Overview
When processing Batch Entries or Import Files in Payments2Us, you may receive a warning from Stripe stating that sending raw credit card numbers directly to the Stripe API is unsafe:
This happens because Stripe has strengthened their security requirements and now restricts the use of full card numbers in test mode unless an additional permission is enabled.
This behaviour only affects Batch Entries and Import Files. Standard Payments2Us Checkout Forms already use Stripe’s secure tokenisation API and are not impacted.
Â
Why This Warning Appears
Stripe now enforces stricter validation to prevent raw credit card numbers (even test cards) from being passed directly to their API. This measure helps protect cardholder data and ensure PCI compliance.
When Stripe detects a request containing full card numbers, they send a notification similar to the following:
Hi there,
We noticed that you passed a customer’s full credit card number to Stripe’s API. To keep your customer’s information safe, we don’t process charges that include full card numbers.
To continue processing payments with Stripe, use one of our official client integrations to collect payment information securely. These integrations ensure that sensitive card data never needs to touch your server.
We strongly discourage passing full card numbers to our API because it:
- Can expose your customers’ sensitive data to bad actors
- Requires you to meet complex PCI compliance requirements
- Makes it harder for Radar, Stripe’s fraud protection tool, to protect your business
In very rare cases, you might need to pass full card numbers. If this applies to you, you can allow it in your integration settings.
This is only a first-time notification; we won’t email you about this again in the future. If you have questions, you can contact us via our support site.
Thanks,
The Stripe team
Who Is Affected?
- Organisations using Batch Entries or Import Files in Payments2Us.
- Stripe accounts created after April 2019.
- Testing scenarios where raw test card numbers are passed to Stripe.
What Has Changed?
Stripe no longer allows raw credit card numbers in test mode unless a specific “raw card data API access” permission is enabled. Older accounts were grandfathered in, but new accounts require manual activation of this setting.
Solution
To resolve the issue, log a case with Stripe Support and request that they enable Access to raw card data APIs in test mode for your Stripe account.
Use this Stripe article to submit a case:
Enabling access to raw card data APIs – Stripe SupportÂ
Stripe may request evidence of PCI compliance. Payments2Us operates on Salesforce, which is PCI compliant. Stripe may ask for Salesforce documentation:
Important Notes
These changes only affect Batch Entries or Import Files. Standard Payments2Us Checkout Forms already use Stripe’s latest security model and do not require any updates.
Organisations with Stripe accounts created before 2017 may continue to use the old token mechanism and may not see this warning.
Summary
- This warning is triggered because Stripe blocks raw card numbers for security reasons.
- Only Batch Entries and Import Files are affected.
- You need Stripe Support to enable “raw card data API access” for test mode.
- Provide PCI compliance documentation if Stripe requests it.
- Online payment forms in Payments2Us already use Stripe’s secure tokenisation, so they are unaffected.
If you need further guidance, please contact Payments2Us Support.
Â