BookingSync is PCI-DSS compliant, and does NOT store credit card in any way, transactions are going through secured servers as per the PCI-DSS standards. We process transactions with bank-level security, and the settings you turn on your Stripe payment gateway account does not change our system behaviour.
Stripe's new "process payments unsafely" setting
In October of last year, Stripe started giving a "warning" to those who are using Stripe's API to send Stripe payment information (rather than integrating with Stripe directly) that this method of sending Stripe credit card data may be "unsafe", mostly to protect themselves from any complaints and so they don't have to certify each partner's system processing transactions is safe.
While this new standard sounds ominous, we are 100% confident that your payments are secure and encrypted, as per the PCI-DSS standard (see https://www.pcisecuritystandards.org/). In short, the flag merely indicates that the integration has not moved over to the Stripe's tokenization system for payments. Instead, the Stripe integration is currently passing payments through Stripe's API (encrypted and in a secure way). We at BookingSync are confident that our API-based integration is safe and encrypting payments successfully.
If you created your Stripe account before October 2017, you should not be experiencing the error. However, you may receive notifications from Stripe flagging the lack of tokenization.
How do I solve this?
To overcome the error, you can choose to "Process payments unsafely" (which just means that Stripe can't be responsible if the source system is not safe -but don't worry, we are) in your Stripe dashboard: https://dashboard.stripe.com/account/integration/settings = Account homepage > Business Settings > Integration
Here is a screen recording demonstrating how to change this setting to accept online payments in BookingSync with your Stripe account:
Screen Recording 2018-01-26 at 07.50 PM.mov
You might be asked to confirm your phone number during the final step, that's not mandatory to enable the setting but still a good practice.
For any questions or in case of any doubt regarding our security policy, please feel free to reach out to us at email@example.com.