payment gateway integration avoiding PCI Compliance

Question

We have an ecommerce site which has been accepting payments via payment gateway integrations that transfer the control to payment gateways. It is an accepted fact in industry that accepting credit cards info and processing the transaction on our site itself would result in a better conversion (less dropoffs), however that implies that we need to be PCI Compliant. I read about stripe payment gateway and the integration that it offers (via stripe.js) that avoids the PCI Compliance burden. Is there a potential catch that I am missing here, because I haven't read anything similar for other payment gateways. Or is stripe just ahead of the curve or are there other/new payment gateways that offer such integration.

Answer 1

Stripe facilitates adherence to PCI compliance by allowing you to process an order without ever having credit card information touch your server. It does this by performing a secure, client-side AJAX request to the Stripe API. During this request, the client (ie. browser) exchanges credit card information for a one-time-use token. This token can then safely be submitted to your server and subsequently used to charge the aforementioned credit card.

Please read the full blog for more details and examples