Processing credit card payments in Rails

StackOverflow https://stackoverflow.com/questions/21783819

Question

As you can see, I have one really sensitive question :) I am building a site where users will have an option to subscribe to some content. I am using Rails 4. Users will pay for a subscription with credit card. At the same time, admin would be able to make refunds if needed. Admin can make a refund for any percentage of payed subscription.

As I understand, it is not recommended to store any credit card data in my database. I've found a couple of articles relating to this issue:

http://railscasts.com/episodes/288-billing-with-stripe?view=asciicast

http://larsgebhardt.de/credit-card-processing-with-ruby-on-rails/

http://www.subelsky.com/2011/10/how-to-setup-credit-card-payments-for.html

I was wondering what is currently the recommended practice with credit card processing? How should I handle credit card processing in Rails 4 application? This is maybe simple, but how to make a refund if I don't have any credit card info available in my database?

Thanks!

Was it helpful?

Solution

It's more than not recommended, If you store or directly handle card holder data yourself you must go through the lengthy and expensive process of becoming PCI compliant, failure to do so can result in you being held liable for penalties and losses by the card schemes in the event of a breach of your system.

A service like Stripe helps you largely avoid this burden.

... but how to make a refund if I don't have any credit card info available in my database?

Using Stripe's API or Dashboard all you need to refund is the Order Id generated by their system when the charge was initially made. You should never need to see, or even be able to see the actual card number.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top