Braintree Payments - Cardholder Data Flows

Insert version and date

This document contains the latest update on the Braintree Payments Cardholder data flow. It is reviewed every 6 months, with the latest Version number and Date reviewed above. 

Braintree Payments (a PayPal service) is integrated as a third party-hosted payment partner on Commerce Vision's eCommerce platform (Customer Self Service). Our integration uses Braintree Payments' drop-in UI. This means payments through the Braintree Payments gateway on our merchant websites are redirected to a payment page hosted and secured by Braintree Payments. As such, customer sensitive card data are never exposed to or handled by Commerce Vision servers. Our merchant websites do not receive, process, store or transmit cardholder data. 

Commerce Vision conducts checks the data security solutions of its third party partners, to ensure compliance with current industry standards and government requirements. 

• Braintree Payments is a validated Level 1 PCI DSS (highest level) compliant provider.
• Braintree Payments is card brand security compliant, e.g., it is a Visa Global Compliant Provider and is on Mastercard's SDP List
• Braintree Payments do not store raw magnetic stripe, card validation code or PiN block data. 
• Users are authenticated every time they log into their Control Panel. Passwords are never stored directly in the database, and all API and Control Panel communication between merchants and Braintree is conducted using TLS (Transport Layer Security).

Refer to Braintree Payment's Data Security statement and supporting documents: https://www.braintreepayments.com/au/features/data-security

Disclaimer:? Third-party payment hosted solutions will normally reduce the scope of Payment Card Industry compliance for the merchant as the cardholder data entered by customers are transmitted directly from their browsers to the third-party hosted payment page.