Stripe PCI Compliance Required

[Echelon Digital Tech]

Apparently there were some changes to some PCI stuff where now people who are using stripe.js v2 need to submit a yearly PCI compliance document. Is there any news on switching the stripe payment gateway to using Stripe Checkout or Elements so we can bypass this?

[WHMCS ChrisD]

Can you provide a bit more information here so I can pass this on to our team, is there a blog or similar?

[petem]

I was wondering the same thing.

Chris, take a look at https://stripe.com/docs/security .

Quote

The PCI Security Standards Council has published a series of changes to eligibility requirements for SAQ A. These require that businesses use input fields hosted by a payments provider in order to be eligible for the simplest PCI validation method. We’ve designed both Checkout and Elements with these changes in mind so that you can continue to validate using SAQ A without losing much of the flexibility and customizability of a form hosted on your website.

Cheers

Pete

[Echelon Digital Tech]

Thanks Pete. I should've included that in the parent post *facepalm*

[WHMCS John]

Hi @Echelon Digital Tech,

We are aware of these changes, and are investigating Stripe Elements. It would be helpful to us if you added your vote and thoughts to the corresponding feature request https://requests.whmcs.com/topic/migrate-to-stripe-elements-implementation