Skip to main content
You are viewing content for . View content for other locations.
×

Data Security

Data security is of enormous importance to us, and we take vital steps to safeguard your customers’ information.

Read the support articles
eyJ2ZXJzaW9uIjoyLCJhdXRob3JpemF0aW9uRmluZ2VycHJpbnQiOiI1YTA0YjJkYTliNjQ4NjJjZGI1ZDQ3OWE2YjFiNTZmNGFkNmYyZWJmMDgyZDU1MmZkY2IyOTE5NDNmOTI0MTVkfGNyZWF0ZWRfYXQ9MjAxNy0wMS0xOVQyMDo0ODoyMi4wNzczNzEwOTArMDAwMFx1MDAyNm1lcmNoYW50X2lkPTM0OHBrOWNnZjNiZ3l3MmJcdTAwMjZwdWJsaWNfa2V5PTJuMjQ3ZHY4OWJxOXZtcHIiLCJjb25maWdVcmwiOiJodHRwczovL2FwaS5zYW5kYm94LmJyYWludHJlZWdhdGV3Y

Level 1 PCI compliance

Our environment meets the highest industry standards and guidelines.

Level 1 PCI compliant

Braintree is a validated Level 1 PCI DSS compliant service provider.

Industry recognition

We're on Visa's Global Compliant Provider List and Mastercard's SDP List.

No prohibited data storage

We don't store raw magnetic stripe, card validation code, or PIN block data.

The Basics: PCI Compliance

Data encryption via the Braintree Vault

Cardholder data is managed in the Braintree Vault, using multiple encryption keys with split knowledge and dual control. For example, we use multiple encryption keys with split knowledge and dual control. A data thief would not be able to make use of information stolen from a database without also having the key. This data store cannot be connected to via the internet. We also offer secure data migration to the Braintree Vault.

Authentication and session management

We require users to authenticate every time they log into the Control Panel. Passwords are never stored directly in the database, and all API and Control Panel communication between merchants and Braintree is conducted using TLS (Transport Layer Security).

Activity monitoring and testing

We review and observe employee, customer, and vendor activity to guard against suspicious or unauthorized activities. We conduct automated vulnerability scans at least quarterly, and at least once a year we have extended penetration testing conducted by outside sources.

Report a security issue and we will respond within 24 hours.
Any other questions? Contact us.