|
Hi Aaron, in EE 4.2, which is currently in ALPHA testing and will be released soon asap, we have added the Mijireh gateway, which will help significantly with PCI-compliance issues like this. Mijireh can basically act as a middle-man between your site and Stripe (or a large number of other gateways). So, using Mijireh, you can use Stripe to process payments and keep PCI compliance. When we do implement the Stripe gateway for EE4, we are planning on sending the credit card details via javascript in order to help with PCI compliance. However, Mijireh makes the argument that even that isn’t fully PCI compliant either. So yes, our current implementation of Stripe for EE3 does require HTTPS and does handle CC data (although it is never stored: it is briefly handled and sent to stripe), which means it would require the same PCI-compliance measures as any other onsite gateway (eg Paypal pro). That’s why its listed as an onsite-gateway and we recommend using HTTPS with it. The fact that you are using a shared-server, to my knowledge, does not mean you cannot pass-on CC data (although it does make issues like keeping your server’s software up-to-date more challenging). If you can point us to where a PCI compliance document that specifies such a restriction for those using shared-servers, we’ll definitely update our documentation. We are sorry that our EE3 implementation of Stripe did not alleviate your PCI-compliance needs more than other onsite gateways. Does that address your issue?
|
The support post ‘Incorrect implementation fo Stripe Gateway (EE3)’ is closed to new replies.
Have a question about this support post? Create a new support post in our support forums and include a link to this existing support post so we can help you.
