Stripe PCI Compliance and Security

Stripe Robustness

Millions of companies in over 120 countries use Stripe to start, run, and scale their businesses. It is considered a leading payment processor and one of the top 10 largest in the world use by the companies below among many, many other.

Security using Stripe / PCI Compliance

Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. To accomplish this, we use the best-in-class security tools and practices to maintain a high level of security at Stripe.

Encryption of sensitive data and communication

All card numbers are encrypted at rest with AES-256. Decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons can obtain plaintext card numbers but can request that cards are sent to a service provider on a static allowlist. Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in a separate hosting environment, and doesn’t share any credentials with Stripe’s primary services (API, website, etc.).

Last modified 9mo ago