xathieur-unsafe-processing | Stripe Developers | Page 1

frank isle Nov 11, 2021, 2:22 PM

#

Hi 👋 could you elaborate a bit on what you're referring to?

solid lichen Nov 11, 2021, 2:34 PM

#

Hi yes

#

I get an error message

cloud berry Nov 11, 2021, 2:34 PM

#

What is the error message?

solid lichen Nov 11, 2021, 2:34 PM

#

Error: Your payment was declined for the following reason: Sending credit card numbers directly to the Stripe API is generally unsafe. To continue processing use Stripe.js, the Stripe mobile bindings, or Stripe Elements. For more information, see https://dashboard.stripe.com/account/integration/settings."

#

I want to enable unsafe processing

cloud berry Nov 11, 2021, 2:35 PM

#

Follow that link and check 'Handle card information directly'

#

solid lichen Nov 11, 2021, 2:35 PM

#

#

What would I select

cloud berry Nov 11, 2021, 2:36 PM

#

Read all of those and if you are happy and agree, check all and continue

#

I believe they must all be checked

solid lichen Nov 11, 2021, 2:36 PM

#

Thanks

cloud berry Nov 11, 2021, 2:36 PM

#

No problem

frank isle Nov 11, 2021, 2:37 PM

#

Please be sure to understand that PCI compliance is shifted to being your responsibility if you go down this route.

solid lichen Nov 11, 2021, 2:37 PM

#

#

Which one should I select at the bottom

frank isle Nov 11, 2021, 2:38 PM

#

Which one applies to your situation?

cloud berry Nov 11, 2021, 2:38 PM

#

Which ever one best suits your situation

solid lichen Nov 11, 2021, 2:38 PM

#

two of them apply

#

I had tried enabling this but the error still occurs

#

Any thoughts?

cloud berry Nov 11, 2021, 2:44 PM

#

What can you see when you go to https://dashboard.stripe.com/settings/integration

warm coral Nov 11, 2021, 2:44 PM

#

you're probably mixing up accounts then like you enabled it one account but you're using the API keys of another.

#

also really, you should almost never do this.

#

are you PCI certified and in a position to submit a SAQ D https://www.pcisecuritystandards.org/documents/SAQ_D_v3_Merchant.pdf document to us every year?

solid lichen Nov 11, 2021, 2:46 PM

#

Noo I am not, do I have to get PCI Certified?

#

Is this forum required?

warm coral Nov 11, 2021, 2:48 PM

#

solid lichen Noo I am not, do I have to get PCI Certified?

not if you integrate according to our docs.

#

what are you trying to do, why are you making an API call with raw card details? What guide are you following exactly?

solid lichen Nov 11, 2021, 2:51 PM

#

I can fix this error by enabling something, the fix is here: https://dashboard.stripe.com/settings/integration but after that, there is a risk credit card info

#

like you said, is there anyway to do with without risking the info like you said earlier?

#

or what do you think @warm coral

warm coral Nov 11, 2021, 2:55 PM

#

no, the fix is to not send raw card numbers.

#

you should start with https://stripe.com/docs/payments/accept-a-payment and integrate that way(using our frontends like Checkout or Elements), it does not involve sending card numbers or having the same PCI implications or needing to enable that setting.

solid lichen Nov 11, 2021, 2:56 PM

#

Ohhh, I am setting this up on an e-commerce site

#

Is this possible by following this link, and integrating that way?

warm coral Nov 11, 2021, 3:02 PM

#

what guide are you following or what is this e-commerce site exactly?

solid lichen Nov 11, 2021, 3:03 PM

#

Absorb is the company

#

it says . Stripe is recommending that users make use of their tokenization integration options, so that the merchants don't have to handle credit card numbers at all.

warm coral Nov 11, 2021, 3:06 PM

#

yep indeed, we do recommend that.

solid lichen Nov 11, 2021, 3:06 PM

#

it also says depending on how your account was created, you may receive an email from Stripe noting that you need to enable either tokenization or “Unsafe Processing”,

#

i get the unsafe processing, do you think i created it wrong

warm coral Nov 11, 2021, 3:07 PM

#

well I think that Absorb should not be using an integration that requires you as the user to enable that option.

#

do you have a link?

#

are we talking about https://support.absorblms.com/hc/en-us/articles/231697987-Configuring-eCommerce ? or something else

#

ah ok yes, I see that language in their setup guide PDF, I suppose that's what you're looking at?

#

ideally that platform would not integrate that way, but if you trust them to handle the card details then it's ok to enable that setting in your Stripe account.

#

as I mentioned, it should work if you enabled it. Most likely you activated it on the wrong Stripe account for example if you have multiple, they would be my guess.

solid lichen Nov 11, 2021, 3:14 PM

#

Yes that is

#

What i was looking at

#

So @warm coral it works when I enabled it, but I was just scared about the credit card info

#

I was wondering if there is anyway around it

warm coral Nov 11, 2021, 3:16 PM

#

if you use that plugin it seems like they require you to enable this since it's how they've built their integration, maybe there's a way to avoid it or they have a new version that uses tokenization, you'd have to ask them.

#

if you have concerns about the PCI implications of their solution I'd suggest you reach out to their support team.

solid lichen Nov 11, 2021, 3:18 PM

#

Thanks Karl i appreciate it

#xathieur-unsafe-processing