I am doing a PCI compliance self assessment.
Does the out of the box Magento 2 Braintree payments integration use Direct Post method (SAQ A-EP) or iFrame Hosted Fields (SAQ-A)?
I believe the Magento 2 integration uses the Braintree v.zero SDK, which uses tokens instead of storing the CC info in the database. This simplifies PCI compliance significantly.
Thanks for your reply, but I am still not clear.
Do you mean that Magento2's v.zero SDK implementation uses the Direct Post method or that it uses iFrame hosted fields?
More about hosted fields:
https://www.braintreepayments.com/products-and-features/custom-ui/hosted-fields
