Data security is of enormous importance to us, and we take vital steps to safeguard your customers’ informationRead the support articles
Our environment meets the highest industry standards and guidelines.
Braintree is a validated Level 1 PCI DSS compliant service provider.
We're on Visa's Global Compliant Provider and Mastercard's SDP List
We don't store raw magnetic stripe, card validation code, or PIN block data.
Cardholder data is managed in the Braintree Vault, using multiple encryption keys with split knowledge and dual control. A data thief would not be able to make use of information stolen from a database without also having the key. This data store cannot be connected to via the internet. We also offer secure data data migration to the Braintree Vault.
We require users to authenticate every time they log into the Control Panel. Passwords are never stored directly in the database, and all API and Control Panel communication between merchants and Braintree is conducted using TLS (Transport Layer Security).
We review and observe employee, customer, and vendor activity to guard against suspicious or unauthorized activities. We conduct automated vulnerability scans at least quarterly, and at least once a year we have extended penetration testing conducted by outside sources.
Understanding PCI compliance is key to keeping your customers’ data safe. Here’s what you need to know.
Cyber crime and security breaches can make processing payments intimidating. Learn how you can protect your business and keep sensitive data secure.
Explore different aspects of risk and security and see the ways Braintree helps you protect your customers.