Grab partners with Braintree, a PayPal company, for management of payments and credit card information. Grab maintains PCI Compliance, The Payment Card Industry Data Security Standard (PCI DSS), through it’s partnership with Braintree. Grab never stores credit card information, rather passes the information to Braintree via dual layered encryption. Grab annually partners with Praetorian for vulnerability and security audits and maintains a Above Industry Standard rating.
In addition to the use of Extended Validation SSL Certificates, Grab also uses OAuth and SSL Pinning inside the apps for Industry Best Security Practices.
Customers on iOS can purchase products through the use of ApplePay which does not require providing credit card information to Grab; Google Pay coming soon for Android.