PCI Security Compliance (Tokenization with Stripe Elements?)

  • Resolved maltfield

    (@maltfield)


    1 year, 1 month ago

    If I use this plugin, does the customer’s payment data (eg Credit Card Number) ever touch my server?

    My server infrastructure is *not* PCI compliant. For that reason, it’s critical that any payment plugins that I use make sure that any sensitive payment PII gets sent directly from the client’s user agent to the payment processor’s infrastructure. If any UID needs to be stored on my server, that would need to be a tokenization of the payment information, such that my wordpress server would lie outside the scope of PCI compliance.

    Unfortunately, I couldn’t find any information about how this plugin handle’s customer payment information.

    Does this plugin ever expose my server to customer’s payment information?

    false-positive censors: this isn’t a duplicate. it’s a different plugin!

Viewing 2 replies - 1 through 2 (of 2 total)
  • Saif

    (@babylon1999)

    1 year, 1 month ago

    Hello @maltfield!

    If I use this plugin, does the customer’s payment data (eg Credit Card Number) ever touch my server?

    No, never.

    The Stripe element on the checkout page isn’t hosted on your website; it’s an iframe. You can think of it as a portal that’s only displayed on your website, but the data is never processed or read by your website.

    hat would need to be a tokenization of the payment information,

    Yes, Stripe will tokenize the payment method before sending the response back to your website.

    If you’d like to learn more about PCI compliance in WooCommerce, check out this guide: https://woocommerce.com/document/stripe/troubleshooting/pci-compliance/

    Cheers!

    Zee

    (@doublezed2)

    1 year, 1 month ago

    Hello maltfield,

    Thank you for contacting WooCommerce support.

    This question is similar to the one you have asked on this thread. Could you check my response on that thread and visit the links referenced? As Saif said, the Stripe form is loaded via iframe. You can learn more about how iframes work in this article.

    I appreciate Saif for this contribution.

    Best regards.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘PCI Security Compliance (Tokenization with Stripe Elements?)’ is closed to new replies.