|
|
|
|
|
|
by robertelder
3733 days ago
|
|
|
My understanding is that Stripe is pretty much the de facto solution to get started with credit card payments on your site, and if you're relatively low volume you can review for fraud and manually reject it yourself. I've set up stripe before, so I have a casual understanding of how it works, but I'm curious what an attacker would be able to do (worst case) if a server I have Stripe payments on gets rooted. Are they only able to charge legitimate customers' cards for the period of time that a payment token is active? Or I suppose they could re-direct the payment page to their own payment page. If they steal the Stripe secret key is there a way they can steal money using it? (other than just bulk testing if they can charge cards) |
|
|