In order to be eligible for the easiest level of PCI compliance – SAQ A – the following payment fields cannot be hosted on your checkout page:
- Card number
- Expiration date
- Postal code
Instead, you must host these payment fields on an external payment gateway's domain and present them to your users in a frame or with a redirect. Braintree's Hosted Fields solution accomplishes this by rendering an iframe to handle input for each field where your customer enters card details. This provides you with the ability to customize the look and feel of your web page while ensuring that you are compliant with PCI requirements.
Here's an example of a configured Hosted Fields integration. Hosted Fields is incredibly flexible and can be styled an infinite number of ways.
- SAQ A compliant
- Create your own payment form using your existing styles and layout
- Customize the behavior and experience of your checkout
- Allows you to localize/translate your checkout