Our partnership and integration with Stripe adds bank-level security to our handling of payments on behalf of our mutual customers.
In summary, when building our integration with Stripe - we register 1 Application Key with the service. This Application Key identifies Join It as the app/entity that's making a request to Stripe.
When a mutual customer wants to use Join It - they create a Stripe account and 'connect' their Stripe account to Join It (this authenticates Join It to act on the customer's behalf for specific/limited actions when it comes to Stripe's services).
Once the mutual Customer completes this 'connection', Stripe issues a secure 'token' to Join It - this token is stored on our end, and is revokable by the Customer.
For all things payment related (e.g. a member making a purchase, updating their payment card, etc.) - the sensitive details go directly to Stripe and are never handled by Join It's servers. So when we render a payment form on our Checkout pages, this is done by serving a Stripe-hosted iFrame that sends the customers details to Stripe - and then Stripe returns a token to Join It (which can then be paired with our Application Key and the Customer's secure token to take further allowed actions).
Join It maintains Payment Card Industry Data Security Standard (link) compliance. Upon request, we're happy to share our certification to potential and current customers.
If you'd like to request our certification, please chat our support team or email them at: email@example.com