Questions tagged [payment-gateway]
A payment gateway is an e-commerce application service provider service that authorizes credit card payments.
83 questions
1
vote
1
answer
1k
views
Is it financially safe to use stripe for payment processing with the main website in http?
Stripe.com is a service that allows payment processing to be outsourced. In a similar way to Oauth this works by exchanging tokens.
Of course, running one’s website on an unencrypted connection is ...
- 1,512
0
votes
2
answers
470
views
how should a web application verify a redirect comes from a trustworthy source?
This document has a sequence diagram (annotated and shown below) explaining how Stripe handle's a Checkout Session.
My question : When a customer is returned to the successUrl = www.example.com/some/...
- 309
1
vote
1
answer
1k
views
Can Twitter use the payment information they have to know if multiple users have used the same credit card to buy multiple Twitter blue subscriptions?
This question asked if websites on which one is transacting have their payment information and from the replies it seems that they do (or at least their payment gateway service providers do). But my ...
13
votes
2
answers
4k
views
Validating and storing credit card data for retrieval later
I need to validate and store credit card information (name, card number, expiration date, CVC) for retrieval at a later date. Once retrieved, the data will be used for manual processing on a separate ...
- 231
1
vote
1
answer
312
views
How to prevent shopping cart alterations in another tab when paymentintent is already created?
Has anyone figured out a solution to this? I seem to have gotten to the same conclusion with no solution.
If I were to go the my app's checkout page, the payintent is created in the backend (explained ...
- 11
1
vote
1
answer
614
views
Is there a secure way of handling online payments without user accounts and logging in?
I'm creating a subscription-based desktop application, but there is no authentication on the platform as the "user" is the computer upon which the application is installed. This means no ...
- 11
1
vote
1
answer
583
views
Is braintree clientToken supposed to be public?
I'm building an app that uses Braintree for processing payments. According to the documentation, I need a server-side endpoint that returns the clientToken, which is then used to manage a user's vault ...
- 11
0
votes
1
answer
2k
views
Why some payment methods allow being embedded in an iframe and some don't?
Let's take some examples:
Pay Pal, Apple Pay (examples via Saferpay) - will not load in an iFrame
Visa Checkout, Stripe (example), Saferpay (link above) - credit card data can be input in an iFrame
...
- 183
0
votes
1
answer
154
views
Visa Secure / TAN App showing wrong amount charged [closed]
So, the other day I was charging my prepaid VoIP account from sipgate.de via credit card payment. I chose 10 Eur which is the default and entered my card details.
As usual, I was redirected to a ...
- 188
0
votes
1
answer
226
views
Is it okay that a payment app is sending my payment details via a GET request? [duplicate]
I was trying to use a state-owned mobile payment app to conduct some transaction on the internet and, thanks to an error message, I found out that my card number and the amount I'm paying were sent ...
- 245
2
votes
1
answer
385
views
Credit card form : Is it neccessary to obscure error messages?
I'm working on designing a credit card payment form whose core functionality is provided by a payment processing company ("upstream").
Upon some transaction errors the upstream returns the ...
0
votes
1
answer
145
views
Question about the cause of the differences in Google Pay features
If you are logged in with your Google account and click "Manage your Google Account," you can then edit your payment profile. But you cannot (1) see the complete card number except for the ...
- 121
1
vote
1
answer
614
views
Web developer needs customer's private key
As a non security expert, I'm looking for advice from those who are.
I work with company X who have hired company Y to develop their website. Company Y needs to integrate server-side online payment ...
user240753
2
votes
3
answers
964
views
How to secure a price passed to a payment gateway on client?
Using Javascript, say a customer buy a product that cost 10$.
Many payment gateways, like PayPal and Stripe, offer a client side Form where you input the sale data (price, amount, buyer address, etc), ...
- 123
0
votes
0
answers
135
views
Adding paygate buttons to HTTP-only website?
Let's say that I have a website where I want to sell homemade goods. I want customers to be able to pay for the goods without too much hassle.
A common option is to use buttons provided by a payment ...
- 101