|
|
|
|
|
|
by jtdowney
4761 days ago
|
|
|
The purpose of client-side encryption in Braintree.js is to reduce the PCI scope for the merchant and is not the only way the data is protected. Every encrypted value is still sent over HTTPS to to the merchant's server and again over HTTPS to Braintree itself. In this chain, however, the merchant will be unable to decrypt the values submitted and can only pass them on to Braintree. (Disclosure, I work for Braintree) |
|
|