Not if you handle the card numbers outside of Stripe (through a backend) instead of letting them pass through Stripe's iframe.
It's unclear to me if that's happening here. Stripe CAN work that way, but then PCI compliance is entirely on you (and you might as well get a regular merchant account at that point, since you've already gone to all that effort.)
Anything that touches cardholder data has to be PCI compliant. Stripe offloads PCI compliance for you because Stripe's front-end library lets the card number (etc) pass from your browser directly to Stripe's PCI-compliant backend, without ever passing through your application servers.
If you interrupt or proxy that flow, you become responsible for PCI compliance.
(Note that I have no idea if that's what they're doing here, but they could and you wouldn't even know until your account was closed for fraud. Also, this sort of centralized architecture can easily become a target for attack.)
Not if you handle the card numbers outside of Stripe (through a backend) instead of letting them pass through Stripe's iframe.
It's unclear to me if that's happening here. Stripe CAN work that way, but then PCI compliance is entirely on you (and you might as well get a regular merchant account at that point, since you've already gone to all that effort.)
Anything that touches cardholder data has to be PCI compliant. Stripe offloads PCI compliance for you because Stripe's front-end library lets the card number (etc) pass from your browser directly to Stripe's PCI-compliant backend, without ever passing through your application servers.
If you interrupt or proxy that flow, you become responsible for PCI compliance.
(Note that I have no idea if that's what they're doing here, but they could and you wouldn't even know until your account was closed for fraud. Also, this sort of centralized architecture can easily become a target for attack.)