The primary discussion of end-to-end encryption has centered on card present transaction with the use of either software-based encryption in the payment terminal or the use of a tamper resistant security module that performs hardware-based encryption. The e-commerce world has no hardware option at the point of sale, the customer’s browser or app. Braintree, an early provider of tokenization for e-commerce transactions, is now pushing encryption closer to the customer’s browser. In an upcoming blog post, we’ll take a deeper look at Braintree’s approach. Suffice it to say that anything that lowers the cost to merchants of PCI compliance is probably a good thing.
Braintree recently launched the first end-to-end encryption solution of its kind for merchants accepting credit card payments online (aka card-not-present or CNP). Like Braintree’s Transparent Redirect solution, CNP End-to-End Encryption eliminates the transmission and storage of credit card data from the merchant environment. This significantly reduces the scope of PCI compliance, often allowing merchants to achieve compliance by completing the quickest and least intrusive of the Self Assessment Questionnaires, SAQ A.
Read more of the press release here: http://www.pr-inside.com/braintree-launches-card-not-present-end-to-end-r2352389.htm