PCI Compliance Stripe
Discussions focus on PCI DSS compliance for handling credit card data and how services like Stripe mitigate requirements by tokenizing cards without merchants storing sensitive information.
Activity Over Time
Top Contributors
Keywords
Sample Comments
How does Stripe mitigate PCIDSS requirements?
Guess the PCI Compliance thing works at least. Otherwise why do they need to ask his credit card authorization?
They are not supposed to even store the ccv and certainly can't send it anywhere without encryption. Report them to your issuer.
Well you're not holding credit card details, so no there should be no need to worry about PCI.
Don't VISA et al require some kind of PCI compliance for storing credit card details?
Certain companies (like Braintree) offer a service where the credit card data is POSTed directly to their server, relieving you of most aspects of PCI compliance.
Stripe.js creates an iframe hosted by Stripe which sends the card information directly to Stripe. The merchant cannot see or intercept that card info, during or after transmission, and thus cannot send it to another processor (at least not using the same payment card input boxes).
Can't the merchant just treat it like an online payment. Take the Card number, expiry date and security code?
Apparently it uses Stripe, and as long as the dev isn't trying to intercept/store payment info (e.g. in logs), Stripe handles PCI compliance
Stripe does this really well using a js lib. The sensitive data thus never hits your servers and it's a much better experience for devs who don't want/have to deal with PCI compliance.