Skip to content

Loads credit card information as an iFrame to ensure PCI compliance (self-hosted)

Problem

As a user, I need to be able to pay for the package I signed up for directly in the signup flow. As a result, GitLab needs to allow me to enter my credit card information in a PCI compliant way. As a result, GitLab should load any credit card related form information as an iframe directly from GitLabs payment provider.

Solution

Zuora allows users to embed a cc iFrame directly into their code so that users can enter credit card information without needing to be PCI compliant themselves. See Zuora docs.

Requirements

  1. It allows the user is user to enter credit card information via Zuora's provided iFrame.
  2. Verifies that the credit card is valid and that the annual amount for the users package and seats has been charged to the valid credit card before the user is allowed to continue to the application.
  3. Charges the credit card for the proper amount
  4. Collects all necessary information in order to facilitate a continuous annual subscription
  5. Does not allow embargoed users to sign up for a paid package