What is a credit card vault?

Store customers' sensitive data in the Checkout.com Vault for convenient and secure repeat payments.

Link to the author's page
Max Lamond
August 21, 2024
Link to the author's page
What is a credit card vault?

Customers love convenient payments. And information security managers love compliant data storage. Credit card storage software known as a “vault” achieves both goals.

As the name suggests, a credit card vault is a secure digital repository for your customers’ payment details. It’s useful for subscription-based businesses to automate recurring credit and debit card payments, for instance.

In this article, we’ll look at how and why a vault helps merchants to take secure payments from customers.

What is a credit card vault?

A credit card vault – sometimes known as a token vault or a payment vault – is a secure digital system which stores customer payment details. It uses sophisticated encryption techniques and tokenization to ensure merchants can process secure payments without becoming legally liable for handling payment data.

How does tokenization work in a credit card vault?

The credit card vault protects customers’ payment details through a process called tokenization. This involves replacing the raw card details with a “token”, i.e. an algorithmically generated alphanumeric string that only has meaning within the specific payment context it’s created for. The token is created at the moment of the payment request, and expires after a short duration (to ensure maximum security).

What that means is, should a hacker intercept the payment message that contains the token, they cannot access the customer’s credit card numbers. 

It’s equivalent to thieves robbing a casino and leaving with a bag full of plastic poker chips. The poker chips have no meaning or value outside of the casino.

To learn more, read our guide on how tokenization combats fraud.

Which data can you store in a credit card vault?

Even though it’s often referred to as a “credit card vault”, you can use the Checkout.com Vault to store debit cards, credit cards, and bank account details. However, payment card details are not the only data you can securely store in the Vault. 

The Checkout.com Vault can store two types of data:

  1. Payment Instrument: The encrypted credit card, debit card or bank account details of one customer.

  2. Customer Object: The encrypted personal data of a particular customer, such as their name, email address, and phone number. 

Checkout.com’s Vault gives merchants a good level of control and flexibility over data stored. Merchants can store, retrieve or update their own metadata. An individual customer can be linked to multiple Payment Instruments or have a default Payment Instrument associated with them. A good use case for this is to assign your own customer IDs or reference for reconciliation with your existing reporting and analytics systems.

Moreover, you can request the Customer Object data for use in third-party services such as fraud-screening tools, 3D Secure (3DS) authentication services, and use with Customer Relationship Management (CRM) software.

What can you use a credit card vault for?

You can use payment instruments stored in the Vault to make different kinds of payments, including:

  • Card-on-file transactions: recurring payments that use existing customer card data. This includes installments, subscriptions, and delayed transactions.
  • Payouts: credit your customer’s bank account or payment card on demand.
  • Free trials: use customer credentials to sign them up for a time-limited trial period. 
  • Bank 
  • ACH or SEPA payments: deposit funds or collect payments from customers using these direct-to-account transfer methods

As a merchant, you must meet legal, regulatory, and scheme requirements related to processing payments. Ensure you understand your obligations relating to consent and customer notification when it comes to subscriptions, trial periods and unscheduled transactions.

Managing credit card storage software

Storing payment details is more strictly regulated than other customer data such as names, phone numbers, and email addresses. For that reason, you need to pay special attention to the following aspects of credit card storage software:

Access

You need to ensure you have a proper security policy around who can access customer payment details. It would be wrong to store payment details in a system like a CRM which only requires a simple username and password; anyone could simply log on and misuse that data to steal funds. 

Access management is a vital part of fraud detection and prevention, so you need proper policies in place to reduce risk. When storing your customers’ payment details in a secured credit card vault, you need both the public and private API keys to access them. This level of authentication when submitting a Token access request to the Checkout.com API adds another layer of protection to your customer data.

Compliance

Credit card storage must be PCI compliant. PCI DSS (Payment Card Industry Data Security Standard) regulations require all businesses accepting debit and credit cards to adhere to strict protocols around how they handle that data. The more data you process, the more stringent your compliance obligations will become.

To store sensitive payment card data requires filling out the PCI SAQ (Self-Assessment Questionnaire) to determine your level of compliance. 

As a licensed financial institution, Checkout.com meets all the legal, industry and regulatory standards necessary to handle credit card data securely. You can see our security and compliance credentials on our dedicated Trust site.

Using a third-party credit card vault service

If your business does not meet the necessary compliance requirements to store payment data locally, you can use a specialist third-party credit card vault provider.

This offers many benefits, including shifting liability of data security compliance, as well as  scalability. The Checkout.com Vault also enables you to use your stored instruments for purposes outside of acquiring and payouts, such as submitting customer data for anti-fraud screening services.

Benefits of a credit card vault for merchants

Credit card vaults are crucial not only for safeguarding your customers’ details and providing a better experience at the checkout – but for growing your business internationally and combating fraud, too.

Here’s a summary of the benefits of the Checkout.com Vault:

Meeting regulatory requirements

Checkout.com has Level 1 (the highest) rating for PCI compliance – as well as meeting the requirements of all relevant financial regulators. Partnering with a trusted payment services provider (PSP) is the most straightforward way to ensure your PCI compliance as a business.

Facilitating secure payments 

Our Vault follows the most stringent data security protocols. Our defense in depth strategy involves segregating network services that interface with merchants from internal services, including our development platform, enhancing security and minimizing potential attack surfaces. With an emphasis on layered defense, our production systems are isolated and rigorously governed, with user access controlled by strict access levels and secure, encrypted VPN connections.

Please refer to the Checkout.com Trust Center for further details on our information security. 

Recurring payments success

The Vault can ensure customers’ payment details automatically update even when the card is lost or expired. This helps to improve the chances of successful payment without relying on your customer to manually update their payment details on a regular basis.

Reducing payment friction

Storing card details in a credit card vault means that, when your customer makes a repeat purchase, they can access benefits such as one-click payments, or auto-filled payment form fields. This leads to a faster, friction-free payment flow, leading in turn to reduced abandoned cart rates and – for recurring billing – less customer churn.

Fraud prevention

By vaulting your credit card data with the right provider, you can slash the risk of data breaches: and avoid your customers’ information ending up on the Dark Web, where it can be sold and used for fraudulent purposes.

Through this lens, you’re not only protecting your customers, but your own business – preventing fraud from coming back to bite you in the form of chargebacks.

Scalable as your business expands internationally

Credit card vaults enable payment processing in a range of geographies. You can scale your cross-border payments strategy by connecting to a mix of payment service providers that meet your needs.

Store payment data safely with Checkout.com

Checkout.com is a Level 1 PCI compliant credit card storage and tokenization provider. That means you can store payment details in our secure payment vault. 

The Checkout.com Vault also connects with our other payment management tools, such as our Real-Time Account Updater, which automatically refreshes your customers’ debit and credit card information. This helps you to avoid lost revenue and churn due to expired or replaced cards.

Stay up-to-date

Get Checkout.com news in your inbox.

Back to top button
August 21, 2024 18:00
August 21, 2024 18:00