Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the pue-sales domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/staging-poc/public_html/wp-includes/functions.php on line 6114
Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the better-click-to-tweet domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/staging-poc/public_html/wp-includes/functions.php on line 6114
Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the pue-amazon domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/staging-poc/public_html/wp-includes/functions.php on line 6114
Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the pue-stats domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/staging-poc/public_html/wp-includes/functions.php on line 6114
Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wordpress-seo domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/staging-poc/public_html/wp-includes/functions.php on line 6114 Incorrect implementation fo Stripe Gateway (EE3) | Event Espresso - Staging Server
The way that the Stripe payment gateway is implemented does not comply with PCI, especially on a shared server instance. One of the main advantages to stripe is that you can use javascript to send the credit card number to stripe and return a token. That token should then be sent to the server to be used to submit the payment.
The way this stays PCI compliant on shared hosting servers is by not setting the “name” field on the cc form, so that the number never hits the server.
I’m disappointed that I’m going to have re-write this gateway before I can use it.
in EE 4.2, which is currently in ALPHA testing and will be released soon asap, we have added the Mijireh gateway, which will help significantly with PCI-compliance issues like this. Mijireh can basically act as a middle-man between your site and Stripe (or a large number of other gateways). So, using Mijireh, you can use Stripe to process payments and keep PCI compliance.
When we do implement the Stripe gateway for EE4, we are planning on sending the credit card details via javascript in order to help with PCI compliance. However, Mijireh makes the argument that even that isn’t fully PCI compliant either. So yes, our current implementation of Stripe for EE3 does require HTTPS and does handle CC data (although it is never stored: it is briefly handled and sent to stripe), which means it would require the same PCI-compliance measures as any other onsite gateway (eg Paypal pro). That’s why its listed as an onsite-gateway and we recommend using HTTPS with it. The fact that you are using a shared-server, to my knowledge, does not mean you cannot pass-on CC data (although it does make issues like keeping your server’s software up-to-date more challenging). If you can point us to where a PCI compliance document that specifies such a restriction for those using shared-servers, we’ll definitely update our documentation.
We are sorry that our EE3 implementation of Stripe did not alleviate your PCI-compliance needs more than other onsite gateways.
Does that address your issue?
This reply was modified 10 years, 10 months ago by Michael Nelson.
Viewing 0 reply threads
The support post ‘Incorrect implementation fo Stripe Gateway (EE3)’ is closed to new replies.
Have a question about this support post? Create a new support post in our support forums and include a link to this existing support post so we can help you.