Credit Card Data Encryption

The fourth requirement of the PCI DSS requires the encryption of credit card data across open, public networks: “Sensitive information must be encrypted during transmission over networks that are easy and common for a hacker to intercept, modify, and divert data while in transit”.

This PCI DSS requirement has consistently been recognized as one of, if not the most challenging requirements for businesses to meet. As many have found out, it’s also expensive. Gartner estimates that a business encrypting 100,000 credit cards will spend $6 on average for the credit card data encryption software.

Securing Credit Card Data

Merchants are using Braintree’s innovative solutions to entirely eliminate credit card data from ever entering their environment without changing the user experience and maintaining the same control over the data. Without any sensitive data internally present, nothing can be stolen.

Merchants can continue to use all credit card acceptance channels including website, phone, mail, fax and instore. All sensitive data can be stored in the Braintree Vault for secure storage and recurring billing.

Braintree’s credit card security solutions consist of two components: the Vault and Transparent Redirect. The Vault allows for the remote storage of credit card data and returns a unique token (randomly generated or assigned) to be used on subsequent transactions. By using the Vault, merchants can eliminate all current credit card information from internal systems.

Transparent Redirect, a platform agnostic solution, can be seamlessly integrated into any IT environment and any application for payments taken via website or over the phone.

We don’t just solve PCI Compliance problems, we make them go away. Watch How!

PCI Compliance Solution benefits:

Increased Data Security: No sensitive data is present in a merchant environment to be stolen
Same Customer Experience: No change to user experience – No 3rd party hosted page
Same Data Control: Same functionality and control over credit card data
Same Acceptance Channels: Including website, phone, mail and instore
Fewer Constrictions: Operate without the burdensome required controls and procedures
Ease of Integration: Seamlessly integrated into any IT environment

Braintree PCI Compliance Compared to In House Solutions

	With Braintree	In House Approach
Time to become PCI compliant	As few as 60 days	6 to 18 months
PCI DSS Controls to meet	Less than 20	Over 200
Assessment costs to determine ‘scope’.	$0	$44,000 to $125,000*
Hardware/Software upgrades	$0	$81,000 to $568,000*
Ongoing expenses	Fixed	Variable

* Gartner estimates merchant Level 1-3

Securing Credit Card Data

Whether by using credit card data encryption software or a solution such as Braintree’s, with new threats emerging every day merchants are well advised to maintain a robust security strategy not only for PCI Compliance, but true data security.