Online businesses want to make it easier for their returning customers to complete purchases and make recurring payments. Providing seamless checkout experiences can help increase revenue and help improve customer satisfaction. At the same time, however, businesses must be sure they are securely storing customer payments to help reduce fraud and protect customer information from data breaches.
According to one study, 80% of U.S. organizations were victims of payments fraud attacks or attempts in 2023 — a 15-point increase from 2022.1 As online payment methods continue to evolve, data breaches and fraud will only become more advanced and harder to detect.
That's where payment service providers (PSPs) can help. PSPs provide the tools that businesses need to more securely store and maintain customer payment information. These tools include vaulting and tokenization, as well as account updater services. By taking these steps to keep payment data secure, businesses can better maintain PCI DSS compliance and help mitigate the risk of fraud and data breaches.
Learn more about how to help securely store payments and improve customer experiences at checkout.
Your customers' credit cards and debit cards get lost, stolen or expire all the time. As a merchant, you want to make sure your customers' card information is always updated so that when your customers make a purchase transaction on your website, you can help ensure the transaction will not be declined. However, keeping payment information updated can be time-consuming and costly. Account updater services automatically keep your customers’ card information updated, so you won’t miss a sale due to expired cards.
If you accept cards as a payment method, it is important to understand the difference between account updaters and payment vaults. Payment vaults are used to securely store each customer's payment information so they can use it to make future or repeat purchases. Account updaters, on the other hand, are tools that automatically update customer payment information if a shopper's card is lost, stolen, or expired.
A payment vault is a tool that allows you to securely store payments for future use. Most payment vaults allow you to store several types of payment methods, such as debit or credit cards. The payment vault allows you to securely store the Primary Account Number (PAN), expiry date, name, and billing address.
A payment gateway is a digital service that facilitates secure transactions between a business and their bank or payment processor after each purchase. In other words, the payment gateway plays a critical role in ensuring that each customer’s payment information is securely sent out and verified, so the business can get paid.
What’s the difference between a payment vault and a payment gateway? While the payment vault securely stores the customer’s payment information, the payment gateway is responsible for accessing and transmitting that information to the payment processor to help authorize and complete the transaction.
After storing these payment details securely, the payment vault provides you with a token which is a unique number. This token now acts as a substitute for your customers’ stored payment methods. You use this token for the customers’ repeat transactions. There is no need to ask for payment information again.
As a merchant, you can use this token instead of asking the customer to re-enter a payment method. This token is only tied to your business and can only be used by your business.
Since you are storing only the token and your payment service provider is storing the payment details in the payment vault, you reduce the chance of a data breach. You can also reduce your PCI DSS compliance burden because you are no longer exposed to these risks.
There are several instances where you may want to securely store payments. Here are some examples and options:
While a customer is making a purchase you can ask the customer if they want to save the payment details for later purchases. In this scenario, the customer will complete the checkout process and agree to have their information stored for future purchases
In this scenario, when your customer sets up an account without making a purchase, the customer will agree to have their payment information stored in their customer profile for future purchases.
Setting up recurring payments, such as subscriptions, involves saving a customer's payment method and charging your customer on a scheduled basis.
3D Secure (3DS) is a protocol created to protect credit and debit card payments. It helps ensure that businesses use three different domains to verify each transactions — the merchant, card issuer, and interoperability domain — for a more accurate and secure verification process.
When 3DS is enabled, for example, customers may be asked to verify their identity by submitting or passcode sent to their phone. Meanwhile banks can use up to 100 data points — including card network tokens and biometrics — to authenticate transactions, helping to improve checkout experiences for customers and increase authorizations for businesses.
Businesses must adhere to Payment Card Industry Security Standards (PCI DSS) requirements to ensure they’re protecting customer information and safely processing each transaction.
When it comes to storing payment data specifically, businesses should take steps to meet these PCI DSS requirements:
Vault payment solutions offer many benefits for merchants and their customers, helping to yield more secure and reliable transactions, including:
Using a payment vault helps create a fast, convenient, and more seamless checkout experience for returning customers. Customers no longer need to re-enter their payment information. With payment methods safely stored, you can help reduce the steps to purchase, allowing customers to complete their transactions in fewer clicks.
Safe online payment solutions like the PayPal vault help protect sensitive customer information and help reduce the risk of data breaches. They do this by tokenizing and safely storing customer data with the payment service provider.
Storing payment information with a payment service provider helps businesses meet and maintain the standards set by the PCI DSS Council. According to these PCI compliance standards, merchants must:
By using a payment vault, merchants can cede responsibility for PCI compliance standards to their payment service provider. This also includes other data privacy standards such as the General Data Protection Regulation (GDPR) in the European Union (EU) and the California Consumer Privacy Act (CCPA).
A payment vault that offers account updater services decreases your chance of missing a sale. Your customers’ credit card and debit card information will automatically be kept up to date.
As a merchant, you want a simple and easy purchasing experience for your customers. You want your customers to continue to return to make additional purchases. The payment vault will serve this purpose. You can help reassure your customers’ payment methods are securely stored. Your customers will have a quicker and easier repeat checkout experience.
PayPal provides a range of solutions to help businesses keep their payments safe and help maintain PCI DSS compliance — whether you’re driving purchases online or through PayPal in-store checkout. Businesses can use the PayPal Braintree Vault to more securely store and encrypt customer information with network tokenization. In fact, PayPal Braintree is one of the largest token service providers in the world, having processed over 1 billion network tokens. PayPal’s Account Updater tool also automatically refreshes customer payment data if their card information changes.
Along with vaulting payments for future purchases, PayPal helps protect businesses and customers with 24/7 fraud detection, powered by advanced machine learning and analytics. PayPal also offers Seller Protection to help you avoid chargebacks, handle dispute resolution, and mitigate risk — so you can keep business running smoothly.
Learn more about accepting secure payments with PayPal.
In partnership with three expert business owners, the PayPal Bootcamp includes practical checklists and a short video loaded with tips to help take your business to the next level.
We use cookies to improve your experience on our site. May we use marketing cookies to show you personalized ads? Manage all cookies