What do I need to do to be PCI compliant for my PayPal powered by Braintree account?

To be PCI compliant, you must, at minimum, complete and submit a Self-Assessment Questionnaire (SAQ) annually to help you determine if your payment processing setup is PCI compliant. The SAQ includes a series of yes-or-no questions for each applicable PCI DSS requirement. You may also need to complete other requirements, including quarterly network scans, depending on your PCI complete level.

Your PCI compliance level and how you integrate with PayPal powered by Braintree will determine which SAQ you should complete.  Your transaction processing volume over a 12-month period is the basis of your PCI compliance level.  You can find more information about PCI levels on Visa's website.

The Payment Card Industry Data Security Standard (PCI DSS) is a set of industry-mandated requirements for any business that handles, processes, or stores credit cards – regardless of the business's size or location. Read more about PCI compliance on the PCI Security Standards Council's website.

I’m using PayPal powered by Braintree and an e-commerce/shopping cart partner like Bigcommerce or Woo Commerce, why do I have to be PCI compliant?  

As a merchant processing credit or debit card transactions, your business is required to validate PCI DSS compliance. While PayPal Powered by Braintree helps streamline the PCI DSS compliance validation process, all merchants at minimum must validate their PCI DSS compliance by completing a self-assessment questionnaire (SAQ).

What happens if I do not become PCI compliant with PayPal powered by Braintree?

If PCI DSS compliance isn’t completed and validated within 60 days of the initial email sent to you, PayPal powered by Braintree may hold funds, suspend processing, or terminate your account per the Braintree Payment Services Agreement. In addition, you may be subject to fines by the card networks.  

What if I have questions about becoming PCI compliant with PayPal powered by Braintree?

If you have questions at any time during the PCI DSS compliance validation process, please reach out to the SecurityMetrics team:
Email: support@securitymetrics.com

US Support: 801-705-5665
UK Support: 0203-014-7831