As you can see, I have one really sensitive question :) I am building a site where users will have an option to subscribe to some content. I am using Rails 4. Users will pay for a subscription with credit card. At the same time, admin would be able to make refunds if needed. Admin can make a refund for any percentage of payed subscription.
正如你所看到的,我有一个非常敏感的问题:)我正在建立一个网站,在那里用户可以选择订阅一些内容。我正在使用Rails 4。用户将用信用卡支付订阅费用。与此同时,如果需要的话,admin可以退款。管理员可以对任何百分比的付费订阅进行退款。
As I understand, it is not recommended to store any credit card data in my database. I've found a couple of articles relating to this issue:
据我所知,不建议在我的数据库中存储任何信用卡数据。我发现了一些关于这个问题的文章:
http://railscasts.com/episodes/288-billing-with-stripe?view=asciicast
http://railscasts.com/episodes/288-billing-with-stripe?view=asciicast
http://larsgebhardt.de/credit-card-processing-with-ruby-on-rails/
http://larsgebhardt.de/credit-card-processing-with-ruby-on-rails/
http://www.subelsky.com/2011/10/how-to-setup-credit-card-payments-for.html
http://www.subelsky.com/2011/10/how-to-setup-credit-card-payments-for.html
I was wondering what is currently the recommended practice with credit card processing? How should I handle credit card processing in Rails 4 application? This is maybe simple, but how to make a refund if I don't have any credit card info available in my database?
我想知道目前信用卡处理的推荐做法是什么?如何在Rails 4应用程序中处理信用卡处理?这可能很简单,但是如果我的数据库中没有任何信用卡信息,如何进行退款呢?
Thanks!
谢谢!
1 个解决方案
#1
5
It's more than not recommended, If you store or directly handle card holder data yourself you must go through the lengthy and expensive process of becoming PCI compliant, failure to do so can result in you being held liable for penalties and losses by the card schemes in the event of a breach of your system.
超过不推荐,如果你存储或直接处理持卡人数据必须经过漫长而昂贵的过程成为一种总线标准兼容,否则可能导致你被卡承担罚款和损失计划在发生违反您的系统。
A service like Stripe helps you largely avoid this burden.
像Stripe这样的服务很大程度上帮助您避免了这种负担。
... but how to make a refund if I don't have any credit card info available in my database?
…但是,如果我的数据库中没有信用卡信息,如何退款呢?
Using Stripe's API or Dashboard all you need to refund is the Order Id generated by their system when the charge was initially made. You should never need to see, or even be able to see the actual card number.
使用Stripe的API或仪表板,您需要退款的是系统在最初进行收费时生成的订单Id。您永远都不需要看到,甚至不需要看到实际的卡号。
#1
5
It's more than not recommended, If you store or directly handle card holder data yourself you must go through the lengthy and expensive process of becoming PCI compliant, failure to do so can result in you being held liable for penalties and losses by the card schemes in the event of a breach of your system.
超过不推荐,如果你存储或直接处理持卡人数据必须经过漫长而昂贵的过程成为一种总线标准兼容,否则可能导致你被卡承担罚款和损失计划在发生违反您的系统。
A service like Stripe helps you largely avoid this burden.
像Stripe这样的服务很大程度上帮助您避免了这种负担。
... but how to make a refund if I don't have any credit card info available in my database?
…但是,如果我的数据库中没有信用卡信息,如何退款呢?
Using Stripe's API or Dashboard all you need to refund is the Order Id generated by their system when the charge was initially made. You should never need to see, or even be able to see the actual card number.
使用Stripe的API或仪表板,您需要退款的是系统在最初进行收费时生成的订单Id。您永远都不需要看到,甚至不需要看到实际的卡号。