Packback utilizes a PCI compliant payment processor, Braintree Payments (a PayPal company), to process all transactions on the system. As Packback does not technically store credit cards and merely retrieves them, our security measures around billing security are defined by Braintree’s, and Braintree was selected in large part due to their security features. Here are a few of the key security highlights from Braintree, taken directly from their website:
Level 1 PCI compliant
Braintree is a validated Level 1 PCI DSS compliant service provider.
Industry recognition
We're on Visa's Global Compliant Provider List and Mastercard's SDP List.
No prohibited data storage
We don't store raw magnetic stripe, card validation code, or PIN block data.
Data encryption via the Braintree Vault
Cardholder data is managed in the Braintree Vault, using multiple encryption keys with split knowledge and dual control. A data thief would not be able to make use of information stolen from a database without also having the key. This data store cannot be connected to via the internet. We also offer secure data migration to the Braintree Vault.
Authentication and session management
We require users to authenticate every time they log into the Control Panel. Passwords are never stored directly in the database, and all API and Control Panel communication between merchants and Braintree is conducted using TLS (Transport Layer Security).
Activity monitoring and testing
We review and observe employee, customer, and vendor activity to guard against suspicious or unauthorized activities. We conduct automated vulnerability scans at least quarterly, and at least once a year we have extended penetration testing conducted by outside sources.