[phereford]

It's more than just contracts and APIs. It's ensuring that your practices follow that specific country's rules and regulations. Every country has a different set of regulations for handling money.

The US has something called PCI compliant and I would assume that every other country has something similar but with a different subset of rules.

[ErrantX]

In the UK it is called PCI compliance :)

(a lot of the relevant standards are now international in nature)

[lobster_johnson]

PCI [1] is actually an international industry standard that defines security practices for payment card processing. For example, it requires that your system is behind a firewall, that credit card numbers are stored securely, etc. Your system must be audited annually by a certified consultant. Stripe is -- presumably -- already compliant, since they already run a business that processes credit cards.

[1] http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Secu...