[sdepablos]

Could you expand on this? I was on the assumption that with Stripe you could circumvent PCI compliance almost completely. I thought that you only need to comply with PCI if your SERVER touched the credit card data in any way - i.e. capturing the info from your frontend and sending to your payment gateway - and as with Stripe your server never sees it - their JS sends the info to Stripe servers directly - you are ok.

In fact in their site https://support.stripe.com/questions/what-exactly-do-i-need-... they state

"As for the explicit requirements you need to meet PCI compliance requirements:

* When accepting payments using Stripe, you have to use Stripe.js * Serve your payment page over SSL"