The importance of optimizing your payment vault
Storing and securing payment credentials is a critical process in the modern ecommerce infrastructure. A vault that optimizes payment methods offers the ability to accept, store, and automatically update card credentials while minimizing PCI scope. The combination of secure storage and card lifecycle management (i.e. the automated updating of stored card information as they are reissued for any reason) services have worked well together during the surge towards a mobile-first, digital-economy. Entities actively managing these payment credentials have seen a boost to revenue, customer experience, and business intelligence through their implementation.
A credit card vault securely stores card details. Credit card vaults commonly use tokenization to store data safely, which involves turning data into a token, which is a series of randomly generated numbers that can be used to identify the original card data.
By tokenizing cardholder data, card details, including names and card numbers, will be indecipherable to fraudsters or hackers in the case of a breach. The token cannot be used outside of the vault, making card details unassailable.
There are several key benefits to leveraging outsourced third-party credit card vaults for merchants.
With data breaches carrying fines of up to $500,000, enforced by the Payment Card Industry Security Standards Council, it’s no surprise that merchants are concerned with how to securely handle sensitive card details. Not to mention, the public perception of merchants who are outed as having had a security breach is often extremely negative, which can have a big impact on customer loyalty. Credit card vaulting is an effective way of securely handling sensitive data, helping prevent merchants from breaches and cyberattacks.
Having to enter card data often serves as a barrier to checkout. Credit Card Vaults are the underlying technology to support digital wallets and keeping a customer's card on file in a secure way. This also makes them a great option for merchant aggregators, who can improve both the end-user experience and the merchant experience by providing their merchants with secure credit card vaulting.
Storing or processing card data yourself makes you liable to PCI DSS compliance. Becoming PCI-compliant can be a laborious and painful process, one that requires a huge number of man-hours from your team and certification comes with a price tag of between $50,000 and $200,000 for large businesses. Not to mention, multiple failures to comply can result in merchants losing their right to process card transactions. Using a third-party credit card vault can help reduce your PCI DSS scope.
For merchants of record, streaming platforms, and subscription-based services, storing customer data securely is crucial. When taking monthly payments, any payment frictions or failures can open you up to customers deciding to cancel their subscriptions. Credit card vaulting can help facilitate monthly subscription payments and prevent any failed transactions.
Credit card vaults facilitate a more accessible payments ecosystem, enabling merchants to be able to access a wider range of payment gateways, including those commonly used in new geographic regions the merchant may not currently operate in. Vaulting helps merchants scale faster by connecting to the right mix of payment service providers needed to support their unique needs.
Vaulting customer card data is an essential part of the payments flow of any fast-growing business. The advantages of having a tokenized vault are common knowledge among many payments teams, but traditionally these cards have been vaulted with a single gateway.
Many merchants are now realizing the value of a standalone credit card vault, enabling transactions with multiple payment gateways as they expand into new markets and geographies.
What are the advantages of taking this approach? In this post, we’ll explore the reasons you would want to have an independent vault.
One of the alternatives to a universal, standalone credit card vault is storing cards yourself. Storing cards yourself means taking on full PCI DSS compliance scope. An in-house solution secures the benefits of universal tokenization to enable a multi-provider payments ecosystem. It is the ideal solution for the large enterprise with extensive resources to manage its own payments ecosystem from head to toe.
The infrastructure and certification costs associated with PCI DSS compliance, starting at over $50,000 per year and requiring ongoing effort from dedicated personnel, are prohibitive for most businesses concerned with expanding quickly.
Alternatively, in order to reduce PCI DSS scope, most merchants decide to vault cards at their payment gateway.
The most common end-to-end payment solution, storing cards at a gateway works well for small businesses that do not need to transact across multiple gateways. A single provider can conveniently handle all of your tokenization and payment processing needs. However, with the growth of eCommerce more merchants are experiencing a need for a multi-provider ecosystem, as I recently covered in the Advantages of Integrating with Multiple Payment Gateways.
Cards stored in a gateway vault are essentially locked into that provider, making it difficult to move card data and negotiate rates. This can produce frustration as businesses grow and expand into new geographies, as they attempt to migrate and expand their payment network to new providers.
The perfect compromise to the previously mentioned scenarios is having a standalone card vault. A universal, standalone credit card vault avoids the costs of PCI DSS compliance and enables a multi-provider payments ecosystem.
In today’s eCommerce landscape, most merchants are looking to offload PCI DSS scope to the fullest extent possible. Maintaining infrastructure and managing recurring audits does not scale easily in modern SaaS businesses, and most companies have chosen to outsource vaulting credit cards to third-parties with expertise in the area.
For fast growing merchants anticipating geographic expansion, payment method portability via a standalone credit card vault enables the use of stored payment methods at any gateway that the provider is able to reach via integration. As a business expands into new markets, sending card data via additional gateways become necessary, but there are also other advantages to payment method portability.
Merchants processing large volumes of payments need redundancy and resiliency in their payment processing systems, to ensure unavailability does not result in failed transactions. A single-threaded gateway connection for both storing credit cards and processing transactions could result in a large loss of revenue.
For online platforms and marketplaces who aim to attract merchants to their service, a single-provider solution creates excessive friction for on-boarding. Requiring merchants to onboard with only one, or a small handful of gateways in order to participate makes using the platform less attractive. Platforms that are able to connect on-demand with all of their merchants’ payment gateways, but also offer credit card vaulting as a service, are more attractive to potential customers.
Going direct with a generic vaulting solution, once an easy solution to implement in the short term, ultimately proves a headwind at scale. Maintaining a legacy, low-touch vault provider carries a number of setbacks as an organization grows:
What’s missing in this model is not a specific feature, though a commitment to integrating the latest in capabilities is a key determinant of a trusted provider. What is missing is an active component to payment method management – a trusted partnership that allows your payment-storage engine to be fine tuned to the needs of your business. You may have all the right tools in your garage, but if you don’t know how to best use them individually and together, you will never get the best outcomes.
Creating a tailored vaulting experience might first look and feel like standard card-storage: cards are secured, PCI requirements are met, and lifecycle functionality (e.g. account updater) is switched on. Where does the active component come in? Let’s start by asking a few questions:
Are there any surprises as you think about these questions? Basic vaulting and lifecycle functionality may not seem to have changed much, but developments in features and management are growing – so are the opportunity costs of overlooking the vault as a business grows in scale and complexity.
The modern vaulting dilemma – using a staid vaulting approach based on habit and basic functionality – can be overcome by uniting a modern feature set with active management to tailor the vault to the business. We are excited about resetting expectations around vault value and performance and redefining modern vaulting for the decade to come.
In its basic state, a payments vault securely stores payment information like card details. Credit card vaults commonly use tokenization to store data safely, which involves turning data into a token, a benign reference to the actual sensitive payment data that can only be connected to the sensitive data within the vault. Beyond this basic function, payment vaults may also include a suite of additional features, such as card-lifecycle products (e.g. Visa’s Account Updater, and Mastercard’s Automatic Billing Updater that automatically update stored card details) and network tokenization. A network token is a special payment token created in partnership with the card-networks and issuing banks that can offer a number of benefits and be stored alongside the basic payment token created for a payment method.
Payment vaults may be provided directly by a payment service provider (PSP) or with independent third-party providers like Spreedly. The benefit of using a 3rd-party agnostic provider is that it offers a solution which allows the merchant to integrate with any number of payment providers (like PSPs) without limitation, unlike using a vault provided directly by a PSP. This lets merchants tailor their vaulting and payments engine to meet their specific payments needs.
Let’s categorize and break down the costs an organization may incur when vaulting payments. These are relevant at both the PSP or third-party provider levels:
Vault providers may use one or both of these pricing approaches. While they seem straightforward, as we take a closer look we can begin to see where hidden, substantial costs are incurred by users.
As a provider that has vaulted over a billion payment methods, we have seen and heard the impact of all of these costs and are committed to optimizing these for our clients. Below we itemize these along with a quick example of the pricing impact:
These may feel like specific cases, but these additional costs associated with payments vaults are important to consider and calculate into the total payments stack return. If a vault provider is committed to event-based pricing, then they may be incentivized to maximize the “events” their vault products enact and price out to clients. This can result in a misalignment of interests between merchant and provider and undermine a good working relationship. We believe that vault users are justified in seeking transparency and attribution for all costs they are incurring through their vault. Event-based and bundled pricing models often make this difficult to obtain and act on. Even if this is available, it may be onerous to act on.
Spreedly is addressing this issue with its Advanced Vault by embedding rules and configurations that automatically identify where redundant costs are occurring and taking steps to minimize them. This active approach to managing client vaults automates vault management in significant ways, reducing costs and overhead for clients.
Spreedly’s Advanced Vault offers new levels of value over traditional payment method management. This additional offering transforms the traditional payments vault from a digital storage space into an adaptable, intelligent service that improves transaction success and maximizes the value of your stored payment methods.
“The many complexities associated with payments makes it one of the areas in a business most ripe for efficiency gains,” said Jordan McKee, Research Director for Fintech at S&P Global Market Intelligence. “The most advanced merchants relentlessly pursue efficiencies across all aspects of their payment stack. This includes strategies that optimize the cost of acceptance, simplify payment operations, and provide actionable business insights.”
Built on Spreedly’s PCI-compliant vault, the new offering combines a modern set of features for card lifecycle management and network tokenization with rules and configurations designed to optimize how your payment methods are stored, refreshed and utilized. This new technology will actively monitor and maintain payment methods, enabling customers to:
“It was clear that many of our current customers were incurring increased costs with their payment method retention strategies. The set of tools available, while valuable, required payment teams to create and manage the entire optimization process themselves,” explained Justin Benson, CEO at Spreedly. “Advanced Vault is the latest example of how Spreedly has invested in solutions that optimize payments for customers and enable them to get the most out of their stored payment credentials. We are offering an easy way to incorporate industry best practices while still creating the opportunity for savvy payment teams to add rules and configurations to best meet their unique needs.”
Benefits of the new Advanced Vault offering include:
Payment Method Lifecycle Optimization: Card details are kept up-to-date and “evergreen” using a combination of multiple, redundant AU services and network tokenization when available.
Active Management: Rules and configurations based on industry best-practices offer flexibility to suit each unique organization’s needs. Active management of the payment methods eliminates needless costs and stale entries.
Enrichment of Payment Details: Further expansion of payment attributes including BIN, Payment Account Reference (PAR), fraud integrations, payment method redactions, etc. are being actively added to the solution.
In this eBook, we have delved into the critical nuances of payment vaulting, highlighting the challenges businesses face with traditional methods as they scale. The limitations of generic vaulting solutions, ranging from reduced flexibility and lost revenue to the complexities of managing card updates and diminishing data quality, become more pronounced with organizational growth. This necessitates a shift towards more sophisticated and proactive payment method management systems.
Spreedly’s Advanced Vault represents a strategic response to these challenges, offering a comprehensive and evolved approach to payment data management. It combines essential features such as card lifecycle management and network tokenization with an active management framework. This system goes beyond traditional tokenization and storage, focusing on the optimization of payment methods, reduction of duplicate entries, and application of industry best practices in vault management.
The tangible benefits of adopting such an advanced vaulting are clear. Organizations can achieve significant cost savings, improve the quality of their payment data, and experience lower transaction decline rates. These improvements are crucial for maintaining a competitive edge in today's digital transaction environment, where efficiency, security, and customer experience are paramount.
The shift from basic payment vaulting to more advanced, intelligent solutions is not merely a choice but a strategic necessity for businesses looking to thrive in the digital marketplace. By adopting solutions like Spreedly’s Advanced Vault, businesses can transform their payment vaults from a basic operational requirement into a dynamic tool that actively contributes to their growth and success in the digital commerce landscape.