Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is it dangerous to store in my database stripe customers ids?

If my MysQL database is stolen for example, can a thief use the Stripe customers ids to charge them?

Should I store these Ids in my database or not? Store them but encrypt them?

Thanks.

like image 458
London Smith Avatar asked Jan 10 '17 19:01

London Smith


People also ask

Does Stripe store customer data?

The Customer resource is a core entity within Stripe. Use it to store all of the profile, billing, and tax information required to bill a customer for subscriptions and one-off invoices.

Are Stripe customer IDs sensitive?

All sensitive information coming from the account id requires your Stripe Secret Key (or that of the account, for Connect accounts). That being said, if access to those keys is compromised, having the account ids readily available just makes it that much easier for an attacker.

How do I get my Stripe customer ID?

Just use the following line of code you will get the customer id. $customer = $stripe->customers()->create([ 'email' => $_POST['stripeEmail'], 'source' => $_POST['stripeToken'], 'plan' => trim($plan) ]); echo $customer['id'];


1 Answers

The customer id (cus_XXXX) can be used to charge a customer's card but only with your account's Secret API key (sk_live_XXX).

Someone getting their hands on your database in that situation wouldn't be able to do anything with the information unless they also stole your API keys.

It's safe to store anything that Stripe returns via the API in your own database as they wouldn't be returning those values in the first place otherwise. It's also partially covered in the documentation here about PCI compliance.

like image 83
koopajah Avatar answered Oct 10 '22 05:10

koopajah