0

I am integrating my app with Stripe. I understand that when collecting card information I can't save credit card number, CVC, expiry and zip on my server. For collecting these information Stripes suggests to add:

<div id="card-element">
  <!-- A Stripe Element will be inserted here. -->
</div>

And then use:

var style = {};
var card = elements.create('card', {style: style});
card.mount('#card-element');

However, for the name on the card I see everywhere people use plane input to collect this information.

Does this mean that I am permitted to save the name on the card on my own database or there is a similar approach (i.e card.mount) to collect the name?

Thanks for your help. Behdad.

1 Answers1

0

PCI rules do not prevent you from storing this information. Anything that the Stripe API returns is safe to safe in your database as covered [here].1 Obviously this is still sensitive information about your customer so you want to make sure you store it securely.

If you are collecting the cardholder's name with Stripe.js, make sure to also pass the information on token creation so that it is saved in Stripe and sent to the bank on all transactions.

You can see a live example here but the code looks like this: 

var card_name = document.getElementById('card_name').value;
stripe.createToken(card, {name: card_name}).then(setOutcome);
koopajah
  • 23,792
  • 9
  • 78
  • 104
  • Thank you so much. Yes, I collect that and I pass it to Stripe. I wasn't sure if I can store or not. It is good to know. If I decide to keep it, I probably encrypt it. Thanks again. –  May 06 '18 at 14:06