|
Anthony Irtelli
|
December 9, 2020 at 9:33 am
Hi
I am trying to work out exactly what is needed for using the Stripe addon. I am used to using the stripe addon for Gravity forms which uses webhooks and the credit card information never touches the hosting server.
Is this the same case with event espresso? Can I get away with having a TLS certificate and making the site the only site on the server? Or do I need a PCI compliance audit?
Many thanks
Mark
|
|
Tony
|
December 9, 2020 at 1:10 pm
Hi there,
We have 2 integration methods with Stripe which are Checkout and Elements, both of which require SAQ-A level compliance (Elements supports PSD2, Checkout is now considered deprecated by Stripe and does not). However, it also depends on the volume of transactions taken on your site, see:
https://stripe.com/en-gb/guides/pci-compliance
Can I get away with having a TLS certificate and making the site the only site on the server?
May I ask what level of compliance you believe that would be?
Or do I need a PCI compliance audit?
Unless your using on-site payment methods and/or processing 6million transactions per year (putting you in level 1) it’s unlikely you need an audit and just and SAQ should be fine, note they do include network scans from an approved vendor.
|
