
Process Stripe Payments Through AWS Lambda - kaishiro
https://github.com/TaylorBriggs/stripe-lambda
======
throwaway2016a
Note: AWS Lambda is not PCI compliant so using it for credit card purchases
can get you in hot water.

Using Stripe doesn't exempt you from PCI-DSS 3.0/3.1: SAQ A-EP.

Note, Lambda is not listed here: [https://aws.amazon.com/compliance/pci-dss-
level-1-faqs/](https://aws.amazon.com/compliance/pci-dss-level-1-faqs/)

~~~
taylorbriggs
Hi, I'm the developer of this AWS Lambda function. It is only intended to be
used with the Stripe Checkout payment flow. There is no actual credit card
data passed to AWS, simply a token (again, obtained from the Stripe Checkout
widget). The use of AWS Lambda is for protecting one's secret key in a
serverless environment, e.g., static website or mobile app. Thanks for your
feedback!

~~~
throwaway2016a
Hi. Great work, I love too see people creating micro-services with Lambda.
Lambda is an awesome tool.

We process credit card payments and ran into this issue so I just wanted to
point it out to the community.

With that said, the "source" object can be a "dictionary containing the
customer's credit card details" so it can be miss-used. You may want to put a
disclaimer in the `README.md` or maybe a `console.log` with a warning if a
credit card dictionary is passed.

~~~
taylorbriggs
I added a note in the README that this function is only intended for use with
the Stripe Checkout widget, which hopefully clarifies that issue. Really
appreciate the feedback!

