Whats the best practice to save visa payment information?


#1

Hi,
I tried to build a O2O app like uber.
I had set up a backend API server (by laravel with JWT auth mechanism).
The user must register with visa card information.
I want to let the app remember the visa card number, so the user could pay without typing the number afterwards.
But I think that saving the card number by localstorage is not a security implementation.
Could anyone share the experience with payment and ionic framework?
Thanks.


#2

Stripe is your best bet. They have a frontend JavaScript framework you could plug into your Ionic project, check out their docs. They store all the secure data for you, and all you store on your servers is a token.


#3

Looks like can no longer use stripe.js or post directly to any external payment processor unless you comply with new requirements including the following. :\

“Quarterly external vulnerability scans must be performed by an Approved Scanning Vendor (ASV), approved by the Payment Card Industry Security Standards Council (PCI SSC).”

Stripe is switching to an iframe, as that is the new exception permitted.

If I’m understanding this correctly…?


#4

There are cordova/phonegap plugins to handle strip, or you could write your own as well. Once the card is tokenized using a REST api is the easiest way I’ve found.

Just do your homework, there’s a LOT of resources on using stripe/angular/cordova and phonegap