Title: Possible Compliance & Security Issue Last modified: May 19, 2017 --- # Possible Compliance & Security Issue * Resolved [nr123](https://wordpress.org/support/users/nr123/) * (@nr123) * [8 years, 12 months ago](https://wordpress.org/support/topic/possible-compliance-security-issue/) * Hello, in debugging a plugin issue I noticed in the Stripe interface that this plugin is automatically creating a Stripe Customer Record for this client and then saving the Credit Card of the client against that Customer Record in Stripe. * This is a red flag in that the client never gave permission to have their credit card details stored, even though it is in a secured Merchant Facility system. * Is it possible to have an option added to the plugin to allow the developer to disable this saving of Credit Card in the Stripe wordpress plugin settings. * Presumption that this storing of cards is for Subscription implementations however it feels incorrect to force save all cards even if the client isn’t subscribing to a service. Viewing 6 replies - 1 through 6 (of 6 total) * Plugin Support [mbrsolution](https://wordpress.org/support/users/mbrsolution/) * (@mbrsolution) * [8 years, 12 months ago](https://wordpress.org/support/topic/possible-compliance-security-issue/#post-9151047) * Hi, the plugin developers will investigate further your issue/request. * Thank you * Plugin Author [mra13](https://wordpress.org/support/users/mra13/) * (@mra13) * [8 years, 12 months ago](https://wordpress.org/support/topic/possible-compliance-security-issue/#post-9151066) * You need to talk to Stripe team about this. Our plugin is implemented according to Stripe’s guideline. We talked to the Stripe team and got our implementation checked. They confirmed that it is all good. I don’t want to change anything in there and upset our existing users because we know the current implementation is good. I would rather you use a different plugin which is customized the way you want it. - This reply was modified 8 years, 12 months ago by [mra13](https://wordpress.org/support/users/mra13/). * Thread Starter [nr123](https://wordpress.org/support/users/nr123/) * (@nr123) * [8 years, 12 months ago](https://wordpress.org/support/topic/possible-compliance-security-issue/#post-9151437) * Hello, thank you for the reply. * If the Stripe Checkout is implemented as per the Stripe documentation : [https://stripe.com/docs/checkout/tutorial](https://stripe.com/docs/checkout/tutorial), a Customer record is not created in the Stripe system nor is the saving of their credit card details. This seems logical as the client does not indicate they would like them saved. * However the standard Stripe Checkout implementation for non-subscription payments in your plugin does create a Customer Record and save the client credit card details. So presuming the Customer Record & credit card saving is being created by this plugins own code. * Would also presume that most clients wouldn’t be happy that their Credit Card details were being saved against their name in a Merchant Facility without their prior agreement to save them. This is what is being referred to as a possible compliance/security issue. * Is it possible for your plugin to not save the credit details against a Customer Record if your plugin is being used for non-subscription payments? Or at least provide an option for it to be disabled in the plugin should users of your plugin feel this is a compliance/security issue? * Thank you for you consideration. - This reply was modified 8 years, 12 months ago by [nr123](https://wordpress.org/support/users/nr123/). Reason: clarity * Plugin Author [mra13](https://wordpress.org/support/users/mra13/) * (@mra13) * [8 years, 11 months ago](https://wordpress.org/support/topic/possible-compliance-security-issue/#post-9155613) * I will work on adding a settings option for this in a future release. * Thread Starter [nr123](https://wordpress.org/support/users/nr123/) * (@nr123) * [8 years, 11 months ago](https://wordpress.org/support/topic/possible-compliance-security-issue/#post-9181785) * Thank you for your consideration. * Plugin Author [mra13](https://wordpress.org/support/users/mra13/) * (@mra13) * [8 years, 11 months ago](https://wordpress.org/support/topic/possible-compliance-security-issue/#post-9208660) * There is a new option for this in the settings menu of this plugin. Viewing 6 replies - 1 through 6 (of 6 total) The topic ‘Possible Compliance & Security Issue’ is closed to new replies. * ![](https://ps.w.org/stripe-payments/assets/icon-128x128.png?rev=2705524) * [Accept Stripe Payments](https://wordpress.org/plugins/stripe-payments/) * [Frequently Asked Questions](https://wordpress.org/plugins/stripe-payments/#faq) * [Support Threads](https://wordpress.org/support/plugin/stripe-payments/) * [Active Topics](https://wordpress.org/support/plugin/stripe-payments/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/stripe-payments/unresolved/) * [Reviews](https://wordpress.org/support/plugin/stripe-payments/reviews/) * 6 replies * 3 participants * Last reply from: [mra13](https://wordpress.org/support/users/mra13/) * Last activity: [8 years, 11 months ago](https://wordpress.org/support/topic/possible-compliance-security-issue/#post-9208660) * Status: resolved