Support

Home Forums Event Espresso Premium PCI compliance PayPal vs Stripe

PCI compliance PayPal vs Stripe

Posted: February 1, 2025 at 9:02 am

Viewing 3 reply threads


MSCM

February 1, 2025 at 9:02 am

We have been using PayPal express, where users were sent to PayPal to complete payments. Now we must use PayPal Commerce. The warning of <<You are responsible for your own website security and Payment Card Industry Data Security Standards (PCI DSS) compliance.>> is of concern. Would we get the same warning of we switched to Stripe? Which is more secure to use with EE oon wordpress? Thank you.


Tony

  • Support Staff

February 3, 2025 at 6:12 am

Hi there,

So, in short, there is no such thing as ‘0 Requirement PCI Compliance level’ which means that every single payment method you use requires PCI Compliance of some sort. PayPal Express requires a level of PCI Compliance and becuase PayPal handle the card data all on their servers it needs the lowest level of compliance (SAQ-A)

What changes, is the level of PCI Compliance you need so even with PayPal Express you need PCI Compliance (this has always been the case, this isn’t something new) but it’s the lowest/easiest requirement to have.

So to answer this question:

Would we get the same warning of we switched to Stripe?

Yes. The warning would still show and SAQ-A still applies.

The warning within EE is there becuase some users assume EE handles PCI Compliance for you but that not how it all works. PCI Compliance documentation is vague (Personally I think it’s done that way intentionally) but generally a good rule of thumb is you want to keep the lowest level of PCI compliance required.

Stripe requires SAQ-A even though everything is done by Stripe’s servers.

PayPal Commerce is the same, the transaction is handled by PayPal in almost the same way it is with PayPal Express. Commerce has the ‘Express Buttons’ where you click on the PayPal button and it opens up a login for PayPal where you are paying with PayPal itself. It also has an option to include card fields on your site for users to pay directly with card… BUT… those card fields are actually iFrames loading from PayPals servers so still keeps your PCI Compliance level requirement low.

Which is more secure to use with EE oon wordpress?

All 3 (Stripe, PayPal Express and PayPal Commerce) are similar here.

If you want to stick with PayPal, PayPal Commerce has the option to just load the ‘Express buttons’ which then makes it work in a very similar way to Express. So if you were happy with that payment flow you have something very similar in Commerce.

Can you link me an event I can run a test registration on? I’ll take a look and can walk through setting up PayPal Commerce (whilst leaving PayPal Express enabled) to test it works for you if needed?


MSCM

February 6, 2025 at 10:16 am

Tony, what a great comprehensive answer! Thank you. I have been out of town and apparently the client has not finished setting up PayPal Commerce. So we will get that done first and then ask you for your help running a test. Thank you!


Tony

  • Support Staff

February 7, 2025 at 6:18 am

You’re most welcome.

Please do let me know if you have any questions and I’ll answer as best I can.

Viewing 3 reply threads

You must be logged in to reply to this support post. Sign In or Register for an Account

Event Espresso