The Smart Approach to PCI DSS Compliance
With the PCI Security Standard continually evolving and new threats always emerging, merchants are finding that achieving and managing compliance is more costly, more time consuming, and more resource intensive that anticipated. As recent breaches have proven, even merchants that achieve compliance are finding that PCI compliance management does not equal security.
For these reasons, merchants are turning to Braintree. Our unique solutions prevent credit card data from entering a merchant environment without changing the user experience and offer merchants full control over the data. The scope of PCI Compliance is significantly reduced and no credit card data is present to be stolen.
We don’t just solve PCI Compliance problems, we make them go away. Watch How!
PCI Compliance Solution benefits:
- Increased Data Security: No sensitive data is present in a merchant environment to be stolen
- Same Customer Experience: No change to user experience – No 3rd party hosted page
- Same Data Control: Same functionality and control over credit card data
- Same Acceptance Channels: Including website, phone, mail and instore
- Fewer Constrictions: Operate without the burdensome required controls and procedures
- Ease of Integration: Seamlessly integrated into any IT environment
Braintree PCI Compliance Compared to In House Solutions
| With Braintree | In House Approach | |
| Time to become PCI compliant | As few as 60 days | 6 to 18 months |
| PCI DSS Controls to meet | Less than 20 | Over 200 |
| Assessment costs to determine ‘scope’. | $0 | $44,000 to $125,000* |
| Hardware/Software upgrades | $0 | $81,000 to $568,000* |
| Ongoing expenses | Fixed | Variable |
* Gartner estimates merchant Level 1-3
How Braintree’s Transparent Redirect Works
When a payment is accepted, the credit card information is stored in the Vault and a unique “token” is returned to the merchant. Tokens can be used just like a credit card including future sales, refunds, voids, credits, reporting and reconciliation. There is no change to the user experience. Best of all – if stolen, a merchant’s unique tokens are useless to criminals.
Traditional Approach
The Smart Approach to PCI Compliance
Using Braintree’s credit card tokenization and Transparent Redirect method, which collects the data directly from the merchant’s website, the sensitive data never touches the merchant’s server. With our solutions, the scope of PCI Compliance is greatly simplified and achieving and maintaining compliance is faster, more economical and less of a distraction.
