PCI-DSS Level 1
The highest tier of PCI compliance, inherited via Stripe Payments UK infrastructure. Your scope stays at zero.
— Security & Compliance
Security is the floor.
PCI-DSS Level 1, 3DS2 end-to-end, tokenized vaulting. Brippo treats security as the baseline — not as a premium feature.
L1
PCI-DSS · highest tier (via Stripe)
3DS2
end-to-end on every transaction
Certifications & controls
Audits, frameworks and certifications Brippo relies on.
3DS2 end-to-end
Strong Customer Authentication done right. Brippo handles the step-up flow, the exemptions and the routing.
Tokenized vaulting
Card data never lands on your servers. Tokens are bound to your merchant ID and can't be replayed elsewhere.
— How we protect data
Cardholder data never touches your stack.
Cards are tokenized at the edge (Stripe-hosted iframe or encrypted terminal). Your store never sees a PAN. Tokens are scoped per merchant — they can't be exfiltrated and reused on another account.
- PAN never touches your servers
- Tokens scoped to your merchant ID
- 3DS2 step-up handled automatically
- Encrypted terminals for in-store + MOTO
→ Brippo.tokenize(cardEl)
✓ Token issued: tok_••••cv8k
PAN never leaves the iframe.
→ brippo.charges.create({source: tok_...})
✓ Charge authorized · 3DS2 cleared
"Brippo's PCI scope is genuinely zero. Our audit went from 3 weeks to 3 days."
Compliance Lead · UK retailer
— Built in
Frameworks & protocols
Need our compliance pack?
Email info@brippo.com — we share pen-test summaries and the relevant PCI artefacts under NDA.