stackoom
  简体   繁体   中英

Displaying Credit Cards on User Profile

 原文  2021-06-10 03:55:08       payment-gateway/ pci-compliance

Question

I'm having a problem understanding this concept. I'm using a payment gateway, and I'm not storing the credit card details anywhere. I get the payment information by using hosted payment fields. I want to add a place on the user's profile where they can view their card type, and expiration date.

I'm not storing this data, so the only way I'd be able to get the credit card details would be calling the payment gateway. As far as I know sending credit card details from client to server normally goes against PCI compliance standards. In that case I don't really understand the concept of calling the payment gateway api to get the card data from the client side. How do I go about getting the card data on file, and then allowing the users to view it in a location that isn't within a transaction space?

1 answers

solution1
 1  2021-06-11 01:34:27

PCI DSS 3.2.1 says this about credit card data on page 7:

The primary account number is the defining factor for cardholder data. If cardholder name, service code, and/or expiration date are stored, processed or transmitted with the PAN , or are otherwise present in the cardholder data environment (CDE), they must be protected in accordance with applicable PCI DSS requirements.

It's widely accepted that expiration dates on their own are acceptable and will not impact your eligibility to certify your PCI compliance using SAQ-A - the easiest and most favorable way to certify PCI compliance.

I imagine most payment gateways will allow you to access the expiration dates for cards after tokenizing the data - which I suspect you're already doing. Stripe seems to return this data with their tokens : 

{
  "id": "tok_1J0xWb2eZvKYlo2C7vnTp9Kg",
  "object": "token",
  "card": {
    "id": "card_1J0xWb2eZvKYlo2C0LX2vblH",
    "object": "card",
    "address_city": null,
    "address_country": null,
    "address_line1": null,
    "address_line1_check": null,
    "address_line2": null,
    "address_state": null,
    "address_zip": null,
    "address_zip_check": null,
    "brand": "Visa",
    "country": "US",
    "cvc_check": "pass",
    "dynamic_last4": null,
    "exp_month": 8,
    "exp_year": 2022,
    "fingerprint": "Xt5EWLLDS7FJjR1c",
    "funding": "credit",
    "last4": "4242",
    "metadata": {},
    "name": null,
    "tokenization_method": null
  },
  "client_ip": null,
  "created": 1623368581,
  "livemode": false,
  "type": "card",
  "used": false
}

The specifics will vary depending on your payment gateway.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question PayPal payment with credit cards How to get a list of Customer credit cards in braintree Verifying credit cards (creditcardcheck) on Payone with Python How to take credit cards online for future payments? Credit cards are always declined by Realex Payments How to block fraud credit / debit cards? Payment Gateway does not provide test credit cards for developers Can Google Wallet charge credit cards via Server Side code? Virtual credit cards - what info is passed? How and what can I store? How can I make payment using credit/debit cards using PayPal payment gateway in Node.js?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM