Not selling in the US? Switch to United States | Select a different country ×
Menu

Data Security

The Steps We Take to Safeguard Our Space

Data security is of enormous importance to us. We focus on providing an environment based on industry standards and guidelines.
/data-security

Report a data security issue and we will respond within 24 hours. Any other questions? Contact us.

01

Level 1 PCI compliance

Braintree is a validated Level 1 PCI DSS Compliant Service Provider. We're on Visa's Global Compliant Provider List and MasterCard's SDP List.

02

Prohibited data storage

We don't store raw magnetic stripe, card validation code (CAV2, CID, CVC2, CVV2), or PIN block data. Storage of this data is prohibited by the PCI DSS.

03

Data encryption via the Braintree Vault

Cardholder data is managed in the Braintree Vault using established data security and encryption methods. For example, we use multiple encryption keys with split knowledge and dual control. A data thief would not be able to make use of information stolen from a database without also having the key. The data store where cardholder data is kept cannot be connected to via the internet.

04

Authentication and session management

We require users to authenticate each time they use the application. Passwords are never stored directly in the database, and in addition, all API and control panel communication between merchants and Braintree is conducted using TLS (Transport Layer Security).

05

Activity observation

We develop our code with the security of our systems and your data in mind -- reviewing and monitoring employee, customer, and vendor activity along with system access to guard against suspicious or unauthorized activities.

06

Penetration testing

At least quarterly, we conduct automated vulnerability scans. In addition, at least once a year we have extended penetration testing conducted by outside sources.

07

Securing access

Our network is secured with minimal and audited access to and from outside networks, and we take additional steps to protect our internal networks.

Related videos

The Basics: Secure Payments
The Basics: PCI Compliance

Start accepting payments with Braintree.

Get started