PCI compliance
Payment card industry compliance.
Overview
PCI DSS (Payment Card Industry Data Security Standard) compliance is required for any business that accepts credit card payments. With Katura + Stripe, you're automatically compliant.
How Katura maintains PCI compliance
- No card data storage β Katura never stores, processes, or transmits credit card numbers
- Stripe Payment Element β card input is an iframe rendered by Stripe, not by Katura
- HTTPS everywhere β all pages are served over TLS encryption
- Stripe is PCI Level 1 β the highest level of PCI certification
Your responsibilities
Even with Stripe handling card data, you should:
- Never ask customers to email or message their card numbers
- Use strong passwords for all admin accounts
- Review team access regularly
- Keep your Stripe integration up to date
Tip
Stripe provides a PCI compliance certificate you can download from your Stripe dashboard. Use it if customers or partners ask about your PCI status.