@stripe I'm not sure how your Stripe.js + Elements is SAQ A as labeled in your documentation. "If any element of a payment page originates from the merchant’s website, the implementation is not eligible for SAQ A." http://goo.gl/EU3qF5
We serve Elements directly iframes, which ensures that no card data touches the Stripe users server. There's some extra explanatory information here, if that's helpful!https://stripe.com/docs/security#validating-pci-compliance …
-
-
right, but the information is still collected from a page on the merchant's site which is subject to other potentially malicious code, particularly if they've been told they don't need to worry about security because they're SAQ A.
-
your security page says "Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. " so i assume somehow it works, i'm just unclear as to how, since it seems to conflict with the definition of SAQ A.
- 4 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.