Data Security

Data security is of enormous importance to us, and we take vital steps to safeguard your customers’ information.

To keep payment processing safe and secure, merchants must follow set requirements when accepting and storing payment methods. These regulations come from card brands, governing bodies, payment processors, and private organizations. Not being compliant can result in fines, account holds, seizure of funds, and even legal action. As your payment processor, we want your business to be safe and successful, so we will do our best to make sure you understand these requirements and where to find help.

Government and regulatory compliance

Governing bodies often have regulations and financial sanctions in place that define how you can run your business and restrict who you can transact with. It is your responsibility to be aware of these requirements and operate accordingly.

If you are based in the US and you transact internationally, you should be familiar with the Office of Foreign Assets Control (OFAC) of the Department of the Treasury, which prohibits transactions with certain individuals and entities in other countries. Note that we have no control over these regulations, and compliance is required.

Card brand compliance

The card brands that we work with – such as Visa and Mastercard – have specific rules and regulations in place to prevent the sale of illegal goods, counterfeit items, and other restricted products and services. To help keep high-risk and illegal items out of the payments ecosystem, we are obligated to do our part to prevent illegal or contractually restricted transactions from taking place. Restricted goods and services can vary depending on your location and how you integrate with Braintree.

PCI compliance

The Payment Card Industry Data Security Standard (PCI DSS) is a set of industry-mandated requirements that apply to any business that handles, processes, or stores credit cards. Being PCI compliant requires annual action, and we have tools to help you complete these requirements.

Ecommerce website compliance

To comply with card brand rules around consumer protection and cardholder rights, certain business details and disclosures must be clearly visible on your website, mobile app, invoices, and contracts. We'll review all your platforms to make sure the necessary information is present.