The RSI security website breaks down the techniques in certain depth, but the method in essence goes such as this: Dealing with the entry of charge card info from buyers; particularly, that sensitive card aspects are gathered and transmitted securely Stripe.js v2 SAQ A-EP Working with Stripe.js v2 to pass https://www.nathanlabsadvisory.com/blog/nathan/achieving-soc-2-compliance-a-crucial-step-towards-data-security/