#sandy.nozaki

Hi there, can you give me the context of your ask?

well i want to know when we send card info card number, expiration date, cvv via stripejavascript

does the cvv also get encrypted in the token?

What API are you using?

not sure im not a developer

im just trying to understand if cvc CAN be encrypted for use for all future payments on the same saved card

OK. The card information is saved securely with Stripe (so that you don't need to worry about PCI compliance since Stripe takes care of it), and yes you can use the saved card for future payments (https://stripe.com/docs/payments/save-and-reuse)

but is the cvv also stored and encrypted with stripe?

so if initially when we submit a card with all info such as card number, exp date, cvc...and then one day there was an card update (auto card updater), would we need to have our cardholders re-enter the cvc or would it not require it and process as is?

It depends on the card issuer, Stripe will perform automatic card updates (https://stripe.com/docs/saving-cards#automatic-card-updates) if the card supports it. And my advice is to always handle card decline scenario because it's very common in card payments (https://stripe.com/docs/declines)

does card_id include the cvc?

What do you mean by card_id ?

or is the "cvc check: pass," just referring to the first time?

by card_id i mean when we send card info: card #, exp date, cvv via stripe.j.s and stripe returns a token there is a card_id

and within that card_id displays "cvc check: pass"

we use that card_id when processing payments which is sent to stripe

so what im asking, is that initial "cvc check:pass" what we use going forward w future payments?

or does that cvc get checked again somehow with the issuing bank at every check out?

are CVC encrypted by Stripe to use for future payments?

CVC data is not necessary for card-on-file transactions or recurring payments, also storage of CVC is prohibited by PCI compliance.

ok so stripe doesnt encrypt the cvc , is this correct?

What I said is Stripe doesn't store CVC ( PCI compliance prohibits storage of this data), but the transmission of the sensitive card information (including cvc) to Stripe is secured and encryped.

ok so when we send card info: cardnumber, exp date and cvc...stripe encrypts it which is included in the card_id within the token returned by stripe that we use for future payments?

Token is for one-time use only (I assume you are talking about (https://stripe.com/docs/js/tokens_sources/create_token?type=cardElement). I'd recommend you to read through this doc (https://stripe.com/docs/payments/save-and-reuse) to understand how to save a card and make it reusable.

i just want to know if cvc is encrypted to use for future payments

Maybe I didn't explain clearly, but cvc is not required for future payments.

no i know that but i just want to know if we wanted to require it can it be encrypted to use for future payments?

I don't quite understand, can you elaborate?

so i understand its not required at every payment

nor is it required at the initial time of adding new card

but what i want to know is if we wanted to send that cvc every single transaction can it be encrypted by stripe so that we can send it along with all the other card info

If I understand correctly, you want to recollect the cvc from you customer during a payment even though the card is already saved with stripe?

well not recollect

when they opt for the saved card, we want to also send the cvc with the transaction without customer reentering it

Hmm, I don't think that's possible. As I explained before, PCI compliance prohibits storage of cvc. So you can't save the cvc for your customer.

so youre saying that stripe wouldnt even be able to send the originally sent cvc to the issuing bank for future payments thats done with saved cards?

No, even Stripe doesn't store cvc.

which also means stripe doesnt encrypt cvc when sending to us

only when we send that info to stripe is it encrypted

Stripe won't return cvc to you.

ok thank you

Anyway, if you want to recollect the cvc, here's the guide https://stripe.com/docs/payments/save-during-payment-cards-only#web-recollect-cvc

recollecting would be at the time of every check out right?

or whenever we want to like lets say put in a query that if something changed within the account we prompt to re-collect the cvc

It's just an additional fraud measure to verify the user.