We manage a Magento ver. 188.8.131.52 Community Edition installation for a client. We inherited this rather than set it up ourselves. We have been asked to advise on PCI compliance, and I want to be sure that NO card details are being stored by Magento itself. Card details ARE entered through Magento itself, rather than in a separate Braintree window.
In Magento Connect manager, the following module is shown to be installed:
Increase sales, reduce risk, and save money with credit card processing from Braintree and Magento.
In configuration/payment methods, under Braintree, the payment method is set to Authorise and Capture, and Use Vault is set to no.
Card details do not seem to be retained under a user account, and as far as I can tell all of the above should mean they are not being stored, but can anyone advise if this is indeed the case, or how to be sure?
Because all I can see is the above module installed, I cannot be sure that it corresponds to the Braintree Extension linked from this page:
(the link does not work...)
Thanks for any help on this.
It looks like you may be running the official Braintree Payments extension which is detailed here:-
If Use Vault is set to No, I believe you are not storing any card details locally.
Anyway I believe Braintree no longer developed their official extension and they are now recommending the following extension by Gene:-
The extension by Gene includes a migration wizard so you should be able to migrate over from the old extension easily.