Stripe has instituted tokenization for processing credit cards to replace their previous secure API processing method. When Stripe did this, they instituted a new messaging and setting to warn and push clients and software companies into implementing tokenization. ASA is currently reviewing and preparing to build out the tokenization. Until done, ASA is continuing to use the secure API process still in place for Stripe and which is a valid method of processing credit cards.
API Processing: The security of the API is robust and was Stripe’s primary means of communication and processing prior to the rollout of tokens. It is secure for you and your customers. The PCI compliance falls almost entirely on ASA to handle. So long as you do not write down or keep credit card numbers anywhere in your offices, your PCI compliance is simple. Enter the number into ASAP Admin Console straight from the card as soon as you get it or while the card is in front of you and never write it down and keep that information. Store the information in ASAP only. ASA handles the rest, including ensuring both you and we are PCI compliant. If you don’t process cards inhouse but instead rely on your customers to enter the number themselves in the ASAP Public Portal, you are all set.
When you submit your PCI compliance questions, answer the questions from the perspective of how you handle the cards in the office. We are your service provider and handle all the rest of that processing and compliance.
SETTING STRIPE TO HANDLE CORRECTLY:
In Stripe, go to the Settings page and turn on "Process Payments Unsafely". This is Stripe's scary messaging that is meant to freak people out. It is totally fine and secure if you handle credit cards correctly. Let ASAP do the processing and never write down and keep credit card numbers in your offices in an unsecure manner.
Once you click "on", then click all three of these.
Click "Process payments unsafely". Now Stripe will process the cards. Test to verify.