|
|
|
|
|
|
by zachanker
5509 days ago
|
|
|
From the sounds of it: You generate (on Braintree's site), a RSA keypair and you use the public key and JS library they provide.
You call a JS method on the fields you want to encrypt like credit card number and CVV, and it encrypts it using the public key.
When an user submits a form, you send the encrypted values to your server, and then you pass them off to Braintree's API as you normally would. Braintree then decrypts it on their end using the private key. If you set it up properly, you are never aware of the users credit card number, CVV, etc. It prevents your servers (if it's setup properly) from ever knowing the credit card details. SSL only prevents somebody from seeing the data as its sent, your server will still know the plaintext details. It doesn't fix the fact that if your JS or the forms itself are compromised, credit card details can be leaked, but the transparent redirect setup has the same issue anyway. |
|
|