Author Topic: Default Stripe Extension Credit Card Processing PCI compliance (Read 3694 times)

totaffy · « **on:** September 28, 2017, 01:58:48 PM »

Hello,

I've installed the default stripe extension, and cretit card details appear to be entered onsite and on 'mywebsite' server, rather than on the stripe server.

With the default Stripe extension does any processing, or transmission of any cardholder data take place on 'my sites' server and then passed to the Stripe server? Or are credit card details entirely entered and processed on the Stripe server ?

I need to understand this as i'm in the UK, and need to know if its PCI DSS compliant and eligible for PCI SAQ A? UK <a href="https://www.pcisecuritystandards.org/pci_security/completing_self_assessment"> PCI Self Assessment Criteria</a>

I'm considering both the Default and Advanced Stripe options.

Thanks

eCommerce Core · « **Reply #1 on:** September 28, 2017, 02:26:42 PM »

Starting in v1.2.11 stripe payment was updated to comply with latest PCI DSS from Stripe.
In over words, credit card details are not passed via your server or AbanteCart backend any more.
Creditcard details are passed through stripe server and tokenized.
These details shared only between customer's browser and Stripe.

abantecart · « **Reply #2 on:** September 28, 2017, 02:29:40 PM »

Similar approach is with CardConnect that was introduced with v1.2.11. CardConnect certified AbanteCart as PCI DSS

totaffy · « **Reply #3 on:** September 28, 2017, 03:00:32 PM »

Great thats good news thank you !

News:

Author Topic: Default Stripe Extension Credit Card Processing PCI compliance (Read 3694 times)

totaffy

Default Stripe Extension Credit Card Processing PCI compliance

eCommerce Core

Re: Default Stripe Extension Credit Card Processing PCI compliance

abantecart

Re: Default Stripe Extension Credit Card Processing PCI compliance

totaffy

Re: Default Stripe Extension Credit Card Processing PCI compliance