Payment lifecycle management comes down to two factors: availability and compliance. You need your customers’ bank account or credit card details readily available to keep payments flowing. At the same time, you must meet industry standards and legal requirements for handling sensitive data.
The Checkout.com Vault is a fully compliant way to optimize repeat customer payments. You can now use it to store payment details, whether or not you’re using us for acquiring.
But the Vault does a whole lot more for merchants than simply storing credentials. It can increase acceptance rates, improve profitability, and strengthen customer loyalty. One way it does this is to automatically update payment details. That means a lower chance of failed payment collection due to an expired card or frozen bank account.
Furthermore, the Forward API allows greater flexibility in asset use. It enables merchants to access payment instruments (or customers’ secured personal data) on demand for use in third-party services.
This article will cover the beneficial functions and best use cases for a payment vault.
What is a token vault?
Sometimes you’ll hear a payment vault referred to as a “token vault”. The reason is, one of the data types it can hold is a PCI token (also known as a card token). This is essentially a string of characters that references sensitive customer data.
A token vault – also known as a payment vault or a credit card vault – is a safe repository for sensitive payment details that can only be accessed by secure API.
It’s a digital location for tokenized payment credentials (and sometimes other data, such as customer reference numbers). It’s typically run by a specialist financial institution, rather than a merchant. The vault owner meets multiple security and regulatory requirements, offering use of its vault as a service, thereby freeing merchants from the burden of PCI compliance at level SAQ D.
How to use a vault in payments
Instead of storing customer payment data on your own servers, you can contract a third party to do it for you. This is sometimes referred to as a payment vault service. Not directly handling customers’ primary account number (PAN) during the payment flow ensures you remain at lower levels of PCI and other relevant regulations.
Here are the steps of using the Checkout.com Vault in your transaction lifecycle:
- Payment details (PAN) captured via a Checkout.com payment gateway integration or standalone endpoint.
- Checkout.com creates a Payment Instrument via the Checkout.com API. It’s then stored in the Vault, and assigned a particular ID.
- The token is used in the payment, instead of the customer’s PAN.
- The Checkout.com Real Time Account Updater automatically checks for updated card details (for instance, if the customer’s card is lost or expired).
- The rest of the transaction lifecycle takes place.
- Response delivered to the merchant. Additional data are available through API requests, to guide retry strategy if the payment fails.
You can also request the Payment Instrument for use in third-party services at any time via the Forward API.
Here’s an illustration of the Payment Instrument creation, storage and retrieval flow:
How does the Checkout.com Vault benefit merchants?
The Vault helps you to manage recurring payments in an efficient and scalable way. Its availability as a standalone service or integrated with the wider Checkout.com product suite is a useful opportunity to customize your payments flow.
You can store multiple types of payment data, including ACH or SEPA details, bank account information, as well as credit and debit card numbers. The Vault enriches the data you submit with contextual information that defines the possible uses of the payment credentials. The latest underlying card metadata will be applied at the point of use (i.e. for a transaction) to maximize the chance of acceptance.
Cost-effective payment data management
As you scale your business, it’s easy to find yourself with tokens stored in multiple locations. This can spiral into complexity debt, which tends to come with extra costs. Consolidating your sensitive customer data storage into the Checkout.com Vault can reduce overheads and improve the profitability of your payment processing.
Flexible credential storage
When you’re redesigning your payments infrastructure, the Checkout.com Forward API allows you to call upon enriched customer data for use in a range of other services. These could include fraud management, 3D Secure authentication, or using multiple payment service providers. Such flexibility is essential for businesses that scale and adapt in competitive markets and international geographies.
Simplified compliance
The resources it takes to meet financial industry regulations seem to increase year-on-year. When you’re looking to expand revenue operations and make sales in new geographies, compliance efforts could slow you down to a financially crippling pace. With a widely reported skills shortage in compliance and risk management, you could face long-term headwinds if you attempt to bring too much of your payment processing in-house.
Checkout.com is fully certified as a secure payment processor, which means Vault significantly reduces your workload for financial compliance. You only need to satisfy PCI SAQ-A to process payments with vaulted credentials.
Customer loyalty
Believe it or not, the payment experience can play a significant role in conversion and repeat custom. Our research found 58% of consumers were permanently deterred from returning to a website or app because of an overly complex and slow authentication process. The Vault eliminates the need for returning customers to enter their payment details multiple times.
You can also use the Forward API to connect customer payment credentials with rewards programs and loyalty schemes. The payment data stored in the Vault can be connected with custom metadata, allowing you to assign loyalty points based on spending.
Connect the Checkout.com Vault to your payments stack
We’re on a mission to improve your payment performance: increasing your acceptance rates, automating compliance, and strengthening profitability for your business. The Vault transfers the burden of PCI DSS compliance to us, so your payments are secure and safe.
If your engineers are curious about the API mechanism for token storage and retrieval, our API reference documentation is available to read.