Support

Home Forums Event Espresso Premium Stripe and PCI compliance

Stripe and PCI compliance

Posted: December 9, 2020 at 9:33 am

Viewing 1 reply thread


Anthony Irtelli

December 9, 2020 at 9:33 am

Hi

I am trying to work out exactly what is needed for using the Stripe addon. I am used to using the stripe addon for Gravity forms which uses webhooks and the credit card information never touches the hosting server.

Is this the same case with event espresso? Can I get away with having a TLS certificate and making the site the only site on the server? Or do I need a PCI compliance audit?

Many thanks

Mark


Tony

  • Support Staff

December 9, 2020 at 1:10 pm

Hi there,

We have 2 integration methods with Stripe which are Checkout and Elements, both of which require SAQ-A level compliance (Elements supports PSD2, Checkout is now considered deprecated by Stripe and does not). However, it also depends on the volume of transactions taken on your site, see:

https://stripe.com/en-gb/guides/pci-compliance

Can I get away with having a TLS certificate and making the site the only site on the server?

May I ask what level of compliance you believe that would be?

Or do I need a PCI compliance audit?

Unless your using on-site payment methods and/or processing 6million transactions per year (putting you in level 1) it’s unlikely you need an audit and just and SAQ should be fine, note they do include network scans from an approved vendor.

Viewing 1 reply thread

The support post ‘Stripe and PCI compliance’ is closed to new replies.

Have a question about this support post? Create a new support post in our support forums and include a link to this existing support post so we can help you.

Event Espresso