ruby-on-rails activemerchant pci-compliance braintree

What can I store locally while still being PCI Compliant using Braintree in Rails?

What credit card information am I allowed to store while still being PCI compliant if I am relying on braintree for payment processing?

The reason I am asking is because, as a simple optimization, if a customer has already bought something from my store with a credit card, I can show them the last 4 digits of their credit card, and the card type, without having to make an API call to BrainTree. I'd have to make the call if they wanted to change the card or make a purchase, but for that one page, I wouldn't.

Question is, am I allowed to store:

the last 4 digits of the credit card
and the card type
and possible the cardholder name

Or where is there a list of PCI compliance "do's and don'ts" I can check out?

Solution

Yeah, it's fine to store those things.

Check out the PCI Quick Reference Guide for a brief overview of what you should and shouldn't do.

Should I write a test for each required attribute in a Rails model or is one enough?
has_many with multi-level hierarchy and single table inheritance
uninitialized constant ActiveSupport::LoggerThreadSafeLevel::Logger (NameError)
PG::UndefinedTable: ERROR: relation "action_text_rich_texts" does not exist | Rails 6 | Rails_Admin | Postgresql
Rails link to file in public folder
RubyOnRails use .where query with has_one - belongs_to relationship
Stimulus Not Setting focus for newly connected Controllers
Unable to install Tailwind on Rails 8 App
Use separate DB for delayed_job
Rails 4 scope NOTNULL refactor
Custom Rails Validation (Doesn't seem to be working)
Strange bundle update issue: disappearing net-pop (0.1.2) dependency
Get list of routes for a resource in Rails
Is it possible to look up a route in Rails by a given url?
Rails attempting to throttle my API with rack-attack. Unsure if it's working?
Rubocop RSpec/MultipleMemoizedHelpers issue on pundit spec tests
How to make Google Stackdriver works with Rails 7.1+
NoMethodError raised on jira-ruby gem: undefined method `presence` for "":String
Examples of Ruby on rails + aws congnito
How can I skip an error if find returns nothing in rails?
How to tell which version of a gem a rails app is using
Rails Remote form validation errors not showing
How to free up friendly_id slugs when destroying a record?
Ruby on Rails - How can I use UUID as a simple column in my project?
Ruby 3.0.2 installation build fails with "error: 'maybe_unused' attribute cannot be applied to types"
How to convert PDF files to images using RMagick and Ruby
Cannot use "link_to" or "button_to" in Rails 4.2 with Semantic-UI
redirect_to != return
Rails: How to list database tables/objects using the Rails console?
after upgrading to rails 7, active record objects no longer show attributes?