Changaco
commented
6 years ago It looks like it would be problematic to fix this by using our own JavaScript like we did with Mangopay, because it would reduce Stripe's ability to detect and block fraudulent payment attempts, and we would have to fill a lengthy SAQ A-EP every year instead of signing a simple pre-filled SAQ A (see Stripe's guide on PCI compliance). (Mangopay never asked us to submit any PCI related paperwork, or any other security assessment.)
asddsaz
With Mangopay all the code running in the user's browser was open source, Stripe.js isn't.