A PCI-certified auditor evaluated Stripe and certified us to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. This audit includes both Stripe’s Card Data Vault (CDV) and the secure software development of our integration

PSD2 SCA

Following EU legislation known as PSD2, we pass the majority of transactions through Strong Customer Authentication (SCA) to make sure they’re as secure as possible. This means your customers have to verify their identity in two out of three ways: with something they have (e.g. a mobile phone), know (e.g. a password or PIN) or are (e.g. fingerprint or facial recognition).

3DS

As part of SCA, we also use 3DS. This verifies your customers’ identities by redirecting them to the secure environment of their card issuer. Once they’ve passed through 3DS, they’re sent back to your website to complete the transaction.