Highest Voted 'payment' Questions - IT Security Stack Exchange

2

votes

1 answer

Secure IDs and QR

Suppose that I want to give to users of my site the option to pay for a service and use it later. I am thinking to generate a unique ID for the paid service. I want to be able to trust the ID to decide if the user has paid the service or not but I…

qr-code payment

asked Feb 11 '17 at 13:03

Marco Altieri

633
5
13

1

vote

1 answer

3D secure 2 and CSP

I'm building a checkout page for a website and have a checkout page with a content security policy (CSP). When the customer pays with a card, they will see a box popup with the bank page that allows the bank to verify (if they want). The problem I…

content-security-policy payment

asked Jul 30 '20 at 08:57

SpottedPaint

11
1

1

vote

1 answer

PCI compliance dilemma

I am looking for advice on PCI compliance. I am being told that I am not currently PCI compliant although I am not sure if this is accurate. We outsource the payment management and card storage to a 3rd party service and only store the external ID…

pci-dss credit-card payment-gateway payment

asked Jan 28 '19 at 10:04

Marcus Horne

13
2

1

vote

1 answer

Security implications of exposing payment gateway secret API key

Introduction In payment gateways such as Coinbase or G2A Pay, the typical payment flow goes as follow: POST to the gateway with the secret API key and metadata (price etc) to generate a payment URL. Redirect the client to the payment URL. Server…

web-application vulnerability key-management payment-gateway payment

asked Jan 06 '19 at 13:39

riwu

113
3

1

vote

2 answers

payment details over https

I have a web form on which my customer enters his credit card details along with other info. I then send this data to my backend server. I save the non-sensitive information to my database. I DO NOT store the cc details but pass them over https to a…

tls payment

asked Nov 27 '18 at 19:28

Deer

11
1

1

vote

0 answers

Why Russian/non-USA online firms never take a credit card directly?

I've noticed it back some ten years ago, and, apparently, it's still the case today -- most online retailers in the US directly procure the information about your credit card, whereas in Russia, credit cards are mostly processed exclusively by…

corporate-policy payment-gateway payment

asked Jan 11 '17 at 22:11

cnst

1,884
2
19
30

1

vote

0 answers

Android pay card registration, token generation, and verification

I was trying to find information about Android Pay and how it handles card information when adding it to Android Pay and how are token information verified. I was not able to find detailed information. When adding a new card to Android Pay you have…

android credit-card payment

asked Nov 08 '16 at 18:13

user1563721

1,099
11
22

1

vote

1 answer

How well-protected should customer billling & invoice data be?

Specifically, I'm curious about Recurly.com's hosted_login_token, described here: https://docs.recurly.com/docs/hosted-account-management Basically, it's a token that they allow to be stored in cleartext and even emailed with customer invoices and…

privacy credit-card payment

asked Sep 22 '16 at 19:19

Eric Nguyen

111
4

1

vote

1 answer

API based platform to save bank account information

We are implementing a portal that will Require user to provide the bank details (routing number, account number etc). This data will be sent through SFTP to another carrier that will use the bank account number for billing. Having read various…

secure-coding payment

asked Aug 09 '16 at 20:56

user9445

143
3

0

votes

1 answer

Inconsistency in masking CVV/CVC credit card details during input

I have observed that in some payment portals while making payments via credit/debit card the CVV/CVC number is masked out (hidden), but in different portals this is not the case. For example: USA & a few of UK based payment portals are not masking…

credit-card payment

asked Jul 30 '22 at 13:14

Ashish Patil

103
4

0

votes

1 answer

Is braintree clientToken supposed to be public?

I'm building an app that uses Braintree for processing payments. According to the documentation, I need a server-side endpoint that returns the clientToken, which is then used to manage a user's vault and process payments, so I'm trying to make sure…

token client payment-gateway paypal payment

asked Nov 25 '21 at 13:24

David Bryant

1
2

0

votes

0 answers

Are thieves with wireless payment terminals really a threat?

I've heard it time and time again being repeated: "You should get one of those RFID-shielding wallets to protect your tap-enabled cards from thieves." I know that thanks to the security measures built into the card they can't copy the chip with…

credit-card rfid payment

asked Oct 20 '21 at 14:46

Alexandre Aubrey

109
4

0

votes

1 answer

Question about the cause of the differences in Google Pay features

If you are logged in with your Google account and click "Manage your Google Account," you can then edit your payment profile. But you cannot (1) see the complete card number except for the last 4 digits or (2) change the number of an existing card.…

payment-gateway payment

asked Nov 27 '20 at 00:50

Xi Liu

111
1

0

votes

0 answers

Pay online with a card and then block it - any threats?

Sometimes I order stuff from less-known online stores that ask me to pay directly by providing a card number. Either they don't support PayPal or similar services or they might charge a fee for using them, so that's what I do: I have a card with…

credit-card payment

asked Aug 18 '20 at 10:29

Alexander

101

0

votes

1 answer

PIN transfer between payment schemes

I am wondering, if it should be possible to transfer PIN in case of migrating between different payment schemes like Mastercard or VISA. For example, when I have a card issued by Mastercard, and it will be changed to VISA, is it possible to keep the…

encryption key emv payment

asked Jan 14 '20 at 06:05

user1563721

1,099
11
22

Questions tagged [payment]