DispatchCommit
commented
3 years ago For braintree, refer to the following:
- https://articles.braintreepayments.com/risk-and-security/compliance/pci-compliance
- https://articles.braintreepayments.com/control-panel/vault/card-verification#enabling-card-verification
For stripe, refer to the following:
I don't see where or how it's authenticated
All information is captured, processed, and verified on the 3rd party PCI complaint servers. At no point does any of our codebase interact with the payment details. Because our systems don't ever touch the card information (and they shouldn't), we don't have access to it. Instead, we tell the other services that we want to accept a payment for a certain amount. That then allows us to insert a form from their service onto the site associated to that payment intention. After the intention is completed and payment sent by the user to the processor, their service will "ping" / send a notification to ours indicating if it was successful or not. Based on that response, we update accordingly and show the relevant UI to the response.
In particular, it may be worth looking at braintree's hosted fields: https://developers.braintreepayments.com/start/hosted-fields
I'm working with the code and I can see, quite clearly that you're using braintree and stripe for payments... but I don't see where or how it's authenticated... can You please advise?