support

Default Stripe Extension Credit Card Processing PCI compliance

Started by totaffy, September 28, 2017, 01:58:48 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

totaffy

September 28, 2017, 01:58:48 PM
Hello,


I've installed the default stripe extension, and cretit card details appear to be entered onsite and on 'mywebsite' server, rather than on the stripe server.

With the default Stripe extension does any processing, or transmission of any cardholder data take place on 'my sites' server and then passed to the Stripe server? Or are credit card details entirely entered and processed on the Stripe server ?

I need to understand this as i'm in the UK,  and need to know if its PCI DSS compliant and eligible for  PCI SAQ A? UK <a href="https://www.pcisecuritystandards.org/pci_security/completing_self_assessment"> PCI Self Assessment Criteria</a>

I'm considering both the Default and Advanced Stripe options.

Thanks

eCommerce Core

#1
September 28, 2017, 02:26:42 PM
Starting in v1.2.11 stripe payment was updated to comply with latest PCI DSS from Stripe.
In over words, credit card details are not passed via your server or AbanteCart backend any more.
Creditcard details are passed through stripe server and tokenized.
These details shared only between customer's browser and Stripe.

"If you're in the luckiest one per cent of humanity, you owe it to the rest of humanity to think about the other 99 per cent."
― Warren Buffett

abantecart

#2
September 28, 2017, 02:29:40 PM
Similar approach is with CardConnect that was introduced with v1.2.11. CardConnect certified AbanteCart as PCI DSS
Please  rate your experience or leave your review
We need your help to build better free open source ecommerce platform for everyone. See how you can help
Print
Go Up Pages1
User actions

Forum Rules Code of conduct
AbanteCart.com 2010 -