- bocliftonAsked on January 05, 2015 at 01:57 PM
I am using the Stripe payment module on a form, but there doesn't seem to be any indication of SSL or any other type of security. Do I need an SSL certificate on my site? How is this information encrypted by JotForm once it is sent by the user?
- JotForm SupportdavidAnswered on January 05, 2015 at 02:55 PM
The payment processing and related data transfers are not actually handled by us at all. All transactions use the same encryption and data transfer methods that the payment processor, in this case Stripe, use. We do not store or transfer any of the data ourselves. All related notifications regarding the payment are also handled by the payment processor. You do not need to use the SSL in your forms unless you are actually capturing the credit card data outside of your stripe field.
- bocliftonAnswered on January 05, 2015 at 02:58 PM
Hey David, thanks for the quick reply.
Just so I completely understand, you're saying that if I embed a JotForm on my website, I don't need to have SSL enabled on my site. Everything will still be encrypted by Stripe.
You're saying that submitting payment information on this page would be encrypted: http://www.boclifton.com/student-sign-up.html
- JotForm SupportdavidAnswered on January 05, 2015 at 03:12 PM
As long as the only secure information you are collecting is through the Stripe field, then yes, you are correct. Though only the data collected in the Stripe field will be encrypted. Anything collected outside of that field will not be encrypted. So, you payment information will be, the rest will not. So lets say you were also collecting a users social security number. The payment information would be encrypted, but the SSN would be sent and stored in plain text.
Here is a quick guide on using JotForm in a HIPAA compliant manner: