All Collections
Is Cartfuel PCI-Compliant?
Is Cartfuel PCI-Compliant?

Yes! Cartfuel uses Stripe whose security exceeds the most rigorous standards in the industry.

Jelani Abdus-Salaam avatar
Written by Jelani Abdus-Salaam
Updated over a week ago

Yes! Stripe's security exceeds the most rigorous standards in the industry.

As a PCI-certified service provider, Stripe is also audited by a PCI-certified auditor. PCI-certification is the highest certification available.

Through our integration with Stripe, neither Cartfuel nor any human ever sees or stores any sensitive customer payment data.

Therefore, you can be sure your customer data is safe and secure with some of the highest security available.

Stripe's secure infrastructure is described in more detail here.

Visa Global Registry of Service Providers shows Stripe's PCI certification.

Here are some key security details we've highlighted:

HTTPS and HSTS for secure connections

Stripe forces HTTPS for all services using TLS (SSL).

  • Stripe.js is served only over TLS

  • Stripe’s official libraries connect to Stripe’s servers over TLS and verify TLS certificates on each connection

Encryption of sensitive data and communication

All card numbers are encrypted at rest with AES-256. Decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons are able to obtain plaintext card numbers; instead, they can just request that cards be sent to a service provider on a static whitelist. Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure and doesn’t share any credentials with Stripe’s primary services (API, website, etc.).

Did this answer your question?