On this episode of Payments Dialog, we speak with Eda Rodriguez, part of the Spreedly success team, about how organizations can keep their payments portable while efficiently capturing and securely storing payment details.
Want to learn more about how Spreedly can help your company make your payments portable? Reach out to us here.
Rough transcript of this Payments Dialog:
Peter Mollins:
Hi everybody. This is Peter Mullins with Spreedly, and welcome to another edition of Payments Dialog. Super excited to be here with Eda Rodriguez who is customer success manager over at Spreedly. Eda, hello and welcome.
Eda Rodriguez:
Hi Peter. Thank you. Thank you for having me.
Peter Mollins:
Great to have you, maybe you can tell me a bit about your role and your background if you don't mind?
Eda Rodriguez:
Oh, yes, of course. So been here at Spreedly now for two years. Actually, April 15th will be two years, so super excited.
Peter Mollins:
That's good.
Eda Rodriguez:
I am a customer success manager here at Spreedly, specifically for our month to month subscriptions. Very exciting. Lots of to-do and every day is different. So certainly not bored.
Peter Mollins:
That's great. Yeah. Well, and we have a very non-boring topic today too, because we're going to be talking about the credit card vaults or the payment method vaults.
Eda Rodriguez:
Yes.
Peter Mollins:
Why it matters to have them be portable. So first off, maybe just as a bit of background for everyone, maybe can you describe what actually is a credit card or payment method vault?
Eda Rodriguez:
Of course. So imagine a secure online storage container for payment method data, most commonly credit cards. This is essential for any business managing payments. There are a few options in the market. Often businesses will utilize the vault provided by their payment gateway, which works until it doesn't. Customers often share the pain of trying to obtain their tokens from their gateways, but are blocked because they don't own their data. There is a large fee, or worse they don't support the ability to export. Alternatively, some will build their own in-house vault, but that means taking on the compliance and regulations that come along with storing credit card information. Great news, the data is yours. Bad news so are the costs to support PCI certification every year. Then there are the third parties, you're Spreedly to allow any business access control and peace of mind to store their payment methods. At Spreedly one of our core features is our PCI Level-1 vault. Our vault allows businesses to own, maintain, and organize their payment methods as universal tokens.
Peter Mollins:
That's great. Yeah. That costs to build that kind of system must just be incredible, and the cost to maintain must be incredible as well.
Eda Rodriguez:
Yes. Yes. That's a constant thread that we hear from customers who have gone ahead and built them themselves, they're their own vault and... Yeah. Initially, great idea but then the actual maintaining of it, I think that's where the questioning of, "Is this really the right decision for the business?" [crosstalk 00:02:43] happens.
Peter Mollins:
Exactly. I mean, why not just focus on what's going to deliver a great customer experience and what you do best as a merchant or a platform. You do you do that experience for your customers best.
Eda Rodriguez:
Exactly. Exactly.
Peter Mollins:
Well great. Well, so now you've mentioned tokens and tokenization couple of times. So what is tokenization?
Eda Rodriguez:
Yeah. So essentially a vessel used in place of a credit card. So imagine a token is a random string of letters and numbers associated to a credit card, but on its own means and does nothing. However, when called and used against a gateway via Spreedly, that token carries with it all the information of a credit card and then some, to allow a purchase to be completed. Many gateway support vaults for their merchants, and they will have their own form of tokenizing a payment method. However, these tokens will only be usable against that gateway. There is no flexibility in the event like any good business, you wish to explore other integrations to improve success rates, or perhaps add on to expand regionally. But your gateway has locked down your tokens.
Peter Mollins:
Uh-huh (affirmative).
Eda Rodriguez:
Imagine-
Peter Mollins:
Yeah.
Eda Rodriguez:
... no access to them unless you stay. It's just not cool.
Peter Mollins:
No, it doesn't sound cool at all. So what you're looking for there is portability, right? That ability to put those somewhere else. But so sounds great, I want to have portability, but really maybe you can dive in a bit more into like why portability actually matters?
Eda Rodriguez:
Yes. So I mean, ultimately for the reasons I just shared. But many of our customers have shared their horror stories of something unexpected occurring and the need to export their tokens for my gateway. But the gateway just says, "No." Either they own the tokens according to their contracts, or it'll cost hundreds of dollars to export. Or simply they just don't want to lose the business so they make it as difficult as possible. So for the merchant it turns into, "Why even bother with that headache." This is unfair and your tokens are your tokens and the ability to move as the market shifts, or unexpected issues arise and you need to start running transactions to another gateway, or simply you just wish to move on to another system. Spreedly allows our customers, the freedom and mobility to export and pivot as needed.
Peter Mollins:
Yeah. I mean, if there's anything that we've been taught over the last year or since the start of the COVID crisis is just how important flexibility is, isn't it? I mean, and-
Eda Rodriguez:
[crosstalk 00:05:16] Yeah, definitely. Yes, definitely.
Peter Mollins:
That was great. Now up at the top you'd mentioned about this idea of PCI compliance and being able to avoid having to be audited for PCI. Maybe you can tell me a bit about what exactly PCI compliance means and what PCI is?
Eda Rodriguez:
Yeah. Of course. So it is a set of rules created by the major credit card companies that all merchants must follow if they accept credit cards. The reason is due to the nature of handling credit card information these rules are meant to minimize the risk and impact in the event of a data breach. The level of requirements will vary for each merchant based on their transaction volume.
Peter Mollins:
Okay so larger the merchant the more volume that they have, the more costly it is I'm guessing? But how costly is it really?
Eda Rodriguez:
Yeah, yeah. You pretty much nailed it, Peter. For a small merchant, it can be thousands of dollars, for a larger one, potentially hundreds of thousands. The bigger issue is the risk of audit and non-compliance. It's honestly just not a risk you want to take. You're much better off focusing on your customers and your core business.
Peter Mollins:
Yeah, no, that makes them a ton of sense. Again, coming back to that idea of what matters most and that's delivering a great customer experience? Isn't it?
Eda Rodriguez:
Exactly. Exactly.
Peter Mollins:
All right. So, you convinced me sounds great. But how does a Spreedly actually make it easier to vault?
Eda Rodriguez:
Yeah. Great question. So first number one, by being PCI Level-1 compliant means we are able to take on a major burden for our customers and help reduce their costs, which is always great. Next there's no cost to use and storing cards in our vault. I don't know if, how many of our own customers realize that. But if you have one card or a 100,000 all can be kept safely and ready for use at any time. So did I mentioned our universal tokenization?
Peter Mollins:
Wow.
Eda Rodriguez:
Merchants want flexibility Peter, control and security that are Spreedly vault provides.
Peter Mollins:
Great. Okay. Now I vaulted them that's terrific, but does that mean that they're vaulted and I never can access them or do anything with them? Or what am I able to do with valuated cards?
Eda Rodriguez:
Yeah. Great question. Ultimately, the ability just to complete your day to day transactions for your business, right? That's what you need to do. So thanks for open APIs, Spreedly supports the setup of reoccurring subscriptions, the ability to connect and send a vaulted card, not only to a gateway that suits your business best, but also allows you to connect, to find fraud tools, or things like loyalty programs. So as your business grows, your vault is able to evolve too.
Peter Mollins:
Ah, that's interesting. So as you're revolving though evolution is all about taking chances, doing experiments and things.
Eda Rodriguez:
Yeah.
Peter Mollins:
So, I've heard about some Spreedly customers doing experimentation on which gateways are... which are most effective for a region or for their industry. So maybe you can tell me a bit about that?
Eda Rodriguez:
Yeah, of course. So as a business matures, there are opportunities to take payments to the next phase, like shopping for other gateways, just even that opportunity, right? To help reduce costs, improving your success rates. Or honestly, for the peace of mind of layering on redundancy. Spreedly is universal tokenization and secure vault allows our customers the freedom to pivot as needed and even try on you integrations without fear.
Peter Mollins:
That's great. I love that. Well, this has been really informative and helpful. So thank you so much for taking the time to describe a little bit more about this notion of the vault and its portability.
Eda Rodriguez:
Of course, it was my pleasure. I am excited to do the next one.
Peter Mollins:
Excellent. Well, thank you, Eda and we'll talk to you soon.
Eda Rodriguez:
Thanks Peter.
Peter Mollins:
To everyone on, we'll see you on the next edition of Payments Dialog. Thanks. All.