I have a JS front-end that communicates with the back-end via REST API and I need to process credit cards. I do not want to get into the full PCI DSS compliance stuff and I don't need to since I am using 3rd party provider(Stripe, Braintree..) that provide tokenization.
But the issue I have is that I do not want the JS front-end to handle the tokenization of the CC details but I want the front-end to send the CC data to the back-end and the back-end will then use the payment gateway API to tokenize the CC data and store it instead of the real CC data.
Since the CC data enters the back-end is is considered processing of the CC data(not storage) which means I have to handle PCI compliance in a way.
So I am wondering if there is some easy way to avoid doing some over-complicated code/infrastructure changes in order to be compliant?