All store owners wishing to process credit card transactions should be familiar with PCI Compliance. Spree Gateway Stripe integration and Spree Braintree vzero are PCI-compliant.
We do not transmit or store Credit Card numbers. Instead we're using payment processor tokens supplied by their SDKs to authorize and charge customer cards.
Spree Gateway Stripe integration supports Strong Customer Authentication (SCA) out of the box. Remember to use Stripe Elements gateway with Payment Intents option enabled.