Full credit card data should never go through your server.
Do not send the credit card data to Omise from your servers directly.
The methods described on this page should only be used with fake data in
test mode (e.g.: quickly creating some fake data, testing our API from
a terminal, etc.). If you are PCI-DSS compliant, sending card data from server requires a valid PCI-DSS certification.
You can learn more about this in Security Best Practices