#Dragos - appssemble- payment methods

👋 happy to help

what are you using for your mobile development?

native - iOS and Android and the Stripe SDKs

We've looked on how your prebuilt UIs are using the APIs and as far as we're aware you are using createPaymentMethod. But your documentation states that creating a source would be better for future proofing

in that case you could take a look at this documentation for iOS https://stripe.com/docs/payments/save-and-reuse?platform=ios&ui=payment-sheet

and this for android https://stripe.com/docs/payments/save-and-reuse?platform=android&ui=payment-sheet

we don't want to use you prebuilt UIs (payment sheets)

is there anyway around this

?

In that case you would have to build your own and you would face PCI compliance Issues

why is that?

we are building our own UI, but we are not sure what APIs to use, that's why I asked ...

I understand your question. But if you're going to build your own UI for collecting payment methods you would need to be PCI compliant, which is something that we already do for you if you use our PaymentSheet

being PCI compliant is really important when it comes to regulations for Online Payments

I get that, but our business flows require a different UI. In terms of PCI compliance, I'm not sure I follow, why is our method a problem, if we are using the exact same APIs, you are in the SDKs?

We are not storing any card details ourselves, we use your API for tokenizing the card (creating a payment method), that payment method ID will then get passed to the backend to attach it to a customer

the PCI compliance isn't just about the APIs but also the FrontEnd controls you're using

the payment method ID its not sensitive information

in your case the Mobile Form you want to use

You could use SetupIntent with the PaymentSheet to achieve the same thing you described

but we are locked in in using your UI -- which we don't want

there isn't any way around this?

would having only the card element be a good solution for you?

something like this? https://stripe.com/docs/payments/accept-a-payment?platform=ios&ui=custom

not really... but if that't the only way...

ideally we would want our own branding and style on this

but even if we use this, we still get STPPaymentMethodParams from it, which is something we can create using our own UI

you can use your own UI as far as I know, sure.

I'm unclear on the PCI perspective, ultimately that's something you need your own advice for. My understanding was that from Stripe's perspective, we don't know what you're using(all we see are API requests coming from our mobile SDK since you'd use it to call STPPaymentHandler.confirmPayment etc) so as far as we're concerned, we can give you a SAQ A.

okey, but in terms of using the APIs, can you advice what to use to save a card, so that we can use it in the future?

are you charging as well at the same time it's being entered, or just having the customer enter it now and will charge it later?

charge it later

then it's SetupIntents (https://stripe.com/docs/payments/save-and-reuse-cards-only?platform=ios // STPPaymentHandler.confirmSetup)