ihadeed
commented
6 years ago You can maintain PCI compliance as long as you don't manipulate, log, or store the collected data.
Any credit card or bank account information is transmitted directly to the native Android/iOS SDKs and then securely uploaded to Stripe's servers.
More information can be found here: https://stripe.com/docs/security
Since this plugin currently doesn't offer a UI to input that data, you just need to ensure that your forms are secure and they aren't outputting any information to console, log files, analytics services... etc.
My plan was to introduce the UI features after releasing a stable v2 (see the v2 branch). If you manage to integrate the Stripe SDK UI elements, it would be highly appreciated if you could submit a PR :)
glen-wooldridge
Hi, I'm just about to start developing payment subsystems in my Ionic 3 app and due to stripe.js refusing (for obvious reasons) to work for production workloads that are not protected by https, that kinda vetoes me using this easy route :(
Using stripe.js with its elements features would have given me a pre-filled SAQ A level of compliance... of course this cordova plugin requires me to build my own UI to harvest card details - so, any idea what level of compliance I'm now looking at?
I'm just trying to decide if building my own UI or forking this repo and trying to figure out how adding support for mobile SDK elements across ios, android & web stacks up!
Cheers!