|
|
|
|
|
|
by lsh123
5314 days ago
|
|
|
You might want to talk to your PCI QSA to get a professional opinion. My views are explained here: http://news.ycombinator.com/item?id=3332001 Said that, you might want to think beyond PCI. Security is as strong as your weakest link and you might want to "play" in your mind a few scenarios: what if there is an XSS attack? what if your employee goes "rogue"? what if your server is hacked? Then you will need to decide what is important for you and how much risk you are willing to tolerate. Different solutions (Stripe + javascript, WePay + iFrame or redirect, PayPal, traditional payment gateway, etc.) will give you different upsides and downsides in usability, security, international support, price, customer support experience, ... There is no silver bullet :) |
|
|