Stripe has been audited and certified as a PCI compliance Level 1 service provider, which means it has to undergo an annual compliance report and routine security scans and tests. Stripe encrypts all customers’ credit card numbers and stores decryption information separately, which means Stripe can’t see credit card numbers without taking extra steps. Stripe mandates that all online transactions take place over the more secure HTTPS network.
Payment security is a priority for Stripe. This is evident through the various measures it uses to protect card information. Here are some of those security measures, which should put your mind at ease:
- PCI Service Provider Level 1 Certification - The highest level of certification in the payments industry. ²
- Encrypted Data and Communication - The service uses PGP keys for safe communication.
- Money Transmitter Licenses - Stripe complies with legal regulations for payment platforms.
- Card information theft prevention - All card numbers are encrypted at rest with AES-256⁶ so Stripe’s internal servers and daemons can’t obtain plaintext card numbers.
-
Encryption:
- HTTPS for all services using TLS (SSL)
- PCI Service Provider Level 1
- PGP keys for safe communication to migrate sensitive data to Stripe, such as credit card information.
To read more about Stripe’s policy, click below on the link to be redirected to Stripe’s Privacy Center.