Do I need to be PCI compliant? What do I have to do?
Anyone involved with the processing, transmission, or storage of credit card data must comply with the Payment Card Industry Data Security Standards (PCI DSS). Stripe makes it easy to do so:
- Serve your payment page over SSL, i.e., the page’s web address should begin with
- Use Stripe.js or Checkout to accept payment information, which uses an iframe to transmit sensitive information directly to Stripe’s servers.
Depending on how you use Stripe, we’ll ask you some questions on how you handle credit card data once you’ve been accepting payments. They’re all from the Payment Card Industry’s Security Questionnaires. We’ll prompt you through your Dashboard when we need this from you.
If you need to provide someone else with an Attestation of Compliance (AOC), and/or you are asked to fill in a PCI DSS Self-Assessment Questionnaire (SAQ), then we likely already have you covered! Just go to your security settings and click on “View completed document”. We have pre-filled the documents for you.
While complying with the Data Security Standards is important, it shouldn’t be where you stop thinking about security. Some good resources to learn about web security are: