Yes! Stripe's security exceeds the most rigorous standards in the industry.
As a PCI-certified service provider, Stripe is also audited by a PCI-certified auditor. PCI-certification is the highest certification available.
Through our integration with Stripe, neither Cartfuel nor any human ever sees or stores any sensitive customer payment data.
Therefore, you can be sure your customer data is safe and secure with some of the highest security available.
Stripe's secure infrastructure is described in more detail here.
Visa Global Registry of Service Providers shows Stripe's PCI certification.
Here are some key security details we've highlighted:
HTTPS and HSTS for secure connections
Stripe forces HTTPS for all services using TLS (SSL).
Stripe.js is served only over TLS
Stripe’s official libraries connect to Stripe’s servers over TLS and verify TLS certificates on each connection
Encryption of sensitive data and communication
All card numbers are encrypted at rest with AES-256. Decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons are able to obtain plaintext card numbers; instead, they can just request that cards be sent to a service provider on a static whitelist. Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure and doesn’t share any credentials with Stripe’s primary services (API, website, etc.).