Protect Stripe clients and recipients

  • Resolved johnynla

    (@johnynla)


    4 years ago

    Hello,

    Sorry, can’t find the exact answer at FAQ/internet. Please, clarify…

    I want to sell a WP plugin billed annually via WP+WC+Subscriptions. All almost clear except one area – I want to protect our clients and payments against all possible types of theft/fraud/etc.

    A) [Clients credit cards info] (CCCI) stealing. If CCCI will be stored at my WP site: WP/WC seems as not a very secured platform, I heard many case when WP sites was hacked. I’m afraid that hackers can hack site and steal CCCI and steal clients money directly. Or some not very reliable people among our team can enter to our WP site with admin account and also steal the CCCI and steal clients money. Because of those reasons I don’t really want to store the CCCI at my site at all.

    Please, clarify how [clients credit cards info] can be protected from 1+2? Can I save all CCCI + [recurring payments] only directly at Stripe website (which must be protected better) with 2 Stripe login levels: (a) First login for an automatic work between WooCommerce and my Stripe account: for a new clients payments with their credit cards info saving for a recurring payments at Stripe website or if client want to stop/restart the recurring payments. Thus all CCCI will be send-get-stored ONLY at Stripe website. Then how WooCommerce will tell to Stripe which exactly “client credit card” recurring payment must be stopped or restarted? (b) Second is the only my personal access to the “Stripe Account” as project manager with some extended possibilities. Any other solution?

    B) Stripe account substitution. Does Stripe have a back-ward domain-to-account protection – to protect from the WP-site hackers or not very reliable people among our team who can try to replace my Stripe account number at WP-WC plugin with their own Stripe account number to get payments to their personal card? By another words is it possible to hardly link my site URL to ONLY my Stripe account – thus Stripe will approve only payments from my site URL to only my Stripe account number until I will not change it manually – and Stripe will block/drop all payments which will come from my site URL but to another Stripe account?

    Any other clients&payments protection recommendations?

    • This topic was modified 4 years ago by johnynla.
Viewing 2 replies - 1 through 2 (of 2 total)

  • Hello @johnynla ,

    Thanks a lot for reaching out. Let’s go through your questions and figure out the possibilities.

    First of all, it is not important to save card details for WooCommerce subscriptions. The documentation says –

    The WooCommerce Subscriptions extension has its own mechanism for saving credit card details. When a customer buys a subscription product, Stripe will create a special payment token that will use the same credit card details for future subscription payments.

    So, there will be a token saved in your database that will help Stripe understand which card to charge. Without having access to your Stripe account no one can figure out which card the token represents.

    You can reach out to Stripe support to understand how to set up the main account and a managing account (I am not sure if they have this). You can contact them here – https://support.stripe.com/?referrerLocale=en-US

    Out of the box, both WordPress and WooCommerce have secured platforms. Due to server error or third-party themes, plugins often breach happens. You can use security plugins like Wordfence to protect your site from regular attacks. Also, make sure to use themes, plugins from reputed & trusted developers.

    Thank you ??

    Hi there,

    We’ve not heard back from you in a while, so I’m marking this thread as resolved.

    Hopefully, you were able to find a solution to your problem! If you have further questions, please feel free to open a new topic.

    Thank you ??

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Protect Stripe clients and recipients’ is closed to new replies.