Default Stripe Extension Credit Card Processing PCI compliance

Started by totaffy, September 28, 2017, 01:58:48 PM

Previous topic - Next topic

totaffy

Hello,


I've installed the default stripe extension, and cretit card details appear to be entered onsite and on 'mywebsite' server, rather than on the stripe server.

With the default Stripe extension does any processing, or transmission of any cardholder data take place on 'my sites' server and then passed to the Stripe server? Or are credit card details entirely entered and processed on the Stripe server ?

I need to understand this as i'm in the UK,  and need to know if its PCI DSS compliant and eligible for  PCI SAQ A? UK <a href="https://www.pcisecuritystandards.org/pci_security/completing_self_assessment"> PCI Self Assessment Criteria</a>

I'm considering both the Default and Advanced Stripe options.

Thanks

eCommerce Core

Starting in v1.2.11 stripe payment was updated to comply with latest PCI DSS from Stripe.
In over words, credit card details are not passed via your server or AbanteCart backend any more.
Creditcard details are passed through stripe server and tokenized.
These details shared only between customer's browser and Stripe.


abantecart

Similar approach is with CardConnect that was introduced with v1.2.11. CardConnect certified AbanteCart as PCI DSS


Forum Rules Code of conduct
AbanteCart.com 2010 -