How do I complete a Self-Assessment Questionnaire (SAQ) to validate PCI compliance for my PayPal powered by Braintree account?

In order to complete an SAQ, we recommend you enroll with a Qualified Security Assessor (QSA).  At PayPal Powered by Braintree, we strive to make your compliance validation process as easy as possible, and have therefore covered the cost associated with validating PCI DSS compliance through SecurityMetrics, our independent QSA partner. If you need help filling out the SAQ, PayPal Powered by Braintree will also cover the cost of technical support provided directly by SecurityMetrics. However, you may choose to validate compliance through a QSA other than SecurityMetrics.

Within 30 days of signing up with PayPal powered by Braintree, you will receive an email explaining how to create your account with SecurityMetrics. You will have to create a SecurityMetrics account to enroll -- this is separate from your existing PayPal or Braintree log in and is subject to the SecurityMetrics terms of use.

How do I start the SAQ process with SecurityMetrics?

We will send you an email within 30 days of signing up that will include all of the information you need to enroll in SecurityMetrics. You may wish to add the email address to your email whitelist to ensure you receive it in your inbox. If you don’t receive the email within the 30-day window, you can email us at the same address for further assistance.
Once you have the email, follow these steps to enroll with SecurityMetrics:

  1. Go to the SecurityMetrics PayPal powered by Braintree page.
  2. Click Sign Up and enter the email address associated with your PayPal powered by Braintree account.
  3. Verify your email address.
  4. Review and accept the Terms of Use.
  5. Continue through the wizard and complete the questionnaire about your credit card processing.

What if I’ve already validated my compliance with a different QSA partner, do I still need to enroll with SecurityMetrics?

If you choose to validate compliance through a QSA other than SecurityMetrics, please provide proof of validation no later than 60 days from the date of this notice by sending your Attestation of Compliance (AOC) to