#Michał Dziewanowski-stripe-js-security

zenith raft · 2021-12-13T13:16:41.492Z

Michał Dziewanowski-stripe-js-security | Stripe Developers | Page 1

1 messages · Page 1 of 1 (latest)

zenith raft Dec 13, 2021, 1:16 PM

Hey, what specific concerns do you have?

brisk hatch Dec 13, 2021, 1:19 PM

I see Stripe doesn't support Client Side Encryption, it requires just to pass card data into it's components directly.
Also, according to docs Stripe encrypts data only at rest (stored, not transmitted).
My concerns are that it's dangerous to send raw credit card data into Stripe's services. It's protected only via TLS.

My question is, does Stripe support any client side encryption, so I'm missing it in docs?

How is it PCI compliant if it encrypts data only at rest? The communication is unsecured, just over tls, but its raw card data anyways