ryanmitchell Thanks, I sent sripe all the logs file and found out some one else taken these money out of my account. They said it has same name with different email addresses. Now, after further investigation they sent me this email:
We’ve noticed that you are passing your cardholder’s full credit card number to Stripe’s API. We strongly discourage you from handling this information directly because doing so:
- Potentially exposes your customer’s sensitive data to bad actors
- Affects the performance of Radar, Stripe’s fraud protection solution
- Requires your business to meet complex and burdensome PCI compliance requirements
To keep your customer’s information safe, we were unable to process the unsafe charge you just sent us. In order to process payments securely on Stripe, change your integration to collect payment information using one of our official client integrations(https://stripe.com/docs/payments). These integrations ensure that no sensitive card data ever needs to touch your server.
In rare cases, you may have to continue handling full credit card information directly. If this applies to you, you can enable unsafe processing in your dashboard.
For any questions, just reply to this email and we’d be happy to help.
The Stripe team
Now, as far as I know tastyigniter use stripe payment using Omnipay. Is it possible to use “Collect payment information using one of Strip’s client integrations”? Which will definitely prevent fraudalant transaction and keep everyones money safe.