We manage a Magento ver. 1.9.2.4 Community Edition installation for a client. We inherited this rather than set it up ourselves. We have been asked to advise on PCI compliance, and I want to be sure that NO card details are being stored by Magento itself. Card details ARE entered through Magento itself, rather than in a separate Braintree window.
In Magento Connect manager, the following module is shown to be installed:
Braintree_Payments
2.0.0 (stable)
Increase sales, reduce risk, and save money with credit card processing from Braintree and Magento.
In configuration/payment methods, under Braintree, the payment method is set to Authorise and Capture, and Use Vault is set to no.
Card details do not seem to be retained under a user account, and as far as I can tell all of the above should mean they are not being stored, but can anyone advise if this is indeed the case, or how to be sure?
Because all I can see is the above module installed, I cannot be sure that it corresponds to the Braintree Extension linked from this page:
https://magento.com/security/best-practices/pci-compliance-checklist-ecommerce-businesses
(the link does not work...)
Thanks for any help on this.
