Braintree logo (1)

The next generation of online payments: As brands retool to meet consumers’ growing demand for convenience and security, we explore the future of online payments in this timely series brought to you by Braintree. Check out the whole series here.

There are several options for enabling secure mobile payments on your website or native app, but the technology is complex and the regulatory requirements for doing so are daunting, so you’ll want to do a little homework to find the solution that’s right for you.

To determine the best fit for your needs, keep in mind the fundamental goals of providing security and ease of use, for both you and your customers.

The core concept to keeping customer data safe is simple: Raw credit card data should never be touching a merchant’s servers. So, in order to make web and mobile payments work, the strongest payment solutions use something called tokenization. What’s that mean?

Let’s say you’re Uber, and your customer wants to store their credit card info in your app so they don’t have to enter it anew every time they want to use it. Once they enter that card information, it gets encrypted, then sent to a cloud somewhere for safe storage.

When your customer needs to use their card data to pay for their Uber ride, it’s accessed via that secure cloud, and the transaction gets handled under the auspices of something called the Payment Card Industry Data Security Standard (PCI DSS), which provides a multitude of checks and balances to ensure online transactions are handled safely and securely.

You wouldn’t do your own accounting, would you?

Now, if you’re Uber, you’re running a car service, that’s what you do. You don’t want to take on the risk of trying to live up to every requirement of PCI because a) it’s a beast, and b) dealing with all the regulatory stuff would be distracting for your business. So, in the same way that you might outsource your tax accounting or legal work, you’ll rely on organizations that specialize in providing PCI-compliant payment solutions to manage those transactions for you.

Companies like Braintree that have the highest level of PCI certification available are experts at advanced data encryption (think: multiple data encryption keys stored on many different servers). So even if a data thief were to try and get their hands on your customer’s card data, they really couldn’t do anything with it without all the keys.

“When a consumer is making a payment inside an Uber app, those payment credentials are tokenized and essentially scrambled and federated to Braintree’s vault in the cloud,” explains Aunkur Arya, GM of mobile at Braintree. “The merchant is not having to increase their PCI scope to deal with such sensitive information.”

In practical terms then, tokenization refers to how technology makes it easier for merchants to securely process payments and protect consumers. In fact, despite all the regulatory and technical complexity, getting a PCI-compliant payments solution in place for your business is actually pretty easy these days, thanks in large part to the introduction of some clever new tools such as hosted fields.

To understand what hosted fields are, picture a typical online payments form. In it, there are a number of places where your customer will enter various order information, such as their name, address and, of course, their credit card data. Those fields that hold card data are particularly sensitive. Hosted fields refers to a deceptively simple technology that allows the payment processor to host those sensitive fields on their secure servers, meaning your customer’s card data is never exposed to potential data thieves.

A simple solution for even a company of one

With hosted fields, your website or mobile app simply pulls in the hosted fields to your payments form with a line or two of code, and the security and PCI compliance is baked right in. There are even options out there to pull in entire payment forms with the same high level of security measures and encryption.

In this way, you can enable web and mobile payments that leverage easy, off-the-shelf solutions — on web or mobile — and feel confident that they’re secure.

Certainly, there’s more to consider when scoping out mobile payment solutions — at minimum, you’ll want to think about your potential needs around contextual commerce and the ability to scale payment acceptance globally.

But ensuring PCI compliance and ease of use are the main things to keep in mind for businesses and brands that want to offer customers convenient and secure web and mobile payment options.

Sponsored posts are content that has been produced by a company that is either paying for the post or has a business relationship with VentureBeat, and they’re always clearly marked. The content of news stories produced by our editorial team is never influenced by advertisers or sponsors in any way. For more information, contact