Glossary

Q: What is a payment vault and what are its advantages?

A payment vault refers to a PCI DSS card vault . This is where the customers' payment information is stored securely, and the information stored here can be used by consumers when making future purchases (card on file). Payment information also needs to be stored to handle recurring payments. Payment information stored in the vault is tokenized. Tokenization is a security mechanism that replaces payment details (e.g. credit card account) with a random sequence of characters, obscuring the underlying payment information. Merchants can store tokens locally without affecting their PCI-DSS scope, and simply send the token to their payment gateway when processing a transaction. While payment service providers (PSPs) also offer tokenization, the tokens issued by PSPs can only be used with that PSP. The tokens issued by a payment orchestration platform like IXOPAY can be used to process transactions via any of the PSPs integrated using the payment orchestration platform. This protects merchants from vendor lock-in and makes it much easier to switch PSPs when necessary.

June 19, 2021

Card Vaulting

A card vault is an essential part of a payment stack. It securely stores and tokenizes customers' payment details. Tokenization is a security mechanism that replaces payment details (e.g. credit card account) with a random sequence of characters, obscuring the underlying payment information. Storing payment details mean that customers do not need to resubmit their payment details each time they make a purchase via the same merchant, streamlining the checkout experience. This can boost turnover, as customers are more inclined to make repeat purchases when they do not have to re-enter all of their payment information.

What is a payment vault and what are its advantages?

A payment vault refers to a PCI DSS card vault. This is where the customers' payment information is stored securely, and the information stored here can be used by consumers when making future purchases (card on file). Payment information also needs to be stored to handle recurring payments. Payment information stored in the vault is tokenized.

Tokenization is a security mechanism that replaces payment details (e.g. credit card account) with a random sequence of characters, obscuring the underlying payment information. Merchants can store tokens locally without affecting their PCI-DSS scope, and simply send the token to their payment gateway when processing a transaction. While payment service providers (PSPs) also offer tokenization, the tokens issued by PSPs can only be used with that PSP. The tokens issued by a payment orchestration platform like IXOPAY can be used to process transactions via any of the PSPs integrated using the payment orchestration platform. This protects merchants from vendor lock-in and makes it much easier to switch PSPs when necessary.

How can you securely store customer credit card information?

PCI-DSS sets out requirements for the storage of credit card data. Meeting the requirements of PCI-DSS for storing credit card data can be costly and requires secure infrastructure and annual audits. For merchants, outsourcing the storage of payment details to a third party vault helps decrease their PCI-DSS scope. This is turn cuts costs and may eliminate the need for annual audits. Many merchants simply need to complete a self-assessment questionnaire (SAQ), provided they do not store credit card details themselves.

What is the best way to store credit card numbers?

The best way for merchants to store credit card details is in a third party PCI DSS card vault. Cards stored in these vaults are tokenized, and merchants can store these tokens locally without affecting their PCI-DSS scope. A payment orchestration platform like IXOPAY issues tokens that can be used to process transactions via any of the PSPs integrated using the payment orchestration platform.

What are the benefits of storing payment data?

By storing a customer’s payment data, you make it easier for them to make repeat purchases. This lack of friction encourages them to continue using your shop and or services.

Further Information:

Expertise

September 03, 2020

Keep Your Payments Healthy

Avoid provider lock-in and take control of your payments set-up

News

May 20, 2021

IXOPAY in "Who’s Who in Payments" Report

Read what The Paypers writes about leading payment orchestration provider IXOPAY

Expertise

September 15, 2020

Tokenization: Control Your Payment Data

Don’t be held hostage by your payment provider

Partner	Name	Description	Duration
IXOPAY GmbH	cookiesConsent	Cookie Banner. Stores your cookie settings.	12 Months
IXOPAY GmbH	_fm	User centric security cookie to detect authentication abuses. Filters out computer/bot generated Website requests.	30 Minutes
Google Ireland Limited	reCAPTCHA	User centric security cookie to detect if a human being or a computer is making a specific entry in our contact or newsletter form.	6 Months
Cloudflare Inc.	cf_clearance	Used by Cloudflare (Website Security Network) to identify trusted web traffic, and protect our website against malicious activity (see Cloudflare's Cookie Informations).	30 minutes

Partner	Name	Description	Duration
Google Ireland Limited	_ga	Analytical cookie set by the service Google Analytics used to distinguish visitors. Collects data about number of visits and user journey.	2 years
Google Ireland Limited	_gid	Analytical cookie set by the service Google Analytics used to distinguish visitors. Collects data about number of visits and user journey.	24 h
Google Ireland Limited	_gat_ua-keynumber	Analytical cookie set by the service Google Analytics used to throttle the request rate, limiting the collection of data on Websites with high traffic.	Session
Google Ireland Limited	_ga_container-id	Cookie set by the service Google Analytics 4. The cookie is used to persist session state.	12 month
Microsoft Ireland Operations Limited	Clarity	Analytical service capturing your interactions on the Website such as how the page has rendered and what interactions you had on the Website (surfing behavior: mouse movements, clicks, scrolls). Microsoft collects or receives personal data from us to provide Microsoft Advertising (see Microsoft Privacy Statements). Sensitive content such as passwords, usernames, and user input are masked before sending to Microsoft.	12 months
Dealfront Group GmbH	_lfa	Analytical service that collects the visitor IP address to detect corporate visits and their geographic location. Leadfeeder only shows company visits, automatically filtering out all users visiting from residential IP addresses. All visit data is aggregated Dealfront Group GmbH / Analytical service that collects the visitor IP address to detect corporate visits and their geographic location. Dealfront only shows company visits, automatically filtering out all users visiting from residential IP addresses. All visitor data is aggregated on the company level (no reference to natural persons). Via a connection to Google Analytics, Dealfront shows company visitors' interactions on the Website (pages viewed, visitor source and duration of session). Dealfront also enriches that company data with contact data for individuals from publicly available data sources (eg. LinkedIn).	24 months

Partner	Name	Description	Duration
Google Ireland Limited	_gcl_au	Conversion-cookie set by the service Google Ads for assessing advertisement efficiency across our Websites and on websites of our marketing- & advertising partners.	3 months
Google Ireland Limited	_gac_gb_container-id	Cookie which connects Google Analytics und Google Ads. Google Ads website conversion tags will read this cookie.	90 days
Microsoft Ireland Operations Limited	Universal Event Tracking (UET)	Conversion-cookie set by the service Microsoft Advertising for assessing advertisement efficiency across our Websites and on websites of our marketing- & advertising partners. In general, the cookie in the relevant domain and your IP address are passed to Microsoft with every http request and not just via UET.	13 months