I am trying to work out exactly what is needed for using the Stripe addon. I am used to using the stripe addon for Gravity forms which uses webhooks and the credit card information never touches the hosting server.
Is this the same case with event espresso? Can I get away with having a TLS certificate and making the site the only site on the server? Or do I need a PCI compliance audit?
We have 2 integration methods with Stripe which are Checkout and Elements, both of which require SAQ-A level compliance (Elements supports PSD2, Checkout is now considered deprecated by Stripe and does not). However, it also depends on the volume of transactions taken on your site, see:
Can I get away with having a TLS certificate and making the site the only site on the server?
May I ask what level of compliance you believe that would be?
Or do I need a PCI compliance audit?
Unless your using on-site payment methods and/or processing 6million transactions per year (putting you in level 1) it’s unlikely you need an audit and just and SAQ should be fine, note they do include network scans from an approved vendor.
Viewing 1 reply thread
The support post ‘Stripe and PCI compliance’ is closed to new replies.
Have a question about this support post? Create a new support post in our support forums and include a link to this existing support post so we can help you.
Support forum for Event Espresso 3 and Event Espresso 4.