One of the responsibilities we take seriously at North UX, is making sure that our clients are aware of liabilities and security when it comes to technology. And there is nothing more sensitive than when you deal with financial data for your own customers. Over the past few months we’ve noticed that more and more plugin developers are making a move to Stripe Connect vs Stripe for payment gateways, and we think this is a substantial change and want to make you aware of what Stripe Connect is vs normal Stripe implementations.
What is Stripe?
Stripe is a payment processer – it allows you to take a credit card payment as well as Apple Pay and various other payment methods, without having to directly comply with PCI. That means Stripe manages your customer financial data so that you don’t have to worry about security on your own website for that information. At North UX we LOVE Stripe. It is our payment gateway of choice.
What is Stripe Connect?
Stripe Connect is a platform that allows one Stripe account to collect funds on behalf of another Stripe account. The platform Stripe account collects the funds, and then delivers them to the connected Stripe account, or vice versa. There are a variety of ways this can be set up, and a variety of use cases where this does make sense. Think of this like how Uber or Lyft work. You pay Uber, Uber takes a cut of what you have paid, and then sends a cut to the driver. We will be sharing a case study soon that outlines how we used Stripe Connect on a client project in a way that was a win for all parties involved.
Our Concerns with Stripe Connect
We have some concerns with the Stripe Connect platform and how we’ve been seeing it implemented by plugin developers. The platform account is not required to collect funds from the transaction, it’s an optional part of the Stripe Connect API. We’ve noticed that plugins such as Gravity Forms, and Restrict Content Pro – both plugins we are big fans of have switched from allowing you to input standard Stripe API keys, to giving users the Stripe Connect button to connect their Stripe account. It’s certainly an easier way for people to connect things up, but at what “cost”? When you click on the Stripe Connect button, seen here, be sure you are aware of what you are actually giving access to.
The platform account will be able to see all the transactions that have happened, ever! And if granted the right to “collect payments” on your behalf, can change or manipulate those transactions, as well as in some instances change and manipulate your payouts. When you connect to a platform account, you are granting access to your customers private information, via the Stripe Dashboard. The platform account is provided access to Stripe’s reporting portal which shows transactions that pass through the plugin, but also any other transactions in your Stripe account. If you want a more detailed walk through of how this works, Gabor Javorszky – a North UX Team Member, has written a more technical article with a full walk-through, so jump on over to his personal site and read it.
Working around Stripe Connect
We do have work arounds for the plugins mentioned above to allow them to continue to function under a standard Stripe implementation, and can also make plugin recommendations or customizations for other WordPress plugins to ensure that you are not using the Stripe Connect platform and granting plugin developers access to your customers data and your money, unless absolutely necessary.
Working with Stripe Connect
Get help with implementation no matter which option you choose
At North UX we are here to inform you regarding technology and best practices, and to help you make educated decisions for your business and customers. We are also here to implement technology in a way that works efficiently and effectively for your business. Use our contact form to ask us any questions, or let us know if you need help working around a plugin’s use of the Stripe Connect platform.