We know what you want: A proven solution that just works, with all the features you'd expect, from a reputable company that stands behind their product.
Our payment methods are used on thousands of Magento stores, to process billions of dollars a year. We know what we're doing, and we've been doing it a long time. Payment is a fundamental part of your business, and it's a fundamental part of ours too. We'll help you make sure it never becomes a problem.
This module supports all standard payment actions. It also allows customers to save their payment info for future use. This gives returning customers the convenience of stored credit cards and rapid checkout, without breaking PCI compliance.
The first time a customer checks out, they are given an advanced unified field to enter their credit card details. If they choose to save the card, next time they check out they can reuse that card with a single click. Your customers can also view, add, edit, and delete any of their stored payment info through a 'Manage My Cards' interface in their account. All frontend features are also available in the Magento Admin Panel.
- Pay by credit card
- Save credit cards (tokens) for reuse
- PCI SAQ-A eligibility: Stripe collects all credit card data for you
- Add, edit, and delete saved payment data
- Edit orders and reorder, without having to ask the customer for CC info again
- Authorize, Capture, or Save CC Info (without charging) at time of checkout
- Capture funds even after the authorization expires
- Partially invoice orders (including reauthorization on partial invoice)
- Partially refund (online credit memo)
- Send shipping address to Authorize.Net
- Credit Card Verification (CCV)
- Address Verification (AVS)
- Integrate your systems thanks to Magento API support
- Use a different Stripe account for each website (multi-store support)
- Supports ParadoxLabs Adaptive Subscriptions extension
Great User Experience
The Stripe Elements credit card form provides a unique user experience that is highly optimized for all devices. Customers are given a single input for their credit card information. Input automatically flows from one field to the next, and credit card type is auto-detected. Validation happens in real-time, and customers are given immediate feedback if they enter an invalid number or expiration date.
The input field adjusts on the fly based on the credit card type, matching the formatting they see on their credit card. It is also responsive for mobile devices, supporting numeric input, and supports browser autofill.
Look and feel of the input can be customized through an admin setting, with support for most CSS properties.
Stored payment info is good for your business and customers.
- It simplifies checkout.
- It encourages customer loyalty.
- It streamlines order management and integrations.
- It lets your staff quickly process orders and billing changes, without needing customers to repeat their credit card info.
All frontend features are available in the admin panel. This means admins can view, add, edit, and delete customers' stored cards, and place orders using them.
When editing an order, you can reuse the payment info, even for guest orders.
Security is everything. We know this. Customer confidence can take years to build up, and a stolen credit card can shatter that in a moment. Nevermind the legal ramifications or fees: Your customers are your business. You can't afford to risk losing them. Using ParadoxLabs Stripe will protect you from many forms of credit card scraping hacks.
All communication with Stripe is performed using TLS encryption, and no confidential cardholder data ever touches your server (even for a moment). Using Stripe Elements, all credit card forms for this extension are contained within an iframe hosted by Stripe.
This means all credit card data is sent directly from your customers to Stripe, and none of it is exposed to your website or server at any time. They give us back a one-time-use token to use in place of the actual credit card data, and we use that token to store it in the customer's Stripe profile. This lets your customers pay with a 'saved' card that's not stored on your server at all.
PCI compliance is a complex and multifaceted issue, covering every aspect of your business. We can't guarantee that your business is PCI-compliant. That depends on your server, policies, processes, regular security scans, other payment methods offered, and a lot more. What we can tell you is that this extension will not prevent you from being PCI compliant. We don't store or log confidential cardholder data, or do anything else that would bring you under scrutiny.
This extension implements Stripe Elements for all credit card forms, and does not support collecting credit card data by any other means. According to Stripe, that makes the ParadoxLabs Stripe payment method eligible for PCI v3.2 Self-Assessment Questionnaire A (PCI SAQ A), the simplest possible form and process. Stripe will even pre-fill the form for you.
For more information, see Stripe documentation: PCI DSS guidelines
Note that you must have SSL enabled on all checkout and login forms, and that this eligibility only applies to this specific payment method. Any other payment methods or credit card handling your business may perform will have its own SAQ eligibility, and may require you to complete a more stringent SAQ form (A-EP or D).
For details on the SAQ types and what eligibility means, see "Self-Assessment Questionnaire Instructions and Guidelines (3.2)" (PDF, by PCI Standards Security Council).
For more information on Stripe's security policies and infrastructure, see Stripe documentation: Security at Stripe