GetSirius Posted February 10, 2017 Share Posted February 10, 2017 Hello, Can anyone tell me if I will have PCI compliance problems using the Braintree Add-on for osC 2.3.4? I notice it does not use Braintree's iframes solution. I would rather not have any card data touch my website. -Thank you! Quote Link to comment Share on other sites More sharing options...
MrPhil Posted February 11, 2017 Share Posted February 11, 2017 I'm not familiar with Braintree, only having briefly looked at its website. There wasn't anything that jumped out at me saying that they handled credit card data entirely on their site (like most of the PayPal models), nor did they say that you would be handling such data (and thus require PCI compliance). I think that if you've already dug through their literature, and haven't found such information, that you're going to have to ask them. Specifically, does credit card information ever touch your site, requiring PCI compliance? Or is the customer taken to their site to make the payment? My understanding of PCI is that if credit card numbers, CVV, etc. even pass through your site on the way to the payment service, that you have to meet certain security requirements (not just SSL usage). It's even worse if you are going to store any of this data, even briefly. Updates and corrections are welcome. Quote Link to comment Share on other sites More sharing options...
GetSirius Posted February 11, 2017 Author Share Posted February 11, 2017 A little more detail. The add-on: http://addons.oscommerce.com/info/9080Add-on calls https://js.braintreegateway.com/v1/braintree.jsAdd-on uses "data-encrypted-name" on the CVV and Card Number input fields only. All others are "name."I do have SSL on my website. Does anyone know if not using 'name' in a form field can stop that data from touching my server? Would doing so only on the card number and CVV fields be enough for PCI? I did just send this question in to Braintree, but would I like to know what other people might know about it. Quote Link to comment Share on other sites More sharing options...
GetSirius Posted March 4, 2017 Author Share Posted March 4, 2017 Braintree says to refer to the author of the software.. Issue has been dropped, I am no longer using this version of the Braintree addon. Using 2.01 version instead: http://addons.oscommerce.com/info/9524 Quote Link to comment Share on other sites More sharing options...
Harald Ponce de Leon Posted March 4, 2017 Share Posted March 4, 2017 (edited) The module is PCI compliant (both older module version and newer App versions). The card data never touches your server - Braintree process it directly via javascript and return a token which the module uses. The same goes for stored/vaulted cards - this is safe to enable for your customers. Edited March 4, 2017 by Harald Ponce de Leon Quote , osCommerce Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.