Skip to content

    Credit Card Vaulting Services: Safer, Cheaper Payment Processing

    Credit Card Vaulting Services
    Picture of Basis Theory ·
    Payments

     

    Consumers love convenience and hate friction; this is why merchants constantly seek out the quickest and easiest way for their customers to buy. Early innovations in simplifying payments was to simply offer the customer the option of storing their credit card with the merchant so it could be easily accessed in the future. The other key contributor to accelerating spend was to make it easier to sell products and services on a subscription basis—which, similarly, requires the merchant to store the credit card details so they can be charged on whatever schedule has been agreed upon. 

    Given the need to store those precious consumer cardholder details, it’s no wonder merchants are constantly looking for the safest, least expensive way to manage storage and future deals.

    Often, the right place to put this critical data is into a third-party payment vault.

    What is a credit card vaulting service?

    A credit card vault is a service provided by a third party that stores, protects, and provides access to stored cardholder data for merchants. A credit card vaulting service helps a merchant retain access to cardholder data–vital for smoothing the path to customers making ongoing purchases and payments—without the costs of maintaining their own PCI-DSS Level 1 payment system. 

    Additionally, the credit card vaulting service provider is entirely payment service provider (PSP) agnostic, meaning that the stored information can be routed to any payment destination the merchant chooses. This eliminates the risk of lock-in and creates the opportunity to improve close rates while simultaneously reducing processing costs.

    Return to Top

    What is the key technology enabling credit card vaulting?

    Tokenization is the special sauce that allows credit card vaulting service providers to offer a safe, secure, and flexible service. 

    Merchants set up their credit cardholder data collection forms to deliver the customer’s information directly to the card vault; the merchant receives a token, a specially generated string that can be used to recall the correct customer data. Unlike encryption, where secured data can be unsecured by anyone holding the decryption key, tokenization ensures the absolute security of the cardholder data because there is no way to reverse-engineer the underlying information from the token. 

    When the merchant is ready to transmit the data to a payment processor to complete a transaction, they must satisfy rigorous security protocols to connect to the vault. Then, they supply the token and instructions on what action to take with the information. 

    This multi-layer security model ensures that the underlying data is fully protected.

    Return to Top

    Benefits of Credit Card Vaulting

    There are two key benefits to taking the approach of vaulting credit card data with a third-party provider:

    • Reduce the Cost of Regulatory Compliance: Credit card vaulting service providers like Basis Theory maintain a PCI-DSS Level 1 environment, delivering fully audited and approved protection for all the cardholder data they hold—protecting against hacks and data breaches. Credit card vaulting services also eliminate the need for the merchant to hold any data that would come under the authority of PCI DSS in their own system, thus keeping the majority of the merchant’s environment out of scope. As a result, merchants using credit card vaulting services are able to complete as much as 95% of their PCI-DSS regulatory compliance work in just a few minutes.
    • Reduce the Risk of Processor Lock-In: Many full-service payment service providers (PSPs), and even some more flexible payment gateways, offer card vaulting as part of their overall service portfolio. However, when PSPs hold the cardholder data, they will generally use it only to process payments through their own network. As a result, a merchant that decides to add automation and alternative processing partners to their payment systems may find themselves unable to transmit stored customer information to those other PSPs. This results in a need to either stick to the original PSP or ask customers to enter their card data again—an extra step that can have a measurably negative impact on transaction volume.

    Keeping compliance costs down and reducing the fees associated with more complex payment processing (cross-border, high-risk, etc.) can significantly impact a business's margin calculations: the average merchant pays between 1.5% and 4.5% in processing fees, and being closer to the lower end rather than the higher end can be the deciding factor in achieving reliable profitability.

    Return to Top

    Risks with Credit Card Vaulting Services

    While your third-party credit card vaulting provider prevents you from lock-in with a single PSP, allowing you the flexibility to automate and arbitrage your whole payment processing system, your credit cardholder data does, of course, still sit in the infrastructure of a third party. Logically, the lock-in risk has been handed off from one provider to the next. This is why it is vital to ensure that the credit card vaulting partner has a strong and written commitment to transferring the stored data to another location on request.

    In principle, the only other significant risk would be a successful exploit against the credit card vaulting provider. It is, thus, crucial to ensure that any partner is:

    While no certification can guarantee a hack-free experience, the greater (and better-documented!) a provider’s commitment to compliance, the lower the overall risk.

    Return to Top

    De-Risk Payments. De-Scope Compliance.   Accelerate time-to-compliance and eliminate nearly 90% of the PCI DSS Level 1 requirements using Basis theory.  

    Stay Connected

    Receive the latest updates straight to your inbox