Best practice to get card input from user

[HardikDG]

In the Stripe Web SDK, they are suggesting to use their elements only to take input from the user due to security. For an app how should we take input from the user, as SDK only provides the method to call Stripe SDK, no option for input

Is everyone using just using the normal input for this?

[ihadeed]

Stripe's mobile SDK contains an alternative to elements, but it's not officially supported by this plugin yet. I did some experimenting but still haven't added a way to configure the forms provided by Stripe SDK.

---

The following info is just my opinion and isn't based on any official information provided by Stripe:

Stripe Elements serves two main purposes: (1) making it easy to collect payment info from your customers (no need to build your own forms) and (2) keeping the collected information secure.

Elements renders an iframe that contains a form input (or a set of inputs) to collect sensitive information and send it directly to Stripe. This reduces the chances of data leaks caused by your own code or 3rd party scripts that are used on your website/app. Essentially it ensures that any data is sent directly to Stripe's servers without being exposed or saved anywhere else.

IIRC you can find relevant info in their security guide and other PCI compliance related pages: https://stripe.com/docs/security/guide

---

My personal recommendation for collecting card info from users:

• avoid using external 3rd party scripts on the same page/app unless you fully trust them
• handle every possible error on that page and avoid printing form values to console. Error logs, crash reports, and third-party error/crash reporting services might expose sensitive information due to an error. The exposed info could end up in app logs, phone logs, or external error reporting services (GCP, Sentry, Rollbar..etc)

For paranoid people:

• when binding form input(s) to a variable(s) in memory, clear the data after sending it to make sure you don't save/send it elsewhere by mistake
• clear any locally saved data (unsubmitted forms, redux state..etc) after some time, in case a user enters their CC info, leaves their phone unattended, and someone else gains access to it

---

Alternatives:

• use the official Stripe JS with Elements instead of using this plugin
• or, install their Mobile SDK manually and create dedicated view/activity to collect information using Stripe's mobile UI elements

[stefanotauriello]

How can be used Stripe Elements in Capacitor? I receive https error requirement