Weave Payments Security

Weave's fast and easy payment processing is powered by Stripe, one of the largest and most secure payment companies.

Weave Payments features are only available to U.S. customers.

Download PDF

About Stripe

  • Stripe helps power millions of businesses in 100+ countries across nearly every industry
  • Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry
  • Stripe forces HTTPS for all services (including Weave) using TLS (the predecessor is SSL)
  • Stripe uses HSTS to ensure browsers interact with Stripe only over HTTPS
  • Stripe is also on the HSTS preloaded lists for both Google Chrome and Mozilla Firefox
  • All card numbers stored at Stripe are encrypted at rest with AES-256 encryption. Decryption keys are stored on separate machines from card data
  • Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure and does not share any credentials with Stripe’s primary services (API, website, etc.)

Click here to learn more about setting up your Weave Payments Account.

About Verifone P400 Terminals

Click here to learn more about setting up your Credit Card Terminals.

About Card on File

  • All card numbers stored at Stripe are encrypted at rest with AES-256. Decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons can obtain plaintext card numbers but can request that cards are sent to a service provider on a static allowlist.
  • Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in a separate hosting environment, and doesn’t share any credentials with Stripe’s primary services (API, website, etc.). More on Stripe’s encryption of sensitive data, here.

Click here to learn more about using our Card on File feature.

What You Can Do to Enhance Security

  • Do not write down credit card data
  • Do not store credit card data in your accounting or customer management ledgers
  • When taking an over-the-phone payment, enter card data directly into the virtual terminal
  • Use Text to Pay to prevent your employees from hearing or mistyping credit card information over the phone
Was this article helpful?
2 out of 4 found this helpful