CVC Interface method

[adkenyon]

Is your feature request related to a problem? Please describe. We're building a security feature in our app where we require members to re-enter the CVC of chosen payment method. The React Native Stripe SDK provides a method to tokenize the CVC value programmatically. The issue we're running into is that our code will have direct access to the CVC value the user inputs. To our knowledge, this requires us to conform to a higher level of PCI compliance.

When Stripe released their React Native SDK (rather than relying on tipsi-stripe) the method allowing programmatic credit card entry was removed in favor of a Stripe SDK interface. Our understaning was that removing this method was to better conform to PCI standards and prevent developers/scripts from directly accessing the CC information. The CVC methods don't provide an interface method so we are left to programmatically collect the CVC and tokenize it via the SDK method. With our code having direct access to the CVC number we're concerned about PCI compliance. Perhaps having visibility to the CVC isn't an issue?

Describe the solution you'd like An interface to tokenize the CVC value

Describe alternatives you've considered Creating a custom interface so members can input the CVC and use the SDK to tokenize the CVC programmatically

Additional context I'm not a PCI expert.

[charliecruzan-stripe]

Hi, we've gotten this request elsewhere and have it in our backlog to work on :) thanks for the ticket!

[tthongprasert]

Hi @charliecruzan-stripe does this also mean you guys are working on exposing the CVC of CardField when enabling dangerouslyGetFullCardDetails?

In my scenario, I would like to confirmSetupIntent to process the 3D secure authentication and I also need to add a payment method that requires the credit card details like card number, expiry, and cvv to Chargebee which is another payment gateway. But I couldn't do that since the CardField doesn't provide CVC data. I can only be able to process the 3D secure authentication when I'm using the CardField to collect credit card details

Question: Is it possible to get the CVC data from CardField? Or any suggestions?

Thank You in Advance

[charliecruzan-stripe]

Is it possible to get the CVC data from CardField?

Yes, this was added in 0.9.0

[tthongprasert]

Thanks @charliecruzan-stripe Is it still be in 0.18.0? I am currently using "@stripe/stripe-react-native": "0.18.1"

I logged the card details from onCardChange and I always got this

[charliecruzan-stripe]

It is still in that version, yes, I just tested on both android and iOS. If you're using Expo then make sure you're using expo install to get the right version.

[tthongprasert]

That's right. I'm using React Native Expo. I've just tried to install using expo install and the version was changed to "@stripe/stripe-react-native": "0.6.1". Does this mean it is the right version for Expo?

Question: Am I able to use the version 0.9.0 or above? I also tried to change the version to 0.9.0 and 0.18.1 but they both don't work for me. I still get the cvc: ""

[charliecruzan-stripe]

That's because you cannot use those versions, you have to use the version installed by Expo. If you'd like to update it, you need to update your Expo SDK

[tthongprasert]

One more question... I'm using Expo SDK v45 and the latest one is v46. Does Expo SDK v46 support "@stripe/stripe-react-native": "0.9.0" and above?

[tthongprasert]

Hey @charliecruzan-stripe I've tried updating Expo SDK and it worked!

Thanks for your quick response and that's very helpful.

[micahcharlesbrown]

@charliecruzan-stripe - any updates on the original feature request? I see we're able to do this in stripe.js by using stripe elements and creating a cardCVC element. There doesn't seem to be an equivalent for native applications. Same concerns as the original user around our code having direct access to the CVC