SECURITY OF TRANSACTIONS
All payments made using a card are processed through the Stripe online payment platform
HTTPS and HSTS for secure connections
Stripe enforces HTTPS for all services that use TLS (SSL), including our public website and dashboard. Stripe.js is only served through TLS Stripe's official libraries connect to Stripe's servers via TLS and verify the TLS certificates on each login We regularly check the details of our application, including the certificates we offer, the certification authorities we use, and the encryption we support. We use HSTS to ensure that browsers interact with Stripe only via HTTPS. Stripe is also included in the pre-installed HSTS lists for both Google Chrome and Mozilla Firefox.
Encryption of sensitive data and communication:
All card numbers are encrypted at rest with AES-256. Decryption keys are stored on separate machines. None of Stripe's internal servers and demons can obtain simple text card numbers, but can request that cards be sent to a service provider with a static list of allowed ones. Stripe's infrastructure for storing, decrypting and transmitting card numbers runs in a separate hosting environment and does not share credentials with Stripe's main services (APIs, website, etc.) regarding sensitive data and communication For more information: