Compliance
Overview
To keep payment processing safe and secure, merchants must follow set requirements when accepting and storing payment methods. These regulations come from card brands, governing bodies, payment processors, and private organizations. Not being compliant can result in fines, account holds, seizure of funds, and even legal action. As your payment processor, we want your business to be safe and successful, so we will do our best to make sure you understand these requirements and where to find help.
Government and regulatory compliance
Governing bodies often have regulations and financial sanctions in place that define how you can run your business and restrict who you can transact with. It is your responsibility to be aware of these requirements and operate accordingly.
If you are based in the US and you transact internationally, you should be familiar with the Office of Foreign Assets Control (OFAC) of the Department of the Treasury, which prohibits transactions with certain individuals and entities in other countries. Note that we have no control over these regulations, and compliance is required.
Read more about prohibited transactions.
Card brand compliance
The card brands that we work with – such as Visa and Mastercard – have requirements surrounding payment processing to ensure secure payment experiences for both cardholder and merchants. You can find more information on the requirements in our Network Compliance article.
In addition to network compliance, card brands have rules and regulations in place to prevent the sale of illegal goods, counterfeit items, and other restricted products and services. To help keep high-risk and illegal items out of the payments ecosystem, we are obligated to do our part to prevent illegal or contractually restricted transactions from taking place. Restricted goods and services can vary depending on your location and how you integrate with Braintree.
Read more about restrictions in your region in our Merchant Agreements and Acceptable Use Policy.
PCI compliance
The Payment Card Industry Data Security Standard (PCI DSS) is a set of industry-mandated requirements that apply to any business that handles, processes, or stores credit cards. Being PCI compliant requires annual action, and we have tools to help you complete these requirements.
Read more about PCI compliance and what we can do to help.
Ecommerce website compliance
To comply with card brand rules around consumer protection and cardholder rights, certain business details and disclosures must be clearly visible on your website, mobile app, invoices, and contracts. We'll review all your platforms to make sure the necessary information is present.