Do I need to be PCI compliant? What do I have to do?
Anyone involved with the processing, transmission, or storage of credit card data must comply with the Payment Card Industry Data Security Standards (PCI DSS). Stripe makes it easy to do so:
- Serve your payment page over SSL, i.e., the page's web address should begin with
- Use Stripe.js or Checkout to accept payment information and transmit it directly to Stripe's servers.
Depending on how you use Stripe, we'll ask you some questions on how you handle credit card data once you've been accepting payments. They're all from the Payment Card Industry's Security Questionnaires. We'll prompt you through your Dashboard when we need this from you.
While complying with the Data Security Standards is important, it shouldn't be where you stop thinking about security. Some good resources to learn about web security are: