A
A
Anton Ivanov2020-01-24 11:40:46
Payment systems
Anton Ivanov, 2020-01-24 11:40:46

Does stripe's implementation of the payment interface provide any benefits to stripe itself?

Hello.
The question is, many card processing APIs are organized in the forehead: the store sends the card data (number, first / last name, exp date and cvv) and the processing processes them.
But stripe (and some others) have a different approach: for the web, you need to include their javascript and the iframe will have a field for entering map data (inaccessible to the "head" web application), for mobile applications, proprietary components are used, that is, the client does not (in theory) even the theoretical possibility to save the data of the payer's card. Everything is collected and processed on the stripe side.
The question arose, in addition to the obvious advantages, does this approach give any advantage when agreeing on a connection to a payment gateway (for example, a bank) for the stripe company itself, such as "our clients, even if they wish, will not be able to collect payer data, so ... give us the best percentage / choose us among others / etc. "
Or is it all garbage and the payment gateway will not be interested in" such trifles?
Thank you.

Answer the question

In order to leave comments, you need to log in

2 answer(s)
B
boss_lexa, 2020-01-24
@boss_lexa

stripe has different connection options both via iframe and via api
, the more convenience for clients, the more clients and market share that stripe gets.
The greater the market share of stripe, the greater its "weight" when negotiating with partner banks and the better conditions they can get.
In terms of security, even an iframe and redirect according to PCI DSS requires filling out a SAQ-A self-assessment sheet, which is of course much easier than other options. If the client himself brought his infrastructure to compliance with the help of the SAQ self-assessment sheet or conducted a QSA audit, then according to the standards, he is as "correct" as the stripe itself.

V
Vladimir Kuts, 2020-01-24
@fox_12

In order to store or collect payment data on the side of your server, you need a banking license with all the ensuing consequences. Therefore, everyone redirects to the processing of a bank or payment system.

many card processing APIs are organized in the forehead: the store sends card data
(number, first / last name, exp date and cvv) and processing processes them.

"many" - this is who?

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question