zlacker

[parent] [thread] 2 comments
1. Nextgr+(OP)[view] [source] 2020-04-21 18:36:34
I think that you will be on the hook for PCI compliance if card data touches your server, while with Stripe.js your server never sees the card data. Of course, it's extremely stupid, because your server is still the one serving the original page and can change it to silently exfiltrate the card details if it gets compromised.
replies(1): >>skoski+j7
2. skoski+j7[view] [source] 2020-04-21 19:19:15
>>Nextgr+(OP)
I mean, if your server is compromised, you are completely screwed, no matter what services you do or don’t use.
replies(1): >>Wowfun+2e
◧◩
3. Wowfun+2e[view] [source] [discussion] 2020-04-21 20:08:18
>>skoski+j7
I believe the point was, if your server is compromised but you're using stripe.js, you're not legally on the hook for exposing CC details, even though they definitely could have been exposed.

(I have no idea if this is even true, this was just my reading.)

[go to top]