DEVHIDE
Login Or Sign up

Is this set-up PCI DSS compliant?

191 Views Asked by At

Setup:

  1. Mobile uses Stripe to get credit card token.
  2. Mobile sends token to Server 1.
  3. Server 1 gets credit card details using the token.
  4. Instantly, the Server 1 encrypts the details and sends it to a PCI DSS compliance Server 2 via an SSL connection.

Does Server 1 has to be PCI DSS compliant?

stripe-payments pci-compliance pci-dss
Original Q&A
1

There are 1 best solutions below

3
Paul Asjes On

Your set up won't work. You cannot get raw credit card details from a Stripe token. Even if you could, you'd still be handling sensitive information and would have to be PCI compliant.

For your flow to work you'd have to send the raw details to Server 1, which puts you in the SAQ D category of PCI compliance (the harshest one): https://stripe.com/docs/security#validating-pci-compliance

Related Questions in STRIPE-PAYMENTS

Related Questions in PCI-COMPLIANCE

Related Questions in PCI-DSS

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Popular Questions

.

Copyright © 2021 Jogjafile Inc.