-subscriptions