The risks, costs and challenges associated with storing credit card data internally is well documented. Credit card data encryption was cited as the single greatest challenge merchants face when achieving PCI Compliance in a recent Gartner and recent breaches of PCI Compliant companies has demonstrated the residual risk of internal storage.

Every merchant that transmits, processes or stores credit card information must be PCI Compliant. Protecting the credit card data is usually cited as the most challenging part of the process.

To properly store credit card data according to PCI Standards, merchants have two options: 1) Store the sensitive data internally which can be costly, time intensive and still present ongoing risk or 2) Remotely store credit card data in Braintree's Vault.

Our unique credit card tokenization solutions allow merchants to replace credit card numbers with unique tokens that can then be used for all the same functionality. Tokens are useless to criminals and cannot be used outside of a merchant environment. Tokens can be used with existing applications to minimize process and work flow.

The benefits of tokenziation are far reaching including the reduction of PCI Compliance scope and increased security ? as no sensitive data is present in a merchant environment to be stolen, even in the case of a breach.

Tokens can be up to 32 alpha numeric characters and are determined by the merchant or randomly generated. Once a token is created, it can be used for recurring billing, subsequent sales, refunds, voids, fraud management and reporting and reconciliation.

More than ever, merchants are turning to Braintree, including those who previously achieved PCI compliance internally, for three reasons:

1.Compliance is not easy. Achieving and maintaining internal compliance is more complicated, more costly and more resource intensive than anticipated.

2.Compliance does not equal security. Recent breaches have proven that even companies that spent a significant amount of time and money to achieve compliance internally are getting breached and suffering the financial, business and PR consequences.

3.Compliance today does not equal compliance tomorrow. Achieving and maintaining compliance internally is a constant battle. With new threats always emerging and the PCI standard continually evolving, internal resources will always be required to address these changes.

Benefits of Credit Card Tokenization

?Increased Data Security: No sensitive data is present in a merchant environment to be stolen

?Same Customer Experience: No change to user experience ? No 3rd party hosted page

?Same Data Control: Same functionality and control over credit card data

?Same Acceptance Channels: Including website, phone, mail and instore

?Fewer Constrictions: Operate without the burdensome required controls and procedures

?Ease of Integration: Seamlessly integrated into any IT environment

Credit card data is tokenized directly from the merchant's website using Braintree's Transparent Redirect method. When a payment is accepted, the credit card information is stored in the Vault and a unique ?token? is returned to the merchant. Tokens can be used just like a credit card including future sales, refunds, voids, credits, reporting and reconciliation. There is no change to the user experience. Best of all ? if stolen, a merchant's unique tokens are useless to criminals.

Braintree's smart approach to PCI Compliance eliminates credit card data from ever entering a merchant's environment. Using credit card tokenization combined with our Transparent Redirect method, which collects the data directly from the merchant's website, the sensitive data never touches the merchant's server. With our solutions, the scope of PCI Compliance is greatly simplified and achieving and maintaining compliance is faster, more economical and less of a distraction.