Securely store payments for a smoother customer checkout experience

Global financial fraud cost victims US$1 trillion in 2023.¹ In the US alone, 80% of organisations were victims of payments fraud attacks or attempts — a 15-point increase from 2022.² As online payment methods continue to evolve, data breaches and fraud will only become more advanced and harder to detect.

That's where payment service providers (PSPs) can help. PSPs provide the tools that businesses need to more securely store customer payment information. These tools include saving payment methods – with or without purchase – using a payment method tokens API. This can help businesses keep payment data secure, better maintain PCI DSS compliance and help mitigate the risk of fraud and data breaches.

Learn more about how to help securely store payments and improve customer experiences at checkout.

What is a payment vault?

A payment vault is a tool that allows you to securely store payments for future use. Most payment vaults allow you to store several types of payment method, such as debit or credit cards. The payment vault allows you to securely store the Primary Account Number (PAN), expiry date, name, and billing address.

What is a payment gateway?

A payment gateway is a digital service that facilitates secure transactions between a business and their bank or payment processor after each purchase. In other words, the payment gateway plays a critical role in ensuring that each customer’s payment information is securely sent out and verified, so the business can get paid.

What’s the difference between a payment vault and a payment gateway? While the payment vault securely stores the customer’s payment information, the payment gateway is responsible for accessing and transmitting that information to the payment processor to help authorise and complete the transaction.

How does tokenisation work?

After storing these payment details securely, the payment vault provides you with a token which is a unique number. This token now acts as a substitute for your customers’ stored payment methods. You use this token for the customers’ repeat transactions. There is no need to ask for payment information again.

As a merchant, you can use this token instead of asking the customer to re-enter a payment method. This token is only tied to your business and can only be used by your business.

Since you are storing only the token and your payment service provider is storing the payment details in the payment vault, you reduce the chance of a data breach. You can also reduce your PCI DSS compliance burden because you are no longer exposed to these risks.

When would you store payment methods in a vault?

There are several instances where you may want to securely store payments. Here are some examples and options:

• When your customer makes a purchase
• When your customer sets up an account for future purchases
• When you offer recurring payments or subscription payments

When your customer makes a purchase

While a customer is making a purchase you can ask the customer if they want to save the payment details for later purchases. In this scenario, the customer will complete the checkout process and agree to have their information stored for future purchases.

When your customer sets up an account for future purchases

In this scenario, when your customer sets up an account without making a purchase, the customer will agree to have their payment information stored in their customer profile for future purchases.

When you offer recurring payments

Setting up recurring payments, such as subscriptions, involves saving a customer's payment method and charging your customer on a scheduled basis.

How does 3D Secure help protect customer payments?

3D Secure (3DS) is a protocol created to protect credit and debit card payments. It helps ensure that businesses use three different domains to verify each transaction — the merchant, card issuer, and interoperability domain — for a more accurate and secure verification process.

When 3DS is enabled, for example, customers may be asked to verify their identity by submitting a passcode sent to their phone. Meanwhile banks can use up to 100 data points — including card network tokens and biometrics — to authenticate transactions, helping to improve checkout experiences for customers and increase authorisations for businesses.

What are PCI DSS compliance requirements?

Businesses must adhere to Payment Card Industry Data Security Standards (PCI DSS) requirements to ensure they’re protecting customer information and safely processing each transaction.

When it comes to storing payment data specifically, businesses should take steps to meet these PCI DSS requirements:

• Install and maintain a firewall configuration for systems that store customer data.
• Protect stored cardholder data using encryption and industry-accepted algorithms.
• Encrypt transmission of cardholder data across open or public networks.
• Restrict digital and physical access to cardholder data by designating authorised users within the organisation.
• Run security and vulnerability tests on your systems to detect weaknesses.

The benefits of storing payments

Vault payment solutions offer many benefits for merchants and their customers, helping to yield more secure and reliable transactions, including:

• Providing a quicker and more seamless checkout experience
• Helping protect sensitive customer payment data
• Helping maintain PCI compliance
• Helping increase repeat customer transactions

Provides a quick and seamless checkout experience

Using a payment vault helps create a fast, convenient, and more seamless checkout experience for returning customers. Customers no longer need to re-enter their payment information. With payment methods safely stored, you can help reduce the steps to purchase, allowing customers to complete their transactions in fewer clicks.

Protects sensitive customer payment data

Safe online payment solutions like the PayPal vault help protect sensitive customer information and help reduce the risk of data breaches. They do this by tokenising and safely storing customer data with the payment service provider.

Helps maintain PCI compliance

Storing payment information with a payment service provider helps businesses meet and maintain the standards set by the PCI DSS Council. According to these PCI compliance standards, merchants must:

• Maintain a secure network
• Protect cardholder data
• Manage and prevent vulnerabilities
• Require authentication for access
• Regularly test and monitor networks
• Set a policy for information security

By using a payment vault, merchants can cede responsibility for PCI compliance standards to their payment service provider. Using a payment vault can also help meet other data privacy standards such as the General Data Protection Regulation (GDPR) in the European Union (EU) and the California Consumer Privacy Act (CCPA).

Helps increase repeat customer transactions

As a merchant, you want a simple and easy purchasing experience for your customers. You want your customers to continue to return to make additional purchases. The payment vault will serve this purpose. You can help reassure your customers that their payment methods are securely stored. Your customers will have a quicker and easier repeat checkout experience.

How PayPal helps keep your payments safe

PayPal provides a range of solutions to help businesses keep their payments safe and help maintain PCI DSS compliance. Businesses can use PayPal’s payment method tokens API to more securely store and encrypt customer information with network tokenisation. In fact, PayPal is one of the largest token service providers in the world, having processed over 1 billion network tokens.

Along with saving payments for future purchases, PayPal helps protect businesses and customers with 24/7 fraud detection, powered by advanced machine learning and analytics. PayPal also offers Seller Protection^* to help reduce the impact of financial losses, handle dispute resolution, and mitigate risk — so you can keep business running smoothly.

To learn more about accepting secure payments with PayPal, speak to our experts at +65-6510-4541.

^* Available on eligible purchases. Limitations apply.