PCI compliance

CARD PROCESSOR

We use Braintree as processor for debit and credit cards. Braintree is a validated Level 1 PCI DSS Compliant Service Provider and is a PayPal company.

CARD INFORMATION

We use Braintree.js to process creditcard information.

Braintree.js uses asymmetric encryption to prevent raw credit card data from passing through our servers. It intercepts a form submit in the customer's browser that contains sensitive data, encrypts that data with a public key provided to us by Braintree and then submits the form with the encrypted data to our server. Braintree retains the private key of the key pair so that we are unable to decrypt the encrypted fields server-side. This means we will never see you creditcard number or validation codes.

All creditcard information is securely stored into Braintree's Vault. To start a transaction, Archonia only references Vault entries using an opaque identifier.