-
mbernsteinAsked on January 9, 2019 at 4:57 PM
Hello,
Does your Stripe integration use Stripe Elements and Stripe.js v3 which allows me to use SAQ-A for my PCI compliance (i.e. cardholder data never touches JotForm payment page)?
OR
Does yous Stripe integration use Stripe.js v2 which requires me to use SAQ-AEP and requires an Attestation of Compliance (AOC) from JotForm, as you would have control over the cardholder data flow as the host of the payment page?
https://stripe.com/docs/security
Thank you.
Marc Bernstein
Page URL: https://stripe.com/docs/security -
roneetReplied on January 9, 2019 at 7:32 PM
The Stripe version used in the JotForm is version 2. You may inspect it in your browser console:
Thanks.
-
mbernsteinReplied on January 9, 2019 at 8:43 PMHello and thank you for your prompt reply.
Yes, I was able to verify that myself as well after I did a few test transactions by looking at the Stripe console logs. The version of Stripe.js you are using is from 2015, I believe.
Do you have plans to upgrade your integration to Elements/Stripe V3, which is Stripe’s recommended approach to integration? This would be more secure, reduce your risk and also allow me (and your other customers) to complete an SAQ-A form to achieve PCI compliance which is simpler than the SAQ-AEP required now.
Thank you,
Marc Bernstein, CAE
Director of Information Technology
T: (847) 268-9209 | C: (847) 722-2414
American Society of Anesthesiologists
1061 American Lane | Schaumburg, IL 60173
asahq.org
... -
Kiran Support Team LeadReplied on January 9, 2019 at 11:23 PM
We are forwarding the thread to our backend team as a feature request for evaluation. Unfortunately, we cannot provide any ETA at this moment. However, if there is any news you'll be updated here on this thread.
Thank you!
-
ardaReplied on July 9, 2020 at 3:41 PM
Hi Marc;
We have upgraded Stripe to the v3 version for a while ago. Also, the Stripe integration provides 3D Secure anymore. You can test it with a Sandbox account.
Best Regards.