Stripe: What is the extension's PCI scope?

Modified on Mon, 29 Mar, 2021 at 3:40 PM

PCI compliance is a complex and multifaceted issue, covering every aspect of your business. We can't guarantee that your business is PCI-compliant. That depends on your server, policies, processes, regular security scans, other payment methods offered, and a lot more. What we can tell you is that this extension will not prevent you from being PCI compliant. We don't store or log confidential cardholder data, or do anything else that would bring you under scrutiny.


This extension implements Stripe Elements for all credit card forms, and does not support collecting credit card data by any other means. That means credit card data is entered directly on webpages hosted by Stripe, and credit card numbers never touch your website or server directly. According to Stripe, that makes the ParadoxLabs Stripe payment method eligible for PCI v3.2 Self-Assessment Questionnaire A (PCI SAQ A), the simplest possible form and process. Stripe will even pre-fill the form for you.


For more information, see Stripe documentation: PCI DSS guidelines


Note that you must have SSL enabled on all checkout and login forms, and that this eligibility only applies to this specific payment method. Any other payment methods or credit card handling your business may perform will have its own SAQ eligibility, and may require you to complete a more stringent SAQ form.


For details on the SAQ types and what eligibility means, see "Self-Assessment Questionnaire Instructions and Guidelines (3.2)" (PDF, by PCI Standards Security Council).

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article