It's not related to library bugs, so the initial format isn't relevant for this case.
Is this library compliant with SCA when paying via credit cards?
If yes, what are the methods we can use? Is it enough to createTokenWithCard and createSourceWithParams (type=threeDSecure)?
@n-sviridenko I haven't read detailed information about SCA yet but probably it won't be compliant until we have #448 fixed
Stripe has prepared pre-built and customizable solutions to help you prepare for SCA. You will need to update your integration to support 3D Secure 2 before September 14, 2019.
If you wish to use 3D Secure, we strongly encourage you to adopt Stripe鈥檚 new Checkout or the Payment Intents API. Both support Dynamic 3D Secure, which helps you prepare for Strong Customer Authentication regulation in Europe. If your integration uses Dyanamic 3D Secure with new Checkout or the Payment Intents API, it will seamlessly transition to 3D Secure 2 once supported鈥攚ithout requiring any changes. Use of Stripe鈥檚 legacy 3D Secure Sources API is no longer recommended, and will not support 3D Secure 2.
@cybergrind as I understand, there is still time till September. What's the current way (using this library) I can collect a card info which I can charge multiple times when user is offline afterwards?
Create Token and then create customer on the backend server. After that, you will be able to charge the user without asking for payment details/
@cybergrind token is single-use and expirable. I know sources are long-term. But 3d secure sources are single-use.
we need to create a card source which can be used multiple times when customer is offline
Then you have a choice:
@cybergrind I see. Btw. is this library compatible with https://github.com/expo/expo? They have their own implementation, but it doesn't support card source currently (only 3d secure).
Their implementation is based on tipsi-stripe. So I believe it is quite straightforward to port everything from this library to expo.
How to integrate Payment intent API in react native with this plugin?
@AleenaVJ1995 there is no support for it right now. You can watch #448 to get a notification when it will have some updates.
@cybergrind What if we use tipsi-stripe as is currently with having #448 resolved? is there security risk?
@hopewise SCA is just new regulatory requirements for Europe (which introduces some good features). But I cannot say that previous requirements really have low security.
Basically, if you don't save/log/expose user private data, like CC number, CVC. You don't need this data because Stripe handles it on their side and you will use stripe token that is secure if you don't expose your app's secret key
Thanks @cybergrind for your note
What level of PCI compliance does this library give? (https://github.com/tipsi/tipsi-stripe/issues/292 ) seems to suggest Android is not compliant.
@tomrevansecho this is incorrect. Usage of the Stripe SDK native implementation is required for SAQ-A and SAQ-A is just questionary before actual evaluation.
To be PCI compatible you need to pass the assessment by a certified assessor from list https://www.pcisecuritystandards.org/assessors_and_solutions/qualified_security_assessors
Thanks for the quick reply but still not 100% clear. To qualify for self assessment compliance. Are you able to use this library or does it increase the scope as Android uses a custom UI for credit card input? Would love to use if possible. Although would need to look to add PaymentIntents to use.
If you're using Android cart form you're not SAQ-A eligible because of tipsi-stripe wasn't validated by qualified security assessors.
If someone will do this procedure and send this code to assessment it will be eligible.
Will the payments method API be integrated to #448 ? as the Sources API doesn't support SCA.
https://stripe.com/docs/mobile/android/sources
https://stripe.com/docs/mobile/ios/sources
https://stripe.com/docs/mobile/android/payment-methods
https://stripe.com/docs/mobile/ios/authentication
This issue will be fixed in 8.0.0 which is in beta right now! Please check #532 for more details.
Most helpful comment
@AleenaVJ1995 there is no support for it right now. You can watch #448 to get a notification when it will have some updates.