Requires Craft 2.5+, running php 5.5.9+
When you see a Charge 403 PCI keys error it means your payment form is configured in an invalid state, and Charge is rejecting the request for your own safety and PCI Compliance.
The actual full message shown to non-admin users will be the following :
This request is invalid. Please contact the site admin, quoting the code - "Charge 403 PCI keys"
Alternatively, if the user is logged in as an admin at the time, they'll see this message :
The posible error keys are
This response is part of a safety and security mechanism within Charge that's designed to protect your account, and keep you within full PCI compliance requirements.
This error is thrown when a payment form with inputs named
cardCvv are submitted.
You must explicitly never submit those values to your server. Stripe is designed to take those values, and create a tokenised version of them, which is what should be submitted.
jquery.charge.js will handle the tokenisation for you, based on inputs with data-stripe=".." attributes.
Fixing the error is very simple.
Just make sure your card number, and cvc inputs do not have a name attribute.
<input type="text" name="cardNumber" data-stripe="number" placeholder="•••• •••• •••• ••••"/> <input type="text" name="cardCvc" data-stripe="cvc" placeholder="•••"/>
To the correct setup, removing the name attributes one the card number and cvc inputs, like this :
<input type="text" data-stripe="number" placeholder="•••• •••• •••• ••••"/> <input type="text" data-stripe="cvc" placeholder="•••"/>