Stripe and BrainTree both provide Client Side Encryption.<p>However, after reading the Matasano article http://www.matasano.com/articles/javascript-cryptography I'm concerned about how secure client side encryption would be.<p>Any thoughts?
I am no expert.<p>Client side encryption is unexplored. Secure crypto is possible only through extensive peer review, which is missing in the case of client side encryption using JS.<p>I think SSL/TLS is sufficient if implemented correctly. The only advantage that client side encryption using js offers is that the contents are not known to the server. Whereas in the case on SSL/TLS, the server basically has access to all your encrypted data since they hold the keys.
But I digress. Client side encryption needs more R&D.
The purpose of client-side encryption in Braintree.js is to reduce the PCI scope for the merchant and is not the only way the data is protected. Every encrypted value is still sent over HTTPS to to the merchant's server and again over HTTPS to Braintree itself. In this chain, however, the merchant will be unable to decrypt the values submitted and can only pass them on to Braintree.<p>(Disclosure, I work for Braintree)