Requests | Blesta

Requests

Stripe Elements

Tristian Kelly shared this idea 9 months ago
Under Consideration

It would be nice if Blesta would use Stripe Elements rather than directly sending card info to the Stripe API, as this is more secure and would make people less paranoid (I certainly was having second thoughts enabling this payment gateway). When I had to enable 'accept unsafe payments' inside the Stripe dashboard, it had all these things I had to check about PCI compliance and security. This seriously makes me nervous about using the gateway with Blesta.

Comments (3)

photo
1

Using stripe.js is on our todo list, however, it is not "unsafe" for credit cards to pass through your Blesta server en route to Stripe unless your server is compromised. This is why PCI compliance is important.

If you're worried about cards passing through your server, then only use Non-Merchant gateways in Blesta.

photo
1

I would also prefer if I could Stripe Elements because according to stripe:

Process payments unsafely using the current blesta stripe module.

  • Potentially exposes your customer's sensitive data to bad actors.
  • Excludes your payments from protection by Radar, Stripe's fraud protection solution
  • Requires your business to meet complex and burdensome PCI compliance requirements

photo
1

Stripe Elements and 3D Secure is the primary blocker to me from moving to Blesta.