我可以在Stripe上存储Stripe的cardID并保持PCI兼容性吗? [英] Can I store a cardID from Stripe on Parse and remain PCI compliant?
问题描述
我有一个使用Parse作为后端的应用程序,并且具有Stripe集成.在Parse上,我将Stripe客户ID存储在我的User类上,并且我有一个自定义类,该类具有与之关联的费用令牌,以便客户可以创建服务请求,并且当提供者接受并满足该请求时,他们可以将费用发送到他们的收件人ID.
I have an app that uses Parse as its backend, and has Stripe integration. On Parse, I store a Stripe customer id on my User class, and I have a custom class that has a charge token associated with it, so that a customer can create a service request, and when a provider accepts and fulfills that request, they can have the charge be sent to their recipient id.
用户可以取消服务请求,或者提供者可以显示该用户的财产,并发现该财产由于各种原因而无法使用.在这种情况下,我们需要向用户收取取消费.
A user could cancel the service request, or a provider could show up to the user's property and find that the property is unserviceable for various reasons. In this event, we have a cancellation fee that the users are charged.
我想确保,如果要收取取消费,则该费用将从用户用来请求服务的同一张卡中收取.我注意到,当我从客户ID中提取所有卡时,它们总是以相同的顺序显示,但是当我添加卡时,它并不总是将其添加到获取时返回的数组的末尾牌.因此,如果我只存储卡的索引,则用户可以添加一张新卡,并且该卡可能会取代为该服务收费的卡.如果我根据索引收取了取消卡的费用,则可能会收取不正确的卡费用.将包含用于创建收费令牌的cardID存储在包含有关服务信息的Parse对象上是否符合PCI,所以当我调用函数创建取消费用时,我要对同一张卡进行收费吗?
I want to make sure that if the cancellation fee is charged, it gets charged to the same card that the user used to request the service. I noticed that when I fetch all of the cards from a customer id, they always show up in the same order, but when I add a card, it doesn't always add it to the end of the array that gets returned when I fetch cards. So, if I just stored the index of the card, a user could add a new card, and it would possibly take the place of the one that was being charged for the service. If I charged a card based on the index for a cancellation, it could charge the incorrect card. Would it be PCI compliant to store the cardID used to create the charge token on the Parse object that contains information about the service, so when I call my functions to create cancellation charges, I'm charging the same card?
感谢任何可以提供此信息的人.
Thanks for anyone who can provide some information on this.
推荐答案
您要避免处理的唯一敏感数据是客户的信用卡号和CVC;除此之外,我们欢迎您将其他任何信息存储在本地计算机上.
The only sensitive data that you want to avoid handling is your customers' credit card number and CVC; other than that, you're welcome to store any other information on your local machines.
作为一个好的规则,您可以存储我们的API返回的所有内容.特别是,存储客户卡号的后四位数字或有效日期以方便参考不会有任何问题.
As a good rule, you can store anything returned by our API. In particular, you would not have any issues storing the last four digits of your customer's card number or the expiration date for easy reference.
这篇关于我可以在Stripe上存储Stripe的cardID并保持PCI兼容性吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
