We have received reports from our users that when making a donation using a new Stripe account as their payment processor, they receive the error message:
"Sending credit card numbers directly to the Stripe API is generally unsafe. To continue processing use Stripe.js, the Stripe mobile bindings, or Stripe Elements. For more information, see https://dashboard.stripe.com/account/integration/settings"
Customers with existing Stripe accounts have also received the following notice: "It looks like you've been sending untokenized credit cards to our API."
In October of last year, Stripe started giving a "warning" to those who are using Stripe's API to send Stripe payment information (rather than integrating with Stripe directly) that this method of sending Stripe credit card data may be "unsafe." At the same time, Stripe started requiring that those who want to continue to process payment information through Stripe via the Stripe API agree that "Sending credit card numbers directly to the Stripe API is generally unsafe." Stripe also began sending notices to some customers with existing Stripe accounts who have processed payments via Stripe's API: "It looks like you've been sending untokenized credit cards to our API."
While this new standard sounds ominous, we are confident that your payments are secure and encrypted. In short, the flag merely indicates that the integration has not moved over to the Stripe's tokenization system for payments. Instead, the Stripe integration is currently passing payments through Stripe's API. While NationBuilder has not adopted the tokenization system yet, we're confident that our API based integration is safe and encrypting payments successfully using SSL (Secure Sockets Layer).
If you created your Stripe account before 10/6/17, you should not be experiencing the error. However, you may receive notifications from Stripe flagging the lack of tokenization. For this reason, NationBuilder is in the process of creating a new integration with Stripe and is making some additional system changes so that it can process payments directly with Stripe (using tokenization). When this integration is complete and customers use the Stripe payments integration, payments through NationBuilder to Stripe will be tokenized and PCI-DDS compliant.
In the meantime, to overcome the error you can choose to "Process payments unsafely" in Stripe: https://dashboard.stripe.com/account/integration/settings .