The Real Costs of Vaulting Payments

What is Payments Vaulting?

Merchants are said to be ‘vaulting payments’ when they contract with a partner, which stores sensitive cardholder data securely and provides the merchant with an undecryptable token string. By vaulting customer payments data, the merchant is able to offload some of the PCI-DSS compliance activities (as they never actually ‘see’ customers’ card data in plain text), and potentially simplify their payment process. Conversely, by passing the responsibility for cardholder data storage and transmission to a third party, they give up some control and ownership over one of the most valuable pieces of information a merchant can have: the details needed to process future customer transactions.

Who Provides Vaulting Services for Payment Processing?

Full-service payment services providers (PSPs) are renowned for delivering services that are, even if not promoted as such, vaulting. Alongside what are often simplified, flat rate fee structures, these PSPs additionally collect all cardholder data, provide a benign token to the merchant, and then take charge of transmitting the data - at the merchant’s request - through the payments ecosystem to close sales.

Third party tokenization service providers like Basis Theory also offer payment vaulting, in which they collect and store data, and deliver it to payment processing destinations on request by the merchant. They offer many of the same services as the full-service PSPs - including credit card number updating, security measures, and so forth - but, somewhat differently, enable the merchant to contract with a functionally infinite number of downstream PSPs. They also generally offer a simplified path to migrating stored cardholder data to new partners when merchants opt to change their provider.

Unanticipated Payments Vaulting Costs

One of the issues with ceding responsibility for collecting and securely storing cardholder data to a partner is the loss of control over how the information is managed. The storage and transmission processes may include reasonably well-understood fee structures, such as

• Event-based costs incurred when specific actions occur, such as the collection of a new customers’ data, or executing commands to update expired credit card numbers
• Usage-based costs incurred when the merchant activates the system to transmit details to a particular payment processing destination

However, there are other costs to payments vaulting that are less easily-anticipated, including:

• Vaulting costs obscured by bundling such as higher processing fees, or other charges that are not expressly associated with vaulting

• Duplicative payment method vaulting when, for instance, the same credit card number is stored for a customer who has more than one record, or who simply opts to re-enter the same card again rather than saving it for later

• Inefficient card update processes that initiate checks for expired cards too often, incurring unnecessary charges for simply re-validating an account that is still in good standing

• Vault migration costs often hurt younger merchants, which start their business using the vaulting payments capabilities of a full-service PSP, only to find that the cost to migrate their cardholder data to an alternative provider is prohibitively high

Payments Vaulting Strategy Has Real Impact

The first payments vaulting choice a merchant must make that will have a profound and long-lived impact on their costs is simply: whose payments vaulting services they are going to use.

Opting for full-service PSP payments vaulting is the easiest path, as it is simply an implicit element of most such providers’ offerings. Indeed, the merchant need barely think about how and whether the vaulting works, as it is core to the operating processes they use to transact business through their PSP partner. However, once those tokens are, to all intents and purposes, owned (or at least controlled) by the PSP, the merchant is immediately in a bind: it will likely be expensive and time-consuming to export that data and bring it elsewhere, meaning they are locked in to that singular PSP. And in payments, as in so many business processes, lock-in brings negative consequences.

Opting to use a third party tokenization provider to provide payments vaulting adds an additional cost to the payment process, although that cost can be very low (on Basis Theory’s introductory program, merchants can charge 1,000 tokens up to 5 times a month for a cost of $49, or just under a penny per transaction). While this cost must be added to the merchant’s existing payment fees, it opens up a whole world of opportunities to build an automated payments system that increases successful transaction rates, and reduces total payment fees by delivering transactions to a range of PSP partners. Just the ability to re-direct debit card charges to a PSP that charges fees that reflect the lower costs versus credit card charges can more than make up for the additional tokenization cost.

Meanwhile, with a tokenization partner, merchants can move from one PSP to another, and, more importantly, maintain a constantly evolving stable of partners. This empowers the merchant to get the best rates, access the payment methods and services their customers prefer, and try out new approaches, such as Buy Now Pay Later (BNPL).

Explicit Versus Payments Vaulting Costs

Using the implicit payments vaulting services of a full-service PSP may seem to be, effectively, free, as the costs are largely subsumed by the overall fee structure (though data enrichment services, such as automatic updates for explored cards may very well generate additional charges). By contrast, the use of a third party tokenization provider explicitly adds a cost - as discussed above, this may be as low as a penny or so per transaction, though of course this will vary based on volume of tokens and transactions.

Making the decision on the explicit charges is not as tricky as it seems. Full-service PSPs generally charge fees in the United States in the range of 2.9% plus $0.30 per transaction; while the average fee paid across all transactions is actually 2.24%. On a $100 transaction, a full-service PSP charge would be $3.20, versus the industry average of $2.24; building a stable of PSP partners who could bring the merchant’s average cost-to-transact nearer to the average level leaves plenty of room for the cost of the third party tokenization provider.

Meanwhile, the decision on the less-obvious costs should be even easier: getting locked into a single provider’s services represents a potentially existential threat to a merchant’s business. It is widely acknowledged that friction (such as having to re-enter credit card data for subsequent visits to an online merchant) negatively impacts sales, so the inability to migrate that stored data between PSPs could mean being forced to stick with the original provider long after its ease-of-use benefits are outweighed by its higher costs.

If you’re a merchant looking for a vaulting solution, the flexibility and reliability of Basis Theory makes it the choice of large and small merchants alike. Contact us today to chat with one of our payment experts.