PCI-DSS Level 1
The highest tier of PCI compliance — re-audited annually by an external QSA. Your scope stays at zero.
— Security & Compliance
Security is the floor.
PCI-DSS Level 1, 3DS2 end-to-end, tokenized vaulting, SOC 2 Type II. Brippo treats security as the baseline — not as a premium feature.
L1
PCI-DSS · highest tier
3DS2
end-to-end on every transaction
SOC2
Type II · audited annually
Certifications & controls
Audits, frameworks and certifications Brippo maintains continuously.
3DS2 end-to-end
Strong Customer Authentication done right. Brippo handles the step-up flow, the exemptions and the routing.
Tokenized vaulting
Card data never lands on your servers. Tokens are bound to your merchant ID and can't be replayed elsewhere.
SOC 2 Type II
Audited annually for security, availability, processing integrity, confidentiality and privacy.
— How we protect data
Cardholder data never touches your stack.
Cards are tokenized at the edge (Stripe-hosted iframe or encrypted terminal). Your store never sees a PAN. Tokens are scoped per merchant — they can't be exfiltrated and reused on another account.
- PAN never touches your servers
- Tokens scoped to your merchant ID
- 3DS2 step-up handled automatically
- Encrypted terminals for in-store + MOTO
→ Brippo.tokenize(cardEl)
✓ Token issued: tok_••••cv8k
PAN never leaves the iframe.
→ brippo.charges.create({source: tok_...})
✓ Charge authorized · 3DS2 cleared
"Brippo's PCI scope is genuinely zero. Our audit went from 3 weeks to 3 days."
Compliance Lead · UK retailer
— Built in
Frameworks & protocols
Need our compliance pack?
Email security@brippo.com — we send pen-test summaries, SOC 2 reports and the full PCI ROC under NDA.