I want to use Stripe.com on the server side. When I try the token by creating card

The curl https://api.stripe.com/v1/tokens \
-u sk_test_qMabFX3j5ApELqUH8mEy6NDp: \
- d card [number]=4242424242424242 \
- d card 12 \ [exp_month]=
- d card [exp_year]=2019 \
- d card (CVC)=123

Or through

Stripe. ApiKey="sk_test_qMabFX3j5ApELqUH8mEy6NDp";

Map TokenParams=new HashMap (a);
Map CardParams=new HashMap (a);
CardParams. Put (" number ", "4242424242424242");
CardParams. Put (" exp_month ", 6);
CardParams. Put (" exp_year ", 2019);
CardParams. Put (CVC ""," 314 ");
TokenParams. Put (" card ", cardParams);

Token. The create (tokenParams);

I saw the news on the dashboard: "we have seen over the past few days NNN request of the original credit card number"
My question is: 1) I can safely use Java API to create card token? If so, how to avoid this kind of news? 2) or I must use the Stripe element and their a script?

CodePudding user response:

If you use the server to create in Java card token, said your server receives the original card details. If you do not save the information in the database, you still need to comply with the higher level of PCI compliance, it will be a lot of work to abide by.
Instead, you should use Elements or Checkout tag on the client. This will allow you to safely on the client to create A token, then sends the token to your server. This will also allow you to belong to the SAQ - A, this is the most simple PCI compliance level. You can reading about differences in the Stripe document here for more information.

CodePudding user response:

Hello, there is a problem request, convenient and direct messages