Is it safe to display a customer ID or credit card ID from STRIPE to the public?

Question

Is it safe to display a customer ID or credit card ID from STRIPE to the public?

I use the payment strip on my platform. Stripe provides me with identifiers for objects that I can get in my account,

things like client_id, something like cus_6DUY9LB2ih5Pdy

or credit card identifier, for example card_1613mtB177tQO9RpJRQEFLcV

If I had a delete link that references these identifiers, such as

 http://mywebapp.com/user/card_1614UyB177tQO9RpKy5Ysw10

for example, this link will remove the map from the strip and from my local database

Is it safe for me to publish these identifiers to the public?

Can someone potentially perform malicious actions with a card identifier (for example, create a charge?)

+5

security ruby-on-rails stripe-payments

Tyler liu May 11, '15 at 0:13

source share

1 answer

Dinesh · Answer 1 · 2015-05-11T00:20:29+0000

Systems that deal with payment card data often require compliance with PCI DSS requirements, so you should contact the legal department about any promises that you could make to your clients or cardholders.

A good starting point is PCI Standards --- getting started

Is it safe to display a customer ID or credit card ID from STRIPE to the public?

More articles: