How to get credit card details from users


#1

Hello,

In https://moltin.com/quick-start/js/ I see the following code:

Moltin.Orders.Payment(order.id, {
    gateway: 'stripe',
    method: 'purchase',
    first_name: 'John',
    last_name: 'Doe',
    number: '4242424242424242',
    month: '02',
    year: '2020',
    verification_value: '123'
  });

I wanted to ask if it is safe to get credit card information through a simple form on the front-end, in order to process the payment as above.

Thanks


#2

Hi @alexandros_pi

You should be fine to send the details as long as the method is a POST over HTTPS to ensure the data is encrypted as it goes over the wire. This will prevent man in the middle attacks and stop would be hackers intercepting an unencrypted packet. You will also need to ensure the form is properly validated to prevent any javascript being injected into the form.

However, the preferred method (and more secure, Stripe strongly discourage non-token payments) is to get a token from Stripe and then pass that to us to complete the transaction.

Going forward we will be looking to update our quickstart example to match current best practices.


https://docs.moltin.com/payments/paying-for-an-order/stripe-payments