PCI Compliant Card Vaulting

Secure Credit Card Storage

In order to accept credit card payments, you need to comply with PCI DSS. This includes the obligation to store card data securely. As setting up and maintaining your own secure storage is costly and complex, most merchants rely on third party credit card vault providers to store this sensitive information. IXOPAY offers a PCI DSS Level 1 independent credit card vault, reducing your own PCI DSS scope and costs.

IXOPAY's PCI Compliant Vault

Use IXOPAY’s PCI Vault to ensure you adhere to the rigorous standards of the Payment Card Industry Data Security Standard (PCI DSS). Our PCI Vault is PCI-DSS Level 1 certified, ensuring the secure storage of customer credit card data via state of the art encryption. Storing payment information in our vault significantly reduces your PCI DSS scope and costs, while protecting your customers from the risk of data breaches. IXOPAY is also 3DS certified, delivering an additional layer of security to card transactions.

Use IXOPAY’s PCI Vault to:

  • Store card data securely in encrypted form
  • Tokenize payment details for additional security
  • Process card on file transactions including recurring payments with any PSP
  • Reduce your PCI DSS scope and liability
  • Reduce the risk of data breaches
  • Manage a card’s lifecycle, ensuring card details are up-to-date

Credit card payments remain popular

Credit card payments remain popular for online purchases. However, merchants and businesses that process and store credit card transactions need to comply with PCI DSS requirements. These are mandated by the credit card schemes to ensure that card details are handled and stored securely

IXOPAY's PCI Vault helps your business meet these requirements, while reducing your PCI DSS scope and costs. This allows you to process card on file transactions and streamlines your checkout process by allowing your customers to store payment information for reuse.

What is PCI DSS?

The Payment Card Industry Data Security Standard (PCI DSS) defines baseline requirements and best practices for protecting credit card account data and ensuring secure storage. The guidelines mandate specific security protocols and processes to mitigate the risk of data breaches and safeguard payment data. Any business that processes or stores credit or debit cards must comply with PCI DSS. Using a payment orchestration platform like IXOPAY as your PCI storage provider makes complying with these requirements much easier and reduces costs.

How can merchants comply with PCI DSS?

Merchants who store and process credit cards directly need to meet higher levels of PCI DSS compliance. In total, there are four levels (1-4, with 1 being the highest), with the level required depending on your transactions volume. Outsourcing the storage of credit card details to IXOPAY significantly reduces your PCI DSS scope. Instead of requiring costly state-of-the-art secure infrastructure and annual recertification audits, you will typically only need to complete an annual self-assessment questionnaire.

IXOPAY’s PCI-compliant vault is PCI DSS Level 1 certified.

Reduce Your PCI DSS Scope and Costs with IXOPAY

PCI DSS imposes strict requirements on storing card details. The PAN must be encrypted and stored in a secure environment. Enterprises that store PAN data most deploy appropriate security measures and must undergo annual recertification. These requirements can easily incur costs of hundreds of thousands of euros per year. Storing sensitive payment data in IXOPAY’s secure PCI Vault reduces your PCI DSS scope and costs significantly, and eliminates the need for annual audits.

IXOPAY uses tokenization to ensure that you can reuse stored card details for card on file transactions and automatic recurring payments. Tokens eliminate the need to store sensitive card details locally, reducing your PCI DSS scope. IXOPAY tokens allow tokenized cards to be used with any payment provider connected via IXOPAY.

PCI transaction flow: The merchant sends credit card details that are stored in a secure PCI vault, and receives a token that is used for subsequent card on file payments using the same card.

Avoid Vendor Lock-in with IXOPAY

Payment service providers offer their own vaulting and tokenization services. However, these tokens are only valid for that provider. Cards tokenized this way cannot be used for transactions with other PSPs, leading to vendor lock-in. Furthermore, if your primary PSP is temporarily unavailable, terminates your contract or goes out of business, you will be unable to use tokenized card data to reroute the transaction to an alternative provider. Tokens issued directly by a PSP thus increases your dependence on that PSP and makes it harder to switch providers. 

Cards tokenized by IXOPAY and stored in our independent credit card vault can be used with any PSP or acquirer integrated via IXOPAY. If your primary provider experiences an outage or issues a soft decline, you can resubmit the same transaction to a different provider using the same token, increasing your conversion rate. Tokenizing card data with IXOPAY allows you to leverage the full power of a multi-acquirer setup, seamlessly integrating multiple payment providers through a single payment gateway.

Payment orchestration simplifies the process of integrating multiple PSPs; tokenized payment instruments can be used with any provider

Import and Export Tokenized Card Details as Needed

If you are migrating to IXOPAY and already have tokenized credit card details with your current payment provider, we can help you import this data into IXOPAY. This will allow your customers to continue using their stored payment methods.

At IXOPAY, we believe strongly in the independence of merchants to make their own decisions regarding payments, which is why we give you the means of exporting all your tokenized payment data should you decide to leave IXOPAY and move to another provider.

Ensure Card Details are Always Current

Card on file transactions, recurring payments and other automatic payments rely on up-to-date card details. Card details can change as the result of a card being reissued, e.g. due to it expiring or being lost. To ensure that card details stored in IXOPAY’s PCI Vault are up-to-date:

IXOPAY’s Account Updater allows you to automatically request up-to-date card details from the network schemes

Network tokenization allows you to use tokens issued by the card schemes (Visa, Mastercard etc.) directly; these tokens always reference the latest card details managed by the schemes themselves

As cards stored in the IXOPAY PCI Vault can be used with any PSP, this card lifecycle management only needs to be performed once for all PSPs.

Interested in learning more?

Let's schedule a tech demo!