.png?width=365&height=122&name=BTLogo%20(1).png)
What are the best use cases for a payment vault?
Deciding how to construct an effective and profitable payments system is now a fundamental business building block for merchants selling online.
As merchants look to reduce their costs and accelerate their revenue, payment vaults are stepping up to make life easier and better.
What is a payment vault?
A payment vault is a third-party service that collects customer payment details on behalf of the merchant, stores them, and returns a token to the merchant who can use it downstream with the payment processor of their choice. The key to the process is the payment vault, storing the data before it reaches the merchant’s systems, and providing a token that the merchant can use.
A token is a string of characters that represents the stored information, but is not inherently connected unlike an encrypted value (which can be decrypted by anyone who gets hold of the key, or has access to significant computing power). A token is a randomly-generated value that can never be reconstructed into the data it represents.
A payments vault, then, allows a merchant to have access to the customer’s payment information via token, without running the risk of a hack or data leak. Having a third-party, independent payment vault empowers a merchant to make deals with as many payment processors as makes sense for their business because they aren’t trapping any customer details with a single partner. By keeping the plain text data out of the merchant’s systems and in a payment vault, it reduces the resources drain and risk of guarding customer data according to the PCI-DSS standard that all credit cards insist on.
The logical alternative to a payment vault is a full-service payment service provider (PSP) like Stripe, which acts as a one-stop-shop for all payment services. These providers deliver many of the same things that a payment vault can, including data collection and tokenization, access to alternative payment methods, and card account updaters to protect against card expirations. Full-service PSPs take on much of the heavy lifting at the back end, selecting downstream gateways to increase the success rates of transactions, and act as the primary account operator for connecting to merchant- and issuing-banks, and card networks.
That said, a full-service PSP makes money not just by providing these services, but by charging for them. As a result, what initially looks like an attractive, flat pricing scheme ends up being substantially more expensive in practice than it did during the evaluation process.
And possibly worse, the options for adding revenue streams from customer services like currency conversion are eliminated, because these are already things that the PSP includes in their service sets.
What are the benefits of a payment vault to a merchant?
Merchants using a payment vault to connect with multiple payment services has three primary economic benefits:
- Control: Any payment provider can opt to close a merchant’s account for reasons laid out in their agreements. When a merchant has relationships with multiple PSPs, losing one is inconvenient, possibly even damaging to the business; when a merchant has a relationship with only one, being shut down can be an existential threat to the business. Not only must they scramble to find an alternative provider, they must also either find a way to persuade the PSP to hand over stored customer card data, or risk adding friction to customer purchase processes by requiring customers to fill their information out again.
- Margins: A merchant using multiple PSPs can arbitrage the various rate cards to direct every transaction to the payment provider who will take the smallest cut. Considering the difference in fee bases for debit and credit cards (which is generally not reflected in full-service PSPs’ rates), or for transacting deals in the customer’s country of origin, even if it isn’t the same as the merchant’s, the financial impact can be profound.
- Security Overhead: Every merchant that wants to be able to accept credit cards must remain in compliance with PCI-DSS regulations, which govern the protection of end user PII. By storing customer information in a level one environment, merchants can ensure the security of all data, while maintaining access to direct transactions to their processor of choice, without bringing their own payments system into PCI scope. In practical terms, this can reduce the cost of maintaining security by orders of magnitude, while still providing excellent customer service.
Do payment vaults support merchants going multi-processor?
Technically, a programmable payments vault is an optional element in a multi-processor payments system. There is nothing that prevents a merchant from collecting customer data within their own environment and using an embedded decisioning engine to select the right PSP to deliver each transaction to.
That said, not using a vault means that the merchant’s own system is now entirely in scope for PCI-DSS regulations, which adds time, effort, and costs to their operation. It also means that the merchant must become expert in data protection, opting for strong encryption and/or tokenization in their own systems to protect against stored information being leaked and sold, leading not only to potential losses of revenue, but to powerful loss of brand equity and customer trust.
When a merchant opts to vault their customers’ stored information, they have the flexibility to connect with any downstream provider they choose, not just actual processors, but also providers of other services, including authentication and security services. Using a single PSP, or even routing requests through an orchestration platform, can mean being limited to a subset of the available downstream service environment, because the merchant is limited to those providers who are already integrated into the platforms they are using.
Using a vault removes the limitations on third party services that can be used, or, at least, limits them only in the sense that their chosen provider must offer API access that can be reached programmatically from the vault. The lifting of the requirement to wait on a downstream provider to create integrations empowers the merchant to move quickly to meet market needs and counter competitive challenges.
For a merchant just getting started out selling goods on the internet, a full-service PSP may be just the ticket to get started. For merchants starting to see real growth, or for providers who want to extend their offerings beyond simple buying and selling, a payment vault opens the world of possibilities, offering the option to contract with a variety of payment-related service providers, while reducing the cost of doing business, and shoring up security with a low investment of time and resources. In the end, it is an indispensable weapon in any growing business's arsenal.
