Security issue with Stripe plugin

  • David
  • Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
More
1 year 5 months ago #107977 by David
Security issue with Stripe plugin was created by David
Hello,

I have installed Stripe payment plugin and got a security alert message from Stripe that the plugin is passing a full credit card detail which is high security risk.

They strongly recommend one method called tokenization. Just wondering if you can update the plugin with the new method.

Here is an email from Stripe:
====================================================
Hello there, and welcome to Stripe!

We noticed that you are passing your cardholder's full credit card number to Stripe's API. We strongly discourage you from handling this information directly because doing so:


Potentially exposes your customer's sensitive data to bad actors

Excludes your payments from protection by Radar, Stripe's fraud protection solution

Requires your business to meet complex and burdensome PCI compliance requirements

To keep your customer's information safe, we were unable to process the unsafe charge you just sent us. In order to process payments securely on Stripe, change your integration to collect payment information using tokenization. Tokenization ensures that no sensitive card data ever needs to touch your server.

In rare cases, you may have to continue handling full credit card information directly. If this applies to you, you can enable unsafe processing in your dashboard.


For any questions, just reply to this email and we'd be happy to help.

Yours,

The Stripe Team

Please Log in or Create an account to join the conversation.

  • Giang Dinh Truong
  • Giang Dinh Truong's Avatar
  • Offline
  • Administrator
  • Administrator
More
1 year 5 months ago #107980 by Giang Dinh Truong
Replied by Giang Dinh Truong on topic Security issue with Stripe plugin
Hello David,

We released the latest version 2.8.1 of EShop and EShop Stripe payment plugin few days ago. In the latest release, we implemented the Stripe.js v2 for EShop Stripe payment plugin to meet the security requirement from Stripe.

Please read more about release note at www.joomdonation.com/forum/released-vers...html?start=20#107907

After that, download the latest version of EShop to update it to your site first, then download the latest package of EShop Stripe payment plugin, go to EShop -> Plugins -> Payments to install it from there and you are done!

Hope that this is useful.

Sincerely, Giang

Please Log in or Create an account to join the conversation.

Moderators: Giang Dinh Truong