diff --git a/config.ru b/config.ru
index e65bf31ea96bb5df149e2c09d58cbbf1e11d0f32..cf44accbf9968d07b70ef70a9e45f17d4e85c537 100644
--- a/config.ru
+++ b/config.ru
@@ -10,8 +10,9 @@ REDIS = Redis.new
 BRAINTREE_CONFIG = Dhall.load("env:BRAINTREE_CONFIG").sync
 
 class CreditCardGateway
-	def initialize(jid)
+	def initialize(jid, customer_id=nil)
 		@jid = jid
+		@customer_id = customer_id
 
 		@gateway = Braintree::Gateway.new(
 			environment: BRAINTREE_CONFIG[:environment].to_s,
@@ -21,9 +22,17 @@ class CreditCardGateway
 		)
 	end
 
+	def check_customer_id(cid)
+		return cid unless ENV["RACK_ENV"] == "production"
+
+		raise "customer_id does not match" unless @customer_id == cid
+
+		cid
+	end
+
 	def customer_id
 		customer_id = REDIS.get(redis_key)
-		return customer_id if customer_id
+		return customer_id if check_customer_id(customer_id)
 
 		cresult = @gateway.customer.create
 		raise "Braintree customer create failed" unless cresult.success?
@@ -62,13 +71,17 @@ class JmpPay < Roda
 	route do |r|
 		r.on :jid do |jid|
 			r.on "credit_cards" do
-				gateway = CreditCardGateway.new(jid)
+				gateway = CreditCardGateway.new(
+					jid,
+					request.params["customer_id"]
+				)
 
 				r.get do
 					view(
 						"credit_cards",
 						locals: {
-							token: gateway.client_token
+							token: gateway.client_token,
+							customer_id: gateway.customer_id
 						}
 					)
 				end
diff --git a/views/credit_cards.slim b/views/credit_cards.slim
index fa8fe5b0f7e46af4c1e2bc57520653992a0e369a..efcff93766d0655463023f1ab89760a643f794d9 100644
--- a/views/credit_cards.slim
+++ b/views/credit_cards.slim
@@ -16,6 +16,7 @@ form method="post" action=""
 	#braintree
 		| Unfortunately, our credit card processor requires JavaScript.
 
+	input type="hidden" name="customer_id" value=customer_id
 	input type="hidden" name="braintree_nonce"
 
 script src="https://js.braintreegateway.com/web/dropin/1.26.0/js/dropin.min.js"