Nikul Kukadiya | Stripe Developers | Page 1

verbal karmaBOT Feb 24, 2023, 5:49 AM

#

toxic turret Feb 24, 2023, 5:50 AM

#

But that UI for entering the card number and expirty and cvv is our custom one so do we need to go through PCI compliences?
Do you mean you're not using Payment Sheet or Element provided by Stripe mobile SDK?

light panther Feb 24, 2023, 5:50 AM

#

Right

toxic turret Feb 24, 2023, 5:54 AM

#

If you're not using Stripe Payment Sheet or Element, you have to reach out to QSA to validate your PCI compliance.

writing your own code to handle card information, you may be responsible for additional PCI DSS requirements (6.3 - 6.5) and not be eligible for an SAQ A. In this case, we’d suggest you reach out to a PCI Qualified Security Assessor (QSA) to determine how best to validate your compliance according to the current guidance from the PCI Council.

If you use Stripe Payment Sheet or Elements, then you don't have to.

For more details, you may refer to the doc here: https://stripe.com/docs/security/guide

#

In summary, you have to go through PCI compliance when handling card information on your own

#Nikul Kukadiya