Stripe Card Readers: What Are My Options?

Stripe Card Readers: What Are My Options?

by Mike Ricotta - February 7, 2020

Trying to figure out which Stripe Card Readers work best with Arcane’s Stripe Terminal for WooCommerce plugin? We’ve got you covered. Some card readers may not be compatible with your setup. Or perhaps you just want to know what alternatives there are for working with Stripe. We’ll go through each of the available options on the market, below, to give you all the information you need to make your decision.

Before we dive in, it’s important to know how Stripe processes card reader transactions.

  1. Embed forms via Stripe.Js
    This is for web-based forms which off-loads PCI to Stripe. It is pretty quick and easy to implement but does not allow credit card readers for security reasons.
  2. JS or Mobile SDK
    This is the Stripe Terminal SDK which comes available in JS format for web or Android/iOS format for mobile applications. These SDK’s support 2 card reader devices described below
  3. Server-side API
    This is your highest level of control, developers are only limited by the API and can implement for any platform. This also means you can use any credit card reader you want. With greater control comes greater responsibility. You’ll be held accountable for all PCI compliance and Stripe may choose to stop your account if you transmit unsecure data. The development efforts here are more expensive but the API is pretty clear to use.

BBPOS Chipper Reader

As part of their push towards brick and mortar services, Stripe teamed up with BBPOS to offer mobile services. Their extremely mobile BlueTooth driven card reader, the BBPOS Chipper, was released mid-2019. This super-compact device bests its plug-and-play competition like Square by using a Bluetooth connection instead of plugging into a jack. It accepts contactless RFID payments as well as dip, swipe, and digital payment formats like Apple Pay, Samsung Pay, and Google Pay Check out some specs here.

This device is only available for iOS or Android applications processing transactions through the Stripe gateway. That’s right, this means you cannot use the BBPOS Chipper device for other platforms like desktop software or websites. Obviously, if you have the engineers necessary to rewrite the BBPOS Chipper’s native software to use the server-side API and then become PCI compliant, you can do whatever you want but then you probably don’t need to be reading this. It should also be noted that Bluetooth is a highly vulnerable protocol; perhaps one of the easiest to hack, so this is a risk you’re accepting with such a device.

Verifone P400 Reader

Stripe has also partnered up with Verifone to use their P400 card reader. While the BBPOS Chipper’s integration with Stripe Terminal works well for Mobile SDK. This top-of-the-line storefront card reader works with Javascript supported applications (ie. web, mobile, etc). The P400 is an internet-enabled device that leverages a highly secure Javascript SDK connected to your point of sale strictly through sharing the same network. That means you enjoy the mobility of the device (just like the BBPOS Chipper) without the need for Bluetooth technology. However, it’s hamstrung by network accessibility and AC driven power. It also accepts Pre-Dipping and contactless payments such as Apple, Samsung, and Google Pay. Check out some specs here.

This device is exclusive to Javascript-supported applications using the Stripe gateway such as Websites. web applications, or mobile applications on JS frameworks (ie. React). That means that you can only use it with the Javascript SDK and no other device is supported by that, so if you’re operating a website, this is your only option outside of the server-side API. Again, if your team can rewrite the Verifone’s control panel software to permit server-side calls and you can become PCI compliant, the world is your oyster but you probably don’t need to be here. It should also be noted that WiFi is similarly easy to hack but network accessibility is a bit more within your control, especially if you’re working with a multi-band router.

Magnetic Strip Reader

Historically magnetic strip readers like the MagTek line have been able to support transactions for any type of platform through USB connectivity. Typically that software will actually read the card information (card number, expiration, CVV, etc) and transmit it to the credit card form on your POS just the same as if you had typed it in yourself. In 2019 Stripe started blocking this automated input method from their PCI controlled methods like Stripe.JS for the obvious reason that it’s insecure and they’re responsible for security as the PCI-accountable party. That doesn’t mean they can’t be used but Stripe doesn’t want you to, so proceed at your own risk.

What if you want to take this route? Bullet 3 above is your only option, so be prepared to be PCI compliant and expect some development costs. You can probably leverage legacy software that uses the Stripe API without Stripe.JS and that will work out just fine until Stripe identifies that you’re sending raw card data and blocks your account. If you can find a way to rewrite the Stripe terminal native software for BBPOS Chipper or Verifone P400 to run on your POS, then yeah, you could leverage the SDKs but frankly, that’s a heck of a lot more work than just using the server-side API… but if you were considering that, you probably already know that.