Sprout Billings - Stripe Tokenization and "Unsafe" Processing Errors
Sending credit card numbers directly to the Stripe API is generally unsafe. To continue processing use Stripe.js, the Stripe mobile bindings, or Stripe Elements. For more information, see https://dashboard.stripe.com/account/integration/settings.
If you see this error you'll either need to:
- Remove the ability for clients to add new payment sources on the client dashboard, specifically the
- User Authorize.net CIM, or the NMI integrations.
- Enable “Unsafe Processing” within your Stripe account.
To enable “Unsafe Processing”, follow these steps:
Either click this link, or in the Stripe dashboard go to “Business Settings” and then to “Integration”.
On the Integration settings page, click the “Show Advanced options” link, and toggle the “Process payments unsafely” option.
This will load a popup window with three checkboxes, check each one and for the final one, in the dropdown that appears select “Someone else built my Stripe integration”, and specify “Sprout Invoices'” in the textbox.
Finally, click the “Process payments unsafely” button to save the changes.
The language around this option is quite concerning, but rest assured that Sprout Invoices is securely handling the customer payment data, since no data is stored on your server and the data is sent directly to the Stripe API.
We are looking at ways that we can work with Stripe's other recommended options to remove the need to enable this option in Stripe when using Sprout Invoices'.