The Payment Card Industry Data Security Standard (PCI DSS) is a set of industry-mandated requirements that apply to any business that handles, processes, or stores credit cards, regardless of the business's size or location.
Although Braintree securely stores and processes card data for you, you will still need to complete an annual Self-Assessment Questionnaire (SAQ) in order to be PCI compliant. If card associations find that you aren't PCI compliant, they can suspend your ability to accept credit card payments. Fortunately, Braintree makes it easy for our merchants to obtain compliance.
There are several different types of SAQs, and a Qualified Security Assessor (QSA) can help you choose the right one for your business and achieve compliance. If you have a merchant account with Braintree, we’ll set you up with our partner QSA, SecurityMetrics, at no cost to you. This way you'll get help from the experts without having to worry about the fees that most QSAs charge.
Within 30 days of signing up with Braintree, we’ll send you an email with all the information you’ll need to create your free account with SecurityMetrics.
To take advantage of SecurityMetrics’ services for free, you’ll need to wait to enroll until we email you with your Merchant Account Number. Part of the enrollment process includes answering a brief set of questions that will help them determine which SAQ you need to complete. When you get to that step, take a look at our tips below.
- Navigate to the Braintree SecurityMetrics page
- Click Sign Up and enter the email address associated with your Braintree account
- Verify your email address
- Continue through the wizard and complete the questionnaire about your credit card processing
- When selecting your methods of processing cardholder data, be sure to select only eCommerce if you just accept cards online
- If you use our Drop-in UI or Hosted Fields, select eCommerce and I accept payments using an iFrame from a 3rd Party Store
- If you built a custom UI, select eCommerce and I accept payments through my own website