We use Stripe for processing card payments via our e-commerce site. The Stripe plugin makes use of tokenized card payments meaning we are able to complete the SAQ-A for PCI compliance.
I’ve also enabled the Stripe integration on QuickFile however because I’m not sure how the integration works, I don’t know where we stand with regard to PCI compliance if we allow customers to use the QuickFile Stripe integration to pay invoices.
Does it meet the criteria for the SAQ-A form to be completed as opposed to another more laborious form?
The Stripe form used on QuickFile is the Stripe Elements form, which has been designed and developed by Stripe themselves.
Taken from Stripes own website:
Stripe Elements are the easiest way to keep up with current PCI regulations—no sensitive data hits your servers. You qualify for the easiest form of PCI compliance, which shields you from costly and time-sensitive audits. We even auto-generate the Self Assessment Questionnaire (SAQ A) documentation.
Stripe Elements make collecting payment details more secure and help prevent malicious actors from stealing any sensitive information. We generate a secure iframe and isolate sensitive information from your site—eliminating entire classes of attacks—while still giving you full visual control
This means that no credit card data hits the QuickFile server and is sent directly to Stripe to process from the client’s device.