Payment 101: Tokenisation & Vaulting

In traditional banks, vaults have been used for centuries to protect cash and valuables from theft, but how do you protect intangible things, like data?

Security is a vital part of any digital business and is especially important when handling personal and financial data. Payment Orchestration enables the secure capture and storage of customers' payment details for a frictionless experience that provides a complete peace of mind.

The word vault may conjure images of impenetrable walls and an armoured door closed with a complex lock. But safeguarding digitised information calls for a different kind of vaulting…

Tokenisation vs Encryption

Tokenisation is the first step to protecting payment data. It swaps out sensitive data, like card details or bank account numbers, with a randomised number that has no intrinsic value of its own.

This is different from encryption, where a number is mathematically changed but its initial pattern is still stored within the new code. Encrypted data or information can be decrypted with the help of the appropriate key, but tokens can’t be reversed because there is no mathematical relationship between the token and its original number.

The global tokenisation market size was valued at USD 2.03 billion in 2021 and is expected to expand at a compound annual growth rate (CAGR) of 24.09% from 2022 to 2030.

What makes the tokenisation service of a Payment Orchestrator like CellPoint Digital so useful, is it’s independent from single payment service providers (PSP), so allows you to use the same tokens with different providers. This provides flexibility, efficiency and reduced time to market.

Tokenisation works to not only increase security for sensitive data, but also cut down on compliance scope and associated costs.

Keeping you compliant

To ensure sensitive payment data is stored securely, strict regulations need to be met and a PCI-DSS Level 1 certified environment is a prerequisite. But putting this infrastructure in place is a costly and complex undertaking, so many businesses rely on their PSPs to store this data.

Like all PSPs, Payment Orchestration Platforms (POPs) must meet PCI compliance and other security requirements for digital payments. Our platform, Velocity, is built on PCI-compliant vaults, which reduces the compliance scope for our customers. We also stay up-to-date with the latest security rules, so you’ll always be compliant with any PSP you use.

CellPoint Digitals tokenisation service frees you from the concerns associated with storing sensitive data yourself, and means future transactions can be completed using the token created initially, without the customer having to re-enter their payment details. Storing payment data this way is known as ‘vaulting’.

The 21st century vault

All merchants want to make it as easy as possible for their customers to checkout the next time they shop, ideally by remembering the customer’s payment details.

Recent statistics show that 26% of online shoppers abandon their carts when the checkout process is too long or too complicated. Another 7% will exit if the site doesn't offer their preferred payment method. One-click checkout eliminates both these problems. Customers are offered the option of storing their payment data to make it much easier to complete subsequent purchases.

The data can be held by the company at its own storage vault, but storing customer credit card data in-house is expensive and the cons of building your own data storage vault outweigh the pros.

Saving payment preferences and vaulting cards using Velocity not only means instant PCI compliance, it goes one step further by routing a payment via the optimised payment channel.

So, if a customer card gets vaulted, and that card fails via one gateway, an alternative gateway is used to process the card successfully. Routing payments made with vaulted cards also comes into play if the rates with a cross border payment provider have been reduced, to prioritise this routing over another provider.

Vaulting and tokenisation are among the most widely demanded Payment orchestration services. At CellPoint Digital we provide a secure, PCI-compliant payment vault that enables you to easily capture, store and transact utilising centralised tokenisation. It gives you the flexibility to move and adjust your vaulting strategy while managing your customers’ vital payment data.

In the next blog we’ll stay on the topic of data, and look at Payment Orchestration’s role in data aggregation and reconciliation.

Have questions about your payment ecosystem?

Reach out to our experts below to set-up an introductory conversation about how we can improve your profits through payment orchestration.