undefined | Better HN

0 pointsyarone14y ago0 comments

Why? Many of us use Spreedly / Chargify / Recurly. Imagine embedding a Spreedly form on your site. Still scary?

0 comments

> Still scary?

As someone who's currently looking over PCI compliance stuff: YES.

Actually, these third party services can be a lifesaver when it comes to PCI compliance. If you use a service like Stripe in it's entirety then you don't have to worry anywhere near as much about PCI compliance yourself.

ceejayoz14y ago

Has there been any actual confirmation of that? i.e. an official ruling from the PCI standards council?

Other than the long-term storage of credit card numbers stuff, most of it focuses on security measures I'd want someone using Stripe to have implemented.

After all, if someone hacks the server, they're going to have an easy time adjusting the flow to save the CC# that's supposed to only be going to Stripe.

1 more reply

j / k navigate · click thread line to collapse

0 comments

ceejayoz14y ago

> Still scary?

As someone who's currently looking over PCI compliance stuff: YES.

untog14y ago

ceejayoz14y ago

Has there been any actual confirmation of that? i.e. an official ruling from the PCI standards council?

Other than the long-term storage of credit card numbers stuff, most of it focuses on security measures I'd want someone using Stripe to have implemented.

After all, if someone hacks the server, they're going to have an easy time adjusting the flow to save the CC# that's supposed to only be going to Stripe.

1 more reply

j / k navigate · click thread line to collapse