undefined | Better HN

0 pointsdymk6y ago0 comments

How would you do this without suddenly becoming subject to PCI compliance?

0 comments

4 comments · 2 top-level

alexbilbie6y ago· 2 in thread

Create your Stripe token client side, send it to your API, indicate to the user that the payment is processing.

Your backend stores the PCI-compliant Stripe token in a queue which a worker processes as and when it can - therefore allowing you to mitigate Stripe down time.

The issues then become one of UX if the payment fails.

dymkOP6y ago

If Stripe is down, you can't create a Stripe token. Iirc tokens also expire fairly quickly (at least - in my testing, that appears to be the case. Perhaps it's different for different types of tokens.)

Are Stripe's systems are isolated enough to where their token system is disjoint from the charge system? Do we know what uptime for their token system looks like?

alexbilbie6y ago

That’s a fair point about creating Stipe tokens.

In my experience (processing several thousand payments with Stripe daily) when there are blips they do seem to be isolated to specific endpoints/entities.

frakkingcylons6y ago

One way would be to use a service like VeryGoodSecurity to capture payment details initially, then have it forward them to your processor later on.

j / k navigate · click thread line to collapse