parzval_cvv-collection-pci | Stripe Developers | Page 1

ancient carbonBOT Mar 9, 2026, 4:15 PM

#

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1480599895353331833

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

#

quartz yacht Mar 9, 2026, 4:16 PM

#

Hello 👋

I think we need to take a step back. Why would you want to avoid CVV collection?

#

The payment element is designed to collect the minimum amount of information necessary to achieve the highest conversion/authentication rate

floral roost Mar 9, 2026, 4:16 PM

#

because my senior said so

quartz yacht Mar 9, 2026, 4:17 PM

#

But you are not storing CVC

#

Stripe collects this for you and does not store it beyond the initial authorization with card issuer

#

Stripe uses the CVC collected and then disgards it

#

And is fully PCI compliant

floral roost Mar 9, 2026, 4:18 PM

#

this is what I was trying to tell him. in that case, if ever, will setupintent work without cvv?

quartz yacht Mar 9, 2026, 4:20 PM

#

Saving a Payment Method with the Payment Element and Setup Intents is 100% PCI compliant. Unfortunately, I think your senior fundamentally misunderstands how this process works with Stripe.

You cannot exlcude the CVV from the Payment Element. You can use individual Card Element fields to avoid using the CVV but I think you will likely see many more declines.

floral roost Mar 9, 2026, 4:22 PM

#

thank you for this, he's heavily reliant on chatGPT/AI and this is only one of my frustrations.

quartz yacht Mar 9, 2026, 4:23 PM

#

Unfortunately, especially with API focused integrations, AI can often be very wrong

#

I helped build a testing suite for AI models specifically for Stripe integrations and it gets them hilariously wrong some times

#

I think you should share this doc with your senior: https://stripe.com/guides/pci-compliance

It covers different levels of PCI Compliance and how Stripe products fit that

#

For the Payment Element, this is the relevant row of information:

Checkout or Elements

SAQ A

Checkout and Stripe.js and Elements host all card data collection inputs within an iframe served from Stripe’s domain (not yours), so your customers’ card information never touches your servers.

floral roost Mar 9, 2026, 4:25 PM

#

its also where AI hallucinates most.

#

thank you so much

quartz yacht Mar 9, 2026, 4:27 PM

#

I hope this helps clarify things. Honestly, using Setup Intents with the Payment Element mvoes all data collection and PCI concerns to Stripe so your company is not exposed. It's the safe way to do things. We often have to talk people out of wanting to collect the card details directly.

floral roost Mar 9, 2026, 4:29 PM

#

this was his original idea, and wants me to handle encryption myself.

#

thank you again

quartz yacht Mar 9, 2026, 4:30 PM

#

I'm sorry, I hope you can convince him otherwise. Have a good day

#parzval_cvv-collection-pci