Stripe with Stored Cards

Stripe with Stored Cards

Compatible With: Community 2.0, 2.1, 2.2 Enterprise 2.0, 2.1, 2.2

Tech Specifications

Current Version:
Stable Build
10 November, 2017
Extensions, Payments & Security, Payment Integration
License Type:


Top-notch user experience, convenience, and PCI SAQ-A security: Treat your store to ParadoxLabs Stripe.


Back to top

Stripe is taking the world of ecommerce payment processing by storm with simplicity and power. They don't just give you a way to accept credit card payments: They do it in a way that makes sense, and makes life so much easier for you and for your customers. Stripe charges 2.9% + $0.30 for every credit card transaction processed, with zero setup or ongoing fees. Enterprise customers may be eligible for volume discounts. See complete pricing info

With ParadoxLabs Stripe, we build on Stripe's top-notch offerings by integrating those payment services into Magento 2, along with extensive stored card functionality. This gives you and your customers the convenience of stored credit cards, with all the security of Stripe. It also allows us to give you many advanced features that other payment methods simply aren't capable of.


This module supports all standard payment actions in Magento. It also allows customers to save their payment info for future use. This gives returning customers the convenience of stored credit cards and rapid checkout, without compromising PCI compliance.

  • Pay by credit card
  • PCI SAQ-A eligibility: Stripe Elements collects all credit card data for you
  • Save credit cards (tokens) for reuse
  • Add, edit, and delete saved payment data for each customer
  • Edit orders and reorder without contacting the customer for their CC info (even for guests!)
  • Capture funds even after the authorization expires
  • Authorize, Capture, or Save CC Info (without charging) at time of checkout
  • Partially invoice orders (including reauthorization of any remaining balance)
  • Refund your invoices (Online Credit Memo)
  • Partially refund orders (refund individual items from an invoice)
  • Void/cancel authorizations
  • Sending shipping address with transactions
  • Credit Card Verification (CCV)
  • Address Verification (AVS)
  • Multi-store support: Use different Stripe accounts for each website
  • Supports the Magento 2 REST API
  • Supports ParadoxLabs Adaptive Subscriptions

The first time a customer checks out, they are given an advanced unified field to enter their credit card details. If they choose to save the card, next time they check out they can reuse that card with a single click. Your customers can also view, add, edit, and delete any of their stored payment info through a 'My Payment Data' interface in their account. All frontend features are also available in the Magento Admin Panel.


Stored payment info is good for your business.

  • It simplifies checkout.
  • It encourages your customers to keep coming back.
  • It lets your customer service staff quickly process orders and billing changes, without needing to ask customers for credit card info once it's stored.
  • It streamlines order management and integration (for compatible systems).


ParadoxLabs has been building and maintaining Magento payment integrations for years. Our integrations process over $1 billion dollars in transactions every year for sites like yours, and our support is top-notch. Our solutions work for others—they can work for you too.


Security is everything. We know this. Customer confidence can take years to build up, and a stolen credit card can shatter that in a moment. Nevermind the legal ramifications or fees: Your customers are your business. You can't afford to risk losing them. Using ParadoxLabs Stripe will protect you from many forms of credit card scraping hacks.

All communication with Stripe is performed using TLS encryption, and no confidential cardholder data ever touches your server (even for a moment). Using Stripe Elements, all credit card forms for this extension are contained within an iframe directly from Stripe. This means all credit card data is sent directly from your customers to Stripe. They give us back a one-time-use token to use in place of the actual credit card data, and we use that to store it in the customer's Stripe profile. This lets your customers pay with a 'saved' card that's not stored on your server at all.

We are often asked about PCI compliance: PCI compliance is a complex and multifaceted issue, covering every aspect of your business. We can't guarantee that your business is PCI-compliant. That depends on your server, passwords, business processes, regular security scans, any other payment methods, and a lot more. What we can tell you is that this extension will not prevent you from being PCI compliant. We don't log confidential cardholder data or do anything else that would bring you under scrutiny.

This extension implements Stripe Elements for all credit card forms, and does not support collecting credit card data by any other means. According to Stripe, that makes the ParadoxLabs Stripe payment method eligible for PCI v3.2 Self-Assessment Questionnaire A (PCI SAQ A), the simplest possible form and process.

For more information, see Stripe documentation: PCI DSS guidelines

Note that you must have SSL enabled on all checkout and login forms, and that this eligibility only applies to this specific payment method. Any other payment methods or credit card handling your business may perform will have its own SAQ eligibility, and may require you to complete a more stringent SAQ form (A-EP or D).

For details on the SAQ types and what eligibility means, see "Self-Assessment Questionnaire Instructions and Guidelines (3.2)" (PDF, by PCI Standards Security Council).

For more information on Stripe's security policies and infrastructure, see Stripe documentation: Security at Stripe


We are experienced, certified Magento developers. All of our code is clean, well-documented, and follows all Magento standards and techniques. We make sure to do things the right way.

Our source code is 100% unencoded (viewable source). When you purchase this extension, you get full access to view and modify the source any way you need to (within the terms of the license).


We pride ourselves on quality support, which includes free bug fixes and updates for the lifetime of this extension. If you find that it doesn't work as we intended in a standard installation, we'll help you make sure that it does.

Our extensions are used on thousands of stores like yours.


Our staff are all located in the United States, with an office in downtown Lancaster, PA, open weekdays from 8 AM to 5 PM Eastern Time. Have a question, or want to try it out? Give us a call at 717-431-3330, or email us at

Release Notes

Back to top


  • Compatible with CE: 2.0 2.1 2.2
  • Compatible with EE: 2.0 2.1 2.2
  • Stability: Stable Build
  • Description:

    - Compatibility fixes for Magento 2.2.
    - Improved API support, particularly for card create/update.
    - Changed DI proxy argument handling for Magento 2.2 compatibility.
    - Changed order status handling for Magento 2.2 compatibility.
    - Changed payment command classnames for PHP 7.1 compatibility.
    - Fixed admin card 'delete' button deleting rather than queuing deletion.
    - Fixed ExtensionAttribute implementation on Card model.
    - Fixed possible PHP error on admin order create in compiled multi-store environments.
    - Fixed possible static content deploy issues with template comments.
    - Fixed REST API permission handling.
    - Fixed restricted order statuses being selectable as payment method 'New Order Status'.
    - Fixed Stripe tokenization error handling on payment forms.
    BACKWARDS-INCOMPATIBLE CHANGES: This release adds support for Magento 2.2. It is still compatible with Magento 2.0 and 2.1, but there are some notable code changes from earlier releases. If you have customizations around the extension, these may be significant:
    - Added getAdditionalObject() to ParadoxLabs\TokenBase\Api\Data\CardInterface.
    - Added saveExtended() to ParadoxLabs\TokenBase\Api\CardRepositoryInterface.
    - Added CardAdditionalInterface support to ParadoxLabs\TokenBase\Model\Card::setAdditional().
    - Changed argument type of ParadoxLabs\TokenBase\Api\Data\CardInterface::setExtensionAttributes().
    - Changed paradoxlabs_stored_card 'address' and 'additional' fields from serialized to JSON.
    - Changed Proxy constructor arguments throughout module to inject Proxy via DI configuration.
    - Removed Unserialize constructor argument from ParadoxLabs\TokenBase\Model\Card\Context.


  • Compatible with CE: 2.0 2.1
  • Compatible with EE: 2.0 2.1
  • Stability: Stable Build
  • Description:

    Added protection to frontend My Payment Data page to help prevent abuse. (Will now require order history to use, and block after numerous failures.)
    Added settings check for corrupted API credentials.
    Added split database support
    Fixed error on checkout if billing address zipcode is empty.
    Fixed error on databaseless code generation.
    Fixed missing soft descriptor on 'Authorize and Capture' payment action.
    Fixed type error on refund.
    Fixed validation error on admin checkout with new card.


  • Compatible with CE: 2.0 2.1
  • Compatible with EE: 2.0 2.1
  • Stability: Stable Build
  • Description:

    Initial release for Magento 2.


Back to top
The best place to start if you need help with a specific extension is to contact the developer. All Magento developers have both a contact email and a support email listed.

Q & A

Back to top


Back to top