This article will provide information on the integration settings that are needed to use a Stripe account as your payment processor in your event.
Stripe Email on "Unsafe Processing"
If you are processing payments in your event using a new Stripe account as your payment processor, you may receive the following:
- Error on processing the payment:
- Sending credit card numbers directly to the Stripe API is generally unsafe. To continue processing, use Stripe.js, the Stripe mobile bindings, or Stripe Elements. For more information, see https://dashboard.stripe.com/account/integration/settings.
- Email from Stripe:
The above error and email are unique to Stripe. They indicate that your Stripe account is not set up properly to run transactions through an integration with the Certain Platform.
Hello there, and welcome to Stripe!
We noticed that you are passing your cardholder's full credit card number to Stripe's API. We strongly discourage you from handling this information directly because doing so:
- Potentially exposes your customer's sensitive data to bad actors.
- Excludes your payments from protection by Radar, Stripe's fraud protection solution.
- Requires your business to meet complex and burdensome PCI compliance requirements
To keep your customer's information safe, we were unable to process the unsafe charge you sent us. In order to process payments securely on Stripe, change your integration to collect payment information using one of our official client integrations. These integrations ensure that no sensitive card data ever needs to touch your server.
In rare cases, you may have to continue handling full credit card information directly. If this applies to you, you can enable unsafe processing in your dashboard.
For any questions, just reply to this email and we'd be happy to help.
Editing Your Stripe Settings
1. Log into your Stripe account. 2. Go to https://dashboard.stripe.com/account/integration/settings. 3. Click on Show Advanced Options > Integration. 4. Enable "Process payments unsafely".
Once this is set up on your Stripe account, you should no longer receive this error message when processing payments in events in Certain Platform.
Important Note
The payment information is still encrypted within Certain Platform, and the process itself is safe.
Stripe is referring to the term "Process payments unsafely" as a situation where the credit card information is stored somewhere outside of Stripe (in Certain Platform).
The credit card information is kept in Certain Platform for either 90 days after the transaction, or 90 days from the end date of the event, whichever is longer.
The credit card information is stored in Certain Platform, and Certain meets all PCI compliance requirements and is fully certified.
Since you do not hold or store any of the payment/credit card information, you do not need to have a PCI Compliance Certification.