Support » Plugin: WooCommerce Stripe Payment Gateway » Does credit card data ever touch our database?

  • Resolved hlinden

    (@hlinden)


    If a customer pays using a credit card, does the card data ever get saved in our database at any point? Or is it handed directly to the stripe API and processed there?

    If the credit card data were to be saved in out database, we’d definitely have to check what our local regulators say about storing credit card data and necessary certifications.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Last time I checked the credit card billing data may be tokenized or handled on the server and that’s so Woocommerce is able to record just the billing address that the customer entered and that Stripe gets to see the information. So technically you’d likely have to fill out SAQ A-EP with this plugin. There is another plugin called “striper” https://wordpress.org/plugins/striper/ which doesn’t have credit card data touch the server and would qualify you for SAQ A. The downside is that the billing address can only be sent to Stripe or Woocommerce but not both. Also it may require some tweaking to get it to work how you want it to (such as installing php56-mbstring).

    • This reply was modified 7 years, 6 months ago by kimsf.
    Plugin Support Hannah S.L.

    (@fernashes)

    Automattic Happiness Engineer

    Last time I checked the credit card billing data may be tokenized or handled on the server and that’s so Woocommerce is able to record just the billing address that the customer entered and that Stripe gets to see the information.

    If you choose not to allow customers to save credit card info, that’s correct. If customers save credit card info, then a token is saved that Stripe knows how to interpret.

    If the credit card data were to be saved in out database, we’d definitely have to check what our local regulators say about storing credit card data and necessary certifications.

    That’s something you’ll want to look into, as these things are very different from country to country.

    • This reply was modified 7 years, 6 months ago by Hannah S.L..
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Does credit card data ever touch our database?’ is closed to new replies.