Our Stripe extension collects card data using a Stripe-hosted interface that’s embedded on your site using an iframe. While it may look like a customer is entering their card details into your site, that data is actually being collected via an interface hosted directly on Stripe’s servers.
As a result, your site does not handle customer card information directly. That data is managed solely by Stripe.
Some other bits of information to note:
- Merchants who use the Stripe extension can use the pre-filled Self-Assessment Questionnaire A in their dashboard.
- Stripe’s is certified to PCI Service Provider Level 1.Â
You can read more in the following articles:
- Stripe’s PCI Compliance Guide
- Stripe’s Security Guide
- The WooCommerce PCI Compliance Guide