Payments Data Portability and Interoperability
In a digital and connected world, data is the most valuable virtual commodity. Access to, and control of, data is a fiercely competitive and much-debated area of modern business, and nowhere is this more true than in the cases of data portability and interoperability. While the one allows for easy movement of stored data between locations, and the other allows two locations to share common data, they both offer key solutions to the challenge of conducting business frictionlessly.
What are Data Portability and Interoperability
Data portability refers to the ability for customers to move their data from one company to another. The easier it is for key customer data to be moved, the harder it is for companies to lock customers into their service. The most recognizable example of data portability in today’s market is telephone numbers: moving from one provider to another is shockingly quick and easy, with phone calls coming in on an existing phone through a new provider within literally minutes of switching - and with a surprisingly low level of effort by the consumer.
By contrast, data interoperability refers to the ability for different companies to agree on standard approaches to data management that allow them to interact directly with one another. An easy example is email: regardless of the email client one uses, an email looks essentially as expected, which allows consumers to use, for instance, MS Outlook at the office, but check messages out of business hours through Apple Mail or Gmail.
While portability implies that data has moved from one place to another, and interoperability implies data’s presence in more than one location, each carries promise and risk. The promise is a smooth transaction and the ability to do business quickly and effortlessly; the risk is the proliferation of access to data that may need to be closely guarded.
Data Interoperability in Payments
When the world moved to virtual payments (somewhere in the early 21st century, as the Internet started to explode in popularity), the banking and financial systems had to innovate quickly in order to catch up. This process was accelerated by the existing SWIFT network, which had been created in the 1970’s to empower less than 300 banks to interoperate, allowing them to close transactions faster than the traditional approach of literally recording paper (i.e. checks, money orders, etc.) information and sending receipts back and forth. That model was rapidly repeated, across institutions and across the world, in a highly-pressurized effort to connect customers and enable the explosion of e-commerce that followed.
Today, financial institutions have agreed on enough standards that they can communicate in what is to all intents and purposes real-time. Although for some reason US banks continue to claim to be unable to move money between themselves near-instantaneously, services like Venmo, PayPal and Zelle can, and banks in other regions are powering instant cash transfers every day.
Data Portability in Payments
The primary purpose of data portability in payments is to move credit card, and other personal cardholder data, from one entity to another. Generally speaking, this is used in the context of porting data from one payment gateway to another, as the traditional mode of operation for merchants is to serially contract with one gateway at a time. The most common example is when a subscription services provider switches their payment gateway, and needs to bring their subscribers’ credit card information along with them, in order to avoid having to ask customers to re-enter their details.
Unfortunately, it is generally not in the best interests of a payment processing service provider (PSP) to make it easy for their merchant clients to sever their relationship, meaning that there is a disincentive to ease the path to porting card information. As such, the PSP may very well insist on a (potentially very expensive and time-consuming) process, by which they securely transfer all stored customer data to a single, defined alternative PSP.
In other words, although data can be ported relatively easily between payment providers, it often isn’t.
Self-Directed Payment Data Portability
A better way to think about leveraging data portability is to imagine it less as the currently-dominant point-to-point process, and more as a hub-and-spoke model. Traditionally, merchants would allow their single contracted PSP to be the holder of all their cardholder data, then have it shifted en masse to a new partner when business change happened. Innovative, modern merchants, however, have discovered an alternative that leaves them very much in charge of their customer data: token vaults, such as the one offered by Basis Theory.
With a token vault deployed, merchants can maintain control over the stored customer data at a location that is separate from their PSP. In this way, the information can be willingly passed from the token vault to a currently-contracted PSP, or, indeed, multiple currently-contracted PSPs; then, when the partnership between merchant and PSP is dissolved, the PSP has an obligation to cease using the stored data - but the merchant still has control of it, ready to exchange with other partners.
In such a scenario, the token vault operates as the hub of all cardholder data and can port it to the use of multiple partners, which represent the process spokes. That data is still shared securely, and according to relevant PCI-DSS guidelines, delivering valuable portability, but without the risk of its getting stuck in a distribution process between an outgoing and incoming PSP partner.