[dangrossman]

It says they'll accept a public key from the merchant, which is you; you don't need to find a provider that'll work with the data in whatever format it's in.

The "attestation of PCI compliance from a qualified provider" line refers to companies like these: https://www.pcisecuritystandards.org/approved_companies_prov...

Anyone with a merchant account to accept credit cards online already has a relationship with at least a QSA, and is already getting a quarterly attestation of compliance after completing a questionnaire and security scan of their server environment; it's required by PCIDSS and merchant account providers enforce it, typically providing an account with a QSA for a non-optional annual fee and imposing another fee if you fail to remain compliant.

It's just a formality having them forward that attestation to Braintree before they hand you the data dump.