JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.
We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.
Are credit card payments encrypted?Asked by boclifton on January 05, 2015 at 01:57 PM
I am using the Stripe payment module on a form, but there doesn't seem to be any indication of SSL or any other type of security. Do I need an SSL certificate on my site? How is this information encrypted by JotForm once it is sent by the user?
The payment processing and related data transfers are not actually handled by us at all. All transactions use the same encryption and data transfer methods that the payment processor, in this case Stripe, use. We do not store or transfer any of the data ourselves. All related notifications regarding the payment are also handled by the payment processor. You do not need to use the SSL in your forms unless you are actually capturing the credit card data outside of your stripe field.
Hey David, thanks for the quick reply.
Just so I completely understand, you're saying that if I embed a JotForm on my website, I don't need to have SSL enabled on my site. Everything will still be encrypted by Stripe.
You're saying that submitting payment information on this page would be encrypted: http://www.boclifton.com/student-sign-up.html
As long as the only secure information you are collecting is through the Stripe field, then yes, you are correct. Though only the data collected in the Stripe field will be encrypted. Anything collected outside of that field will not be encrypted. So, you payment information will be, the rest will not. So lets say you were also collecting a users social security number. The payment information would be encrypted, but the SSN would be sent and stored in plain text.
Here is a quick guide on using JotForm in a HIPAA compliant manner: