We get questions about this all the time at Approachable Geek, and rightly so, your and your user’s financial information is extremely important to keep safe. So what is the answer?

The answer is it depends on if your developer is being PCI compliant or not. PCI what? PCI compliance refers to the Payment Card Industry Data Security Standard (PCI DSS), which is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment.

The PCI DSS applies to any organization, regardless of size or number of transactions, that accepts, transmits, or stores any cardholder data.

To become PCI compliant, a company must follow a set of requirements related to the storage, transmission, and processing of credit card information.

These requirements cover a wide range of topics, including network security, secure data storage, and employee training.

PCI compliance is a tough and rigorous standard to comply with for small time developers and payment solutions can quickly become complex, so most end up using companies like Stripe to help take the load off.

When you are building an app using Stripe and someone puts in their payment information, the dev can’t see the literal card number, they can only see an encrypted key that allows them to charge the card.

That way your card information is never exposed to the dev but the programs they build can charge it.

If you were to have a dev that was not using a service like that and was trying to handle it all on their own, that’s when you should be very concerned.

Not only is it really suspicious to have thousands of straight up credit card numbers, but if they don’t have that information properly secured, it could be exposed to all sorts of exploitation.