Spree::Payment object has optional
attributes that point to a payment source model. The listed source type is
supplied by the
Spree::PaymentMethod being used.
Solidus includes some payment sources such as
Spree::StoreCredit. However, your
define any custom payment source in its
integration uses the
Spree::CreditCard class for its payment source, take note that this model does
not store all of the payment details. Solidus only collects enough data to allow
customers to verify which credit card is being used.
All the credit card data that you collect should be immediately sent through a form to the payment service provider. Your databases should not store a customer's complete credit card data for any amount of time.
Whenever you store sensitive customer data, you risk a PCI compliance violation.
We recommend using the
Spree::CreditCard class as an example of responsibly
storing customer data. See the
PCI Security Standards
website for more
Solidus is an open source platform supported by the community. We encourage everyone using Solidus to contribute back to the documentation and the code.