If you need to move your data to another payment gateway, you'll first need to provide us with an attestation of their PCI compliance from a qualified provider. Once we have that, we'll request a public encryption key from the receiving service provider.
We'll then use the public key to encrypt the sensitive data and transmit it via SFTP, SCP, or FTP over SSL.
It is the responsibility of the receiving service provider to protect their private key file in accordance with the PCI DSS. We will verify the authenticity of the public key before using it for encryption.
We can export your data in one of two ways:
- Entire Vault: We'll pull all customers and credit cards saved in your vault
- Customer ID: You'll provide us with a list of customer IDs to export
The export of your Vault records will be a GPG-encrypted CSV file with a filename format like this:
Each card will be on its own row, along with the corresponding customer and address. If a customer does not have any cards, the row will only contain customer information and empty fields for the card and address.
Depending on the customer information you choose to collect, some columns may be left blank. Download an example CSV with the headers you'll see in the export.
Here is a list of the headers that are included in your export:
|Braintree's identifier for the customer
|The customer's first name
|The customer's last name
|The customer's company
|The customer's email address
|The customer's phone number; may contain dashes and/or an extension
|The customer's fax number; may contain dashes and/or an extension
|The customer's website
|Braintree's credit card identifier
|The cardholder name associated with the credit card
|The credit card number
|The credit card's expiration month (MM)
|The credit card's expiration year (YYYY)
|The first name associated with the credit card's billing address
|The last name associated with the credit card's billing address
|The company associated with the credit card's billing address
|The credit card's street address
|123 Fake St
|The credit card's extended address (also known as address 2)
|The credit card's locality (city)
|The credit card's region (state)
|The credit card's postal code
|The credit card's country name
|United States of America
|The credit card's ISO 3166-1 numeric country code
|The credit card's 2-letter ISO 3166-1 alpha-2 country code
|The credit card's 3-letter ISO 3166-1 alpha-3 country code
|The credit card's default status; if a customer only has one credit card, this field will be "yes"
|Network Transaction Identifier(NTI) is a key component for MIT exemptions on PSD2 and Australian SCA requirements. The NTI allows issuers to look up the earlier initial transaction when processing a payment using a vaulted payment method. The issuer can then evaluate subsequent payments by referencing the initial transaction. Note: If the card brand does not support NTI, Braintree will return an empty value.
|For MITs covered by cardholder agreements that were established prior to the regulatory enforcement date, those transactions should be able to continue to be processed without SCA as long as they are identified as MITs.
|All custom fields associated with the customer in your Braintree Vault