If I was storing the number, I would be a giant service provider with a massive database. That database is spread across a highly-redundant storage array consisting of multiple cabinets, in separate rooms or ideally in separate geographical locations, connected by a SAN. My biggest insider threat is the distributed physical plant, the constant stream … Read more
After a bit of research with an iOS8 browser and Chrome emulation I figured it out partially. I know of some solutions, but I don’t know for sure if there are other ways to do it. You’ll have to thank Apple for the amazing lack of documentation around this. Currently Netflix/Amazon have credit card scanning … Read more
Yes, the site you mentioned is correct. Many sites, incl. Google Checkout I believe, rely on automatic detection of the card type. It’s convenient, makes the UI less cluttered (one less input box) and saves time. Go ahead!
DON’T DO IT There is simply far too much risk involved, and you will typically need to be externally audited to ensure that you’re complying with all the relevant local laws and security practises. There are many third-party companies that do it for you that have already gone through all trouble of making sure their … Read more
There are three parts to the validation of the card number: PATTERN – does it match an issuers pattern (e.g. VISA/Mastercard/etc.) CHECKSUM – does it actually check-sum (e.g. not just 13 random numbers after “34” to make it an AMEX card number) REALLY EXISTS – does it actually have an associated account (you are unlikely … Read more
If you’re using Swift, go read my port of this answer for Swift 4 and use that instead. If you’re in Objective-C… Firstly, to your UITextFieldDelegate, add these instance variables… NSString *previousTextFieldContent; UITextRange *previousSelection; … and these methods: // Version 1.3 // Source and explanation: http://stackoverflow.com/a/19161529/1709587 -(void)reformatAsCardNumber:(UITextField *)textField { // In order to make the … Read more
In part 2 where you do this: We set up a webhook to receive stripe events so after 30 days our webhook should receive a customer.subscription.updated event with a object.status == active am I right? You might also consider implementing the customer.subscription.trial_will_end webhook, this webhook will be sent three days before the customers trial is … Read more
Stripe fits a lot of your criteria — you can accept credit card payments without a merchant account. You also get to control the payment flow without having to worry about PCI compliance. A clean and well-structured REST API The API is based entirely on REST — you can even use curl to charge cards: … Read more
There is no official guideline as the credit card issuers can choose each when the cards they issue will expire. In fact they have been issuing cards for longer and longer periods of time. If you’re trying to determine how far out into the future you should accommodate expiration dates for, err on the safe … Read more