Secure payment with Stripe

Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. To accomplish this, Stripe makes use of best-in-class security tools and practices to maintain a high level of security at Stripe.

HTTPS and HSTS for secure connections

Stripe forces HTTPS for all services using TLS (SSL):

  • - Stripe.js is served only over TLS
  • - Stripe’s official libraries connect to Stripe’s servers over TLS and verify TLS certificates on each connection

Stripe regularly audits the details of their implementation: the certificates they serve, the certificate authorities they use, and the ciphers they support. Stripe uses HSTS to ensure browsers interact with Stripe only over HTTPS.