We take security very seriously. In fact this is the biggest consideration in everything we do. We have decided to use Stripe as the payment processing provider. We don’t store any credit card information – Stripe does. Stripe has been audited by a PCI-certified auditor, and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available.
How does Stripe store credit card number?
All card numbers are encrypted on disk with AES-256. Decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons are able to obtain plaintext card numbers; instead, they can just request that cards be sent to a service provider on a static whitelist. Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in a separate datacenter, and doesn’t share any credentials with Stripe’s primary services (API, website, etc.).
Have a concern? Need to report an incident?
Contact the support team if you’ve noticed abuse, misuse or experienced an incident within your account.