The Payment Card Industry Data Security Standard (PCI DSS) requires any merchant that stores, processes, or transmits sensitive credit card data to be PCI Compliant. There are currently 12 core security requirements that blow out into roughly 250 controls. The third requirement states that a merchant must “Protect stored cardholder data.”
There are a number of ways to meet this requirement, however, most are quite complex and expensive. In fact, Gartner estimates that a business encrypting 100,000 credit cards will spend $6 dollars on average per card on the encryption software. There are, however, more affordable methods to meet the requirement and minimize the risks associated with sensitive credit card data storage.
Braintree’s payment solution entirely eliminates credit card data from ever entering a merchant environment without changing the user experience and providing the same level of control over the data. By eliminating credit card data from passing a merchant environment, the PCI scope is dramatically reduced from 250 controls to less than 20 (depends on merchant environment) and security is increased because no sensitive data is present.
Our innovative technology allows merchants to continually receive credit card payments through all acceptance channels including website, phone, mail, fax and in-store. All information is stored remotely and can be used for subsequent or recurring transactions in addition to reporting and reconciliation.
When credit card information is submitted a unique customer ID, called a token, is returned to the merchant. Tokens can be randomly generated or determined by the merchant and can be up to 32 alphanumeric characters. Tokens are useless to criminals and cannot be used outside the merchant environment.
New to processing?
Merchant Account Quick Guides
PCI Compliance Quick Guides
Developer Resources
© 2010 Braintree Payment Solutions. All rights reserved. Braintree is a registered ISO/MSP of Wells Fargo Bank, N.A., Walnut Creek, CA
