Every merchant that transmits, processes or stores credit card information must be PCI Compliant. Protecting the credit card data is usually cited as the most challenging part of the process.
To properly store credit card data according to PCI Standards, merchants have two options: 1) Store the sensitive data internally which can be costly, time intensive and still present ongoing risk or 2) Remotely store credit card data in Braintree’s Vault.
More than ever, merchants are turning to Braintree, including those who previously achieved PCI compliance internally, for three reasons:
When a payment is accepted, the credit card information is stored in the Vault and a unique “token” is returned to the merchant. Tokens can be used just like a credit card including future sales, refunds, voids, credits, reporting and reconciliation. There is no change to the user experience. Best of all – if stolen, a merchant’s unique tokens are useless to criminals.
Using credit card tokenization combined with our Transparent Redirect method, which collects the data directly from the merchant’s website, the sensitive data never touches the merchant’s server. With our solutions, the scope of PCI Compliance is greatly simplified and achieving and maintaining compliance is faster, more economical and less of a distraction.
| With Braintree | In House Approach | |
| Time to become PCI compliant | As few as 60 days | 6 to 18 months |
| PCI DSS Controls to meet | Less than 20 | Over 200 |
| Assessment costs to determine ‘scope’. | $0 | $44,000 to $125,000* |
| Hardware/Software upgrades | $0 | $81,000 to $568,000* |
| Ongoing expenses | Fixed | Variable |
* Gartner estimates merchant Level 1-3
If you’d like to learn more about using our credit card tokenization services to securely store credit card data while retaining full functionality, contact us today.
© 2010 Braintree Payment Solutions. All rights reserved. Braintree is a registered ISO/MSP of Wells Fargo Bank, N.A., Walnut Creek, CA
