Which statement is true about Stripe's compliance with PCI DSS?

• A. Stripe automatically complies with PCI DSS
• B. Stripe does not comply with PCI DSS
• C. Only some Stripe merchants must comply
• D. PCI DSS is unrelated to Stripe

Answer: (A)

PCI DSS compliance is about ensuring secure handling of cardholder data. Stripe is a PCI DSS Level 1 service provider, and by using Stripe’s client-side tools (like Elements or Checkout), card data is sent directly to Stripe rather than traversing your own servers. This means Stripe is responsible for the portions of PCI DSS that cover the data Stripe processes, and you typically face a much smaller PCI scope as a merchant. In practice, this is why you can rely on Stripe’s compliance to meet the PCI requirements for the data Stripe handles, making the statement true. The other options don’t fit because Stripe does maintain PCI DSS compliance, it isn’t unrelated, and using Stripe doesn’t require all merchants to handle PCI in full on their own systems.