Braintree, one of the industry's leading companies, manages our credit card processing and encryption. Their clients include Dropbox, Uber, Stubhub, and many other prominent businesses.
They are a Validated Level 1 PCI DSS Compliant Service Provider, and transactions are securely stored in their Vault. According to Braintree:
- When a payment method is stored in the Vault, the information is encrypted by the Braintree gateway and linked to a unique payment method token.
- This token can process transactions without the PCI compliance burden of handling unencrypted data.
- Braintree will never store a customer's CVV in the Vault, as card associations (e.g., Visa, Mastercard) expressly prohibit this practice.
We researched this extensively and selected Braintree as the most secure partner to serve our customers best.