The RSI security blog breaks down the actions in some depth, but the procedure in essence goes like this: This permits all organizations—from huge firms to startups and tiny and medium enterprises, which may not hold the requisite security infrastructure and personnel—to stay shielded and PCI DSS compliant. Stripe.js v2 https://www.nathanlabsadvisory.com/pci-dss.html