I have installed Stripe payment plugin and got a security alert message from Stripe that the plugin is passing a full credit card detail which is high security risk.
They strongly recommend one method called tokenization. Just wondering if you can update the plugin with the new method.
Here is an email from Stripe:
Hello there, and welcome to Stripe!
We noticed that you are passing your cardholder's full credit card number to Stripe's API. We strongly discourage you from handling this information directly because doing so:
Potentially exposes your customer's sensitive data to bad actors
Excludes your payments from protection by Radar, Stripe's fraud protection solution
Requires your business to meet complex and burdensome PCI compliance requirements
To keep your customer's information safe, we were unable to process the unsafe charge you just sent us. In order to process payments securely on Stripe, change your integration to collect payment information using tokenization. Tokenization ensures that no sensitive card data ever needs to touch your server.
In rare cases, you may have to continue handling full credit card information directly. If this applies to you, you can enable unsafe processing in your dashboard.
For any questions, just reply to this email and we'd be happy to help.
We released the latest version 2.8.1 of EShop and EShop Stripe payment plugin few days ago. In the latest release, we implemented the Stripe.js v2 for EShop Stripe payment plugin to meet the security requirement from Stripe.
After that, download the latest version of EShop to update it to your site first, then download the latest package of EShop Stripe payment plugin, go to EShop -> Plugins -> Payments to install it from there and you are done!