I tried to build a O2O app like uber.
I had set up a backend API server (by laravel with JWT auth mechanism).
The user must register with visa card information.
I want to let the app remember the visa card number, so the user could pay without typing the number afterwards.
But I think that saving the card number by localstorage is not a security implementation.
Could anyone share the experience with payment and ionic framework?
Looks like can no longer use stripe.js or post directly to any external payment processor unless you comply with new requirements including the following. :\
“Quarterly external vulnerability scans must be performed by an Approved Scanning Vendor (ASV), approved by the Payment Card Industry Security Standards Council (PCI SSC).”
Stripe is switching to an iframe, as that is the new exception permitted.
If I’m understanding this correctly…?
There are cordova/phonegap plugins to handle strip, or you could write your own as well. Once the card is tokenized using a REST api is the easiest way I’ve found.
Just do your homework, there’s a LOT of resources on using stripe/angular/cordova and phonegap
I think you can use the cache memory to save card number. So, that every time user visits your site or app it will automatically retrieve the information. Or you can validate your credit card details using this tool by cardgenerator.
Just because you can doesn’t mean you should.
I can think of no valid reason to expose oneself to the hassle and liability inherent in storing credit card information anywhere in an Ionic app.