Reputation: 327
Architecture of handling user payment methods on a micro service
We have a micro service which is used just for handling user's orders. Right now, the payment provider we use, Stripe, stores these payment methods but we need to use some of the data from these payment methods like sending emails to the user before their card is due to expire so we need to store these cards in an internal DB table however I can see data quickly getting out of sync.
But if we call Stripe directly, if we ever end up switching payment providers we'll be very much tied into Stripe as all the payment methods are stored in there and they'll all be cleared if we ever left Stripe.
So the question is, if you were to do the same would you store payment methods on just Stripe and be tied in or also on an internal DB and just allow the data to get out of sync?
Upvotes: 0
Views: 311
Answers (1)
Reputation: 9446
I would be very careful about storing cc info in your system unless you have to. Once you do, you will have to become PCI DSS compliant, which adds considerable cost and regulations to your operations.
Storing an expiration date and the last 4 digits of the card are acceptable, but if you store enough to move providers (like the full PAN), then you will need to maintain PCI compliance.
This may be worth it, but you will have to decide for yourself if the flexibility is going to be worth the additional overhead.
Upvotes: 2
Related Questions
- Stripe customer integration
- Best practice for storing Stripe payments in database?
- How to process payment on the backend side using Stripe?
- How transactions can be managed in a micro-service architecture
- client, account and transactions, how to design it in a microservices approach?
- micro service design business and user RestAPI
- Stripe Payments for a delivery company
- Using Stripe Connect to facilitate transactions between users?
- Stripe rails design choice
- Which design pattern should I use? (Payment system API)