Stripe CC error message


#1

Hey Sonar Community,

I’ve set up Sonar to use Stripe as the CC processor but when trying to add a CC for a customer it’s giving me a red error message saying:

“Sending credit card numbers directly to the Stripe API is generally unsafe. To continue processing use Stripe.js, the Stripe mobile bindings, or Stripe Elements. For more information, see https://dashboard.stripe.com/account/integration/settings

Why is this happening? and why is Sonar not complying with PCI compliance?


#2

You have to enable the unsafe method. Their other methods are designed for shopping carts. You are still PCI compliant, we are not storing any credit card numbers locally.


#3

Okay, interesting. Can you confirm that the CC information POST’ed to the Stripe API is using https?


#4

I can, Stripe does not provide a HTTP API. Not that we’d use it anyway…


#5

Wonderful! Thanks for confirming that.


#6

https://stripe.com/docs/api/cards/create is specifically what we’re using. They would just rather it was tokenized using Stripe.js before being submitted there, but it would mean putting the Stripe overlay into Sonar which is just not something that makes logical sense in a billing application.