One advantage of using a third-party payment provider, such as Stripe, is that they fulfil the standards required by the Payment Card Industry to take payments online. However, a new version of these standards makes some significant requirements of web pages that host card payment forms. You will need to abide by to continue to take card payments. Neither Cameo nor Stripe can do this for you! It is a requirement of your website.
PCI DSS version v4.0 introduces new requirements for card payment pages. Currently, these are recommendations, but will become mandatory in March 2025. Stripe handles many requirements for us. However, some directly apply to pages in your own website that embeds payment forms (like Stripe within Cameo).
The details are rather technical. Your payment pages will need to:
While both Cameo and Stripe can, and do, help to isolate the payment part from the rest of the page, these requirements are something that applies to your website, not Cameo or Stripe. Therefore, they are something you will have to accommodate over the next couple of years to continue to take card payments.
Another way to approach the problem may be to isolate the payment pages in their own little web site. Cameo could, perhaps, provided that, rather like we transfer to GoCardless now for them to take details. That moves the responsibility there, away from your own site. The cost is a less integrated and more clumsy solution.
So currently, this is just an alert that you will need to take action on your website before long to continue to take card payments.