Glossary
Card Vaulting
A card vault is an essential part of a payment stack. It securely stores and tokenizes customers' payment details. Tokenization is a security mechanism that replaces payment details (e.g. credit card account) with a random sequence of characters, obscuring the underlying payment information. Storing payment details mean that customers do not need to resubmit their payment details each time they make a purchase via the same merchant, streamlining the checkout experience. This can boost turnover, as customers are more inclined to make repeat purchases when they do not have to re-enter all of their payment information.
A payment vault refers to a PCI DSS card vault. This is where the customers' payment information is stored securely, and the information stored here can be used by consumers when making future purchases (card on file). Payment information also needs to be stored to handle recurring payments. Payment information stored in the vault is tokenized.
Tokenization is a security mechanism that replaces payment details (e.g. credit card account) with a random sequence of characters, obscuring the underlying payment information. Merchants can store tokens locally without affecting their PCI-DSS scope, and simply send the token to their payment gateway when processing a transaction. While payment service providers (PSPs) also offer tokenization, the tokens issued by PSPs can only be used with that PSP. The tokens issued by a payment orchestration platform like IXOPAY can be used to process transactions via any of the PSPs integrated using the payment orchestration platform. This protects merchants from vendor lock-in and makes it much easier to switch PSPs when necessary.
PCI-DSS sets out requirements for the storage of credit card data. Meeting the requirements of PCI-DSS for storing credit card data can be costly and requires secure infrastructure and annual audits. For merchants, outsourcing the storage of payment details to a third party vault helps decrease their PCI-DSS scope. This is turn cuts costs and may eliminate the need for annual audits. Many merchants simply need to complete a self-assessment questionnaire (SAQ), provided they do not store credit card details themselves.
The best way for merchants to store credit card details is in a third party PCI DSS card vault. Cards stored in these vaults are tokenized, and merchants can store these tokens locally without affecting their PCI-DSS scope. A payment orchestration platform like IXOPAY issues tokens that can be used to process transactions via any of the PSPs integrated using the payment orchestration platform.
By storing a customer’s payment data, you make it easier for them to make repeat purchases. This lack of friction encourages them to continue using your shop and or services.