I posted an inquiry via the support channel some time ago regarding credit card processing and a concern for PCI compliance and thought I’d drop it here for any community input and to check whether there might be any update on progress toward these features. Thanks!
Support:
Credit card field values are not included in the form submission as the add-on uses Stripe.js to tokenize the card and delete the values from the field before it is posted by the browser.
Me:
I was reading up a bit more on this and see that even use of Stripe.js could require heavier PCI compliance validation (see here) if it is not being used in conjunction with Elements to serve form inputs via an iframe. I expect this is because my server could still be running a script to sniff user’s keystrokes. Are there any plans to implement Checkout or Elements via hte Stripe add-on? This would be an excellent feature. Otherwise, I might unfortunately have to move away from Stripe integration for the sake of my client’s PCI compliance. Thanks for your consideration of this request.
Support:
Both elements and checkout are on the cards for the next major update to the add-on, we don’t currently have a release date planned.
