Our credit card processing and encryption are handled by Braintree, one of the leading institutions in the industry. Their customers include Dropbox, Uber, Stubhub, and many other leading companies.
They are a Validated Level 1 PCI DSS Compliant Service Provider and transactions are securely stored in their Vault.
From Braintree:
- When a payment method is stored in the Vault, the information is encrypted by the Braintree gateway and associated with a unique payment method token.
- This token can be used to create transactions without the PCI compliance burden that comes with handling unencrypted data.
- Braintree will never store a customer's CVV in the Vault because it is expressly prohibited by card associations (e.g. Visa, Mastercard).
We researched this extensively and chose Braintree as the most secure partner to best serve our customers.