Stripe integration: Do you have any plans to upgrade to Stripe Elements v3?

Hello,

Does your Stripe integration use Stripe Elements and Stripe.js v3 which allows me to use SAQ-A for my PCI compliance (i.e. cardholder data never touches JotForm payment page)?

OR

Does yous Stripe integration use Stripe.js v2 which requires me to use SAQ-AEP and requires an Attestation of Compliance (AOC) from JotForm, as you would have control over the cardholder data flow as the host of the payment page?

https://stripe.com/docs/security

Thank you.

Marc Bernstein

The Stripe version used in the JotForm is version 2. You may inspect it in your browser console:

Thanks.

Hello and thank you for your prompt reply.
Yes, I was able to verify that myself as well after I did a few test transactions by looking at the Stripe console logs. The version of Stripe.js you are using is from 2015, I believe.
Do you have plans to upgrade your integration to Elements/Stripe V3, which is Stripe’s recommended approach to integration? This would be more secure, reduce your risk and also allow me (and your other customers) to complete an SAQ-A form to achieve PCI compliance which is simpler than the SAQ-AEP required now.
Thank you,
Marc Bernstein, CAE
Director of Information Technology
T: (847) 268-9209 | C: (847) 722-2414
American Society of Anesthesiologists
1061 American Lane | Schaumburg, IL 60173
asahq.org
...

We are forwarding the thread to our backend team as a feature request for evaluation. Unfortunately, we cannot provide any ETA at this moment. However, if there is any news you'll be updated here on this thread. 

Thank you!

Hi Marc;

We have upgraded Stripe to the v3 version for a while ago. Also, the Stripe integration provides 3D Secure anymore. You can test it with a Sandbox account.

Best Regards.