How Evervault and Stripe Work Together

In cases where you need to collect, store and share payment data – while also maintaining PCI compliance – the Evervault Encryption Platform is a great solution. It keeps your data secure and compliant within your infrastructure, and it allows you to safely pass payment data to third-parties, such as Stripe.

In this post, you will learn:

• How Evervault works
• How Stripe works
• How Evervault and Stripe can work together
• About additional use cases that may apply to your business

What does Evervault do? Evervault eliminates the security and compliance burden of handling sensitive user data by equipping developers with easy-to-use tools for encrypting, processing, and sharing data without touching it in plaintext.

When would a Stripe user need Evervault? A Stripe user would use Evervault to collect and hold card data themselves with minimal PCI scope. A user might want to do this if their application needs to forward card data to multiple payment service providers or other third-parties. Using Evervault as an encryption layer will protect the card data on their app and allow them to frictionlessly share that data with Stripe and others. Examples include booking aggregators and businesses employing multi-processor strategies (i.e. businesses optimising for geo coverage, auth rates and costs).

How Evervault Works

1. Encrypt the data. Evervault UI-Components served in the iFrame encrypt card data before it touches your infrastructure. Under the hood, UI Components encrypts data in the browser, with a unique public key. The corresponding private key, is never exposed to the user or the Merchant / Service Provider. Data is encrypted at the field level and can be safely stored on your infrastructure.

2. Use the encrypted data. In many instances, companies will need to interact with customer data in some way, whether it be for validation checks or creating user accounts. Historically, using encrypted data has been a difficult problem – but Evervault provides two options that solve for data in use.

The first option is Evervault Functions, which can be used to easily set up and deploy secure serverless functions that allow encrypted data to be processed. Functions can be deployed and updated by your team using developer tooling like our SDKs or CLI.

Where servers are required, or security is hyper-critical, Evervault Cages provides an easy-to-use command line interface to locally build and deploy attestable Docker containers to secure enclaves. Secure enclaves offer enhanced security standards by using a constrained environment with restricted networking.

How Stripe Works

Stripe is a complete payments platform that makes it easy for businesses around the globe to discover and accept popular payment methods with a single integration. It's loved by companies and developers for its reliability and ease-of-use.

How Evervault and Stripe can work together

Most often, Evervault is used in conjunction with Stripe when a business has a non-standard payment configuration. These payment configurations typically require sharing card data with Stripe, as well as non-Stripe parties – including other merchants or payment processors.

The multi-processor strategy

Many modern eCommerce companies are employing multi-processor strategies in order to:

• Access more geographical markets
• Optimize costs
• Optimize acceptance rates

To do this, whilst limiting their PCI scope, they rely on full stack multi-processor solutions, or piece their solution together with tokenization providers.

With Evervault, a business can collect and store encrypted card details in their own database, and flexibly share these card details with multiple third-parties. When the user needs to initiate a payment, they run their predetermined logic (or employ a third-party service) to choose a processor and initiate a payment.

As an example, take a look at this booking and travel aggregator case to see how the encryption platform and payment processors fit together.

PCI Compliance Example: Booking and Travel Aggregators

Consider a travel or booking sites, where customers book third-party services through centralized platforms (also referred to as 'booking aggregators'). Often, both the third-party service provider and the platform want to access the payment details in order to optimize the customer experience and the payment execution.

If a customer books a hotel through a hotel booking aggregator, the hotel will often want to manage the card details themselves.

With Evervault, the booking aggregator will be able to write encrypted card numbers to their database, use the data on their own platform, and share the data with third-party hotels – all while maintaining PCI compliance. The aggregator can pass the card data to Stripe to create and process the payment and also share that same card data with their partner hotels for customer experience and payment optimization.

Why not use tokenization or vaulting?

Although tokenization and vaulting solutions are also valid options, they suffer from increased latency, extremely high costs, and significant vendor lock-in. More importantly, though, the developer experience is often poor – and Evervault mostly distinguishes itself as the PCI solution for developers. With thoughtfully designed APIs and developer tooling that's accessible across many stacks, you can integrate Evervault in hours and trust it to work

More use cases

Evervault's products are highly configurable and can be adapted for a wide range of use-cases. While payments is a natural fit, our customers are regularly imagining new, effective use cases. Some of the most common are:

• Health insurers protecting patients' medical details by encrypting ePHI before it hits their infrastructure.
• Web3 companies offloading private key management (credentials) risk by removing themselves from being able to access keys themselves.
• Open-banking companies securing their users' data by encrypting their bank credentials and only ever using them within a secure computing environment.

Conclusion

If you want to get started building encrypted multi-processor payments including Stripe, check out our step-by-step guide and sign up for a free Evervault account. If you'd like to chat more about your use case, contact our sales team to speak with one of our encryption architects.