Y
Hacker News
new
|
ask
|
show
|
jobs
by
grandalf
4185 days ago
Right. Which is why SAQ A-EP was invented -- to prevent merchants from gaining compliance based on the loophole that they are using a js library or offsite link to collect payment.
1 comments
matthewarkin
4185 days ago
it would be trivial but the iframe (Stripe Checkout) does qualify for SAQ A.
link
grandalf
4185 days ago
Correct: The use or non-use of stripe.js is irrelevant for whether a merchant needs SAQ A or SAQ A-EP.
SAQ A applies when using one's own server infrastructure, and SAQ A-EP applies when using a PAAS.
link