Each Spree::Payment object has optional source_type and source_id
attributes that point to a payment source model. The listed source type is
supplied by the Spree::PaymentMethod being used.
Solidus includes some payment sources such as Spree::CreditCard and
Spree::StoreCredit. However, your
payment method
could
define any custom payment source in its payment_source_class method.
If your
payment processing
integration uses the
Spree::CreditCard class for its payment source, take note that this model does
not store all of the payment details. Solidus only collects enough data to allow
customers to verify which credit card is being used.
All the credit card data that you collect should be immediately sent through a form to the payment service provider. Your databases should not store a customer's complete credit card data for any amount of time.
Whenever you store sensitive customer data, you risk a PCI compliance violation.
We recommend using the Spree::CreditCard class as an example of responsibly
storing customer data. See the
PCI Security Standards
website for more
information.
Solidus is an open source platform supported by the community. We encourage everyone using Solidus to contribute back to the documentation and the code.
If you’re interested in contributing to the docs, get started with the contributing guidelines. If you see something that needs fixing and can’t do it yourself, please send us an email.