Storing Payment Information

Reduced Number of Clicks at Checkout

Loyal customers are return customers. Simplify your checkout process for return customers by letting them reuse payment information and reduce the number of clicks required to complete a purchase. This requires payment details to be stored securely for each customer. Storing customer details and payment information is also required for card on file transactions and recurring payments.

IXOPAY allows you to store, view and manage your customers’ details along with their payment instruments and transaction history. Offer return customers a choice of previously used payment instruments at checkout, with their preferred payment instruments pre-selected.

Streamline Your Checkout Experience

Giving your customers the option to store payment instruments streamlines the checkout process for return customers. It bypasses the need to re-enter payment details, and if multiple payment instruments are stored for a customer, one can be set as their preferred payment option. The preferred payment option can then be pre-selected in the checkout page, meaning that only a single click (e.g. a “Buy Now” button) is needed to complete a purchase.

Streamlined checkout with stored payment details

Storing payment details speeds up the checkout process for return customers

Storing Customer Details Securely in IXOPAY

Customer details (name, billing address, email address etc.) in IXOPAY are stored in customer profiles. Payment instruments (credit cards, bank accounts, Apple Pay and Google Pay) can be stored in a customer profile, with one of the instruments defined as the customer’s preferred payment method. A full transaction history is also available for each payment instrument.

These payment details are stored in IXOPAY’s secure vault, which is required for credit card details, whose handling is governed by PCI DSS. There are various levels of PCI DSS certification, with more stringent requirements applying to businesses who handle and store credit card account information directly. Storing this data yourself means meeting these stringent PCI DSS requirements, which include annual recertification and significant expenses. The IXOPAY PCI Vault, which is PCI DSS Level 1 certified, significantly reduces your PCI DSS scope and associated costs.

Checkout flow with IXOPAY on different devices

Checkout pages suitable for any type of device

Segregate Data and Comply with Local Regulations

IXOPAY uses so-called tenants and sub-tenants to depict the structure of an organization, e.g. to represent a company’s regional hierarchy (global HQ, regional HQ, local branches) or organizational structure (e.g. product lines or divisions). Access rights can be applied using this structure to ensure a separation of data. This ensures that customer details are not shared with entities outside the EU, in line with GDPR requirements.

Tokenization

Payment information stored in IXOPAY’s vault is tokenized. A unique identifier is generated that references the payment details in the vault, and which you can store without the risk of exposing any sensitive data. A malicious actor cannot reverse engineer the underlying payment data from the token.

Payment details tokenized by IXOPAY can be used to process transactions with any payment provider connected via IXOPAY. This is in contrast to tokenization services offered directly by payment providers, whose tokens are only valid for that provider. This leads to vendor lock-in and a high degree of dependence on that provider for recurring and card on file transactions.

The independence that IXOPAY offers is particularly beneficial within a multi-acquirer setup with smart routing and fallback options, and helps manage the risk associated with losing access to a payment provider at short notice (e.g. the provider goes out of business or terminates your contract).

Benefits:

Increased security, eliminating the risk of merchant's exposing payment details in the even of a breach
Use stored payment instruments with any payment provider integrated via IXOPAY
Remove your dependency on individual PSPs
Automatic cascading
Mitigate the risk of losing access to your PSP

Tokens reference payment details in a secure vault, increasing security. Merchants can use tokens to process CoF transactions.

Managing Customer Profiles

Customer profiles can be accessed in the IXOPAY platform as well as updated using the Customer Profile API. Use the API to query the payment instruments stored for a customer in order to display them on your checkout page and in order to pre-select the customer’s preferred payment methods. Any changes a customer makes on the checkout page, such as updating their preferred payment method or adding a new payment instrument can be applied to their customer profile using the API.

Customer data is stored in customer profiles in IXOPAY

Interested in learning more?

Let's schedule a tech demo!

Partner	Name	Description	Duration
IXOPAY GmbH	cookiesConsent	Cookie Banner. Stores your cookie settings.	12 Months
IXOPAY GmbH	_fm	User centric security cookie to detect authentication abuses. Filters out computer/bot generated Website requests.	30 Minutes
Google Ireland Limited	reCAPTCHA	User centric security cookie to detect if a human being or a computer is making a specific entry in our contact or newsletter form.	6 Months
Cloudflare Inc.	cf_clearance	Used by Cloudflare (Website Security Network) to identify trusted web traffic, and protect our website against malicious activity (see Cloudflare's Cookie Informations).	30 minutes

Partner	Name	Description	Duration
Google Ireland Limited	_ga	Analytical cookie set by the service Google Analytics used to distinguish visitors. Collects data about number of visits and user journey.	2 years
Google Ireland Limited	_gid	Analytical cookie set by the service Google Analytics used to distinguish visitors. Collects data about number of visits and user journey.	24 h
Google Ireland Limited	_gat_ua-keynumber	Analytical cookie set by the service Google Analytics used to throttle the request rate, limiting the collection of data on Websites with high traffic.	Session
Google Ireland Limited	_ga_container-id	Cookie set by the service Google Analytics 4. The cookie is used to persist session state.	12 month
Microsoft Ireland Operations Limited	Clarity	Analytical service capturing your interactions on the Website such as how the page has rendered and what interactions you had on the Website (surfing behavior: mouse movements, clicks, scrolls). Microsoft collects or receives personal data from us to provide Microsoft Advertising (see Microsoft Privacy Statements). Sensitive content such as passwords, usernames, and user input are masked before sending to Microsoft.	12 months
Dealfront Group GmbH	_lfa	Analytical service that collects the visitor IP address to detect corporate visits and their geographic location. Leadfeeder only shows company visits, automatically filtering out all users visiting from residential IP addresses. All visit data is aggregated Dealfront Group GmbH / Analytical service that collects the visitor IP address to detect corporate visits and their geographic location. Dealfront only shows company visits, automatically filtering out all users visiting from residential IP addresses. All visitor data is aggregated on the company level (no reference to natural persons). Via a connection to Google Analytics, Dealfront shows company visitors' interactions on the Website (pages viewed, visitor source and duration of session). Dealfront also enriches that company data with contact data for individuals from publicly available data sources (eg. LinkedIn).	24 months

Partner	Name	Description	Duration
Google Ireland Limited	_gcl_au	Conversion-cookie set by the service Google Ads for assessing advertisement efficiency across our Websites and on websites of our marketing- & advertising partners.	3 months
Google Ireland Limited	_gac_gb_container-id	Cookie which connects Google Analytics und Google Ads. Google Ads website conversion tags will read this cookie.	90 days
Microsoft Ireland Operations Limited	Universal Event Tracking (UET)	Conversion-cookie set by the service Microsoft Advertising for assessing advertisement efficiency across our Websites and on websites of our marketing- & advertising partners. In general, the cookie in the relevant domain and your IP address are passed to Microsoft with every http request and not just via UET.	13 months

One-click Checkout and Recurring Payments