Securely store payments for a more seamless customer checkout experience

Online businesses want to make it easier for their returning customers to complete purchases and make recurring payments. Providing seamless checkout experiences can help increase revenue and help improve customer satisfaction. At the same time, however, businesses must be sure they are securely storing customer payments to help reduce fraud and protect customer information from data breaches.

According to one study, 80% of U.S. organizations were victims of payments fraud attacks or attempts in 2023 — a 15-point increase from 2022.1 As online payment methods continue to evolve, data breaches and fraud will only become more advanced and harder to detect.

That's where payment service providers (PSPs) can help. PSPs provide the tools that businesses need to more securely store and maintain customer payment information. These tools include vaulting and tokenization, as well as account updater services. By taking these steps to keep payment data secure, businesses can better maintain PCI DSS compliance and help mitigate the risk of fraud and data breaches.

Learn more about how to help securely store payments and improve customer experiences at checkout.

What is an account updater?

Your customers' credit cards and debit cards get lost, stolen or expire all the time. As a merchant, you want to make sure your customers' card information is always updated so that when your customers make a purchase transaction on your website, you can help ensure the transaction will not be declined. However, keeping payment information updated can be time-consuming and costly. Account updater services automatically keep your customers’ card information updated, so you won’t miss a sale due to expired cards.

The difference between payment vaults and account updaters

If you accept cards as a payment method, it is important to understand the difference between account updaters and payment vaults. Payment vaults are used to securely store each customer's payment information so they can use it to make future or repeat purchases. Account updaters, on the other hand, are tools that automatically update customer payment information if a shopper's card is lost, stolen, or expired.

What is a payment vault?

A payment vault is a tool that allows you to securely store payments for future use. Most payment vaults allow you to store several types of payment methods, such as debit or credit cards. The payment vault allows you to securely store the Primary Account Number (PAN), expiry date, name, and billing address.

What is a payment gateway?

A payment gateway is a digital service that facilitates secure transactions between a business and their bank or payment processor after each purchase. In other words, the payment gateway plays a critical role in ensuring that each customer’s payment information is securely sent out and verified, so the business can get paid.

What’s the difference between a payment vault and a payment gateway? While the payment vault securely stores the customer’s payment information, the payment gateway is responsible for accessing and transmitting that information to the payment processor to help authorize and complete the transaction.

How does tokenization work?

After storing these payment details securely, the payment vault provides you with a token which is a unique number. This token now acts as a substitute for your customers’ stored payment methods. You use this token for the customers’ repeat transactions. There is no need to ask for payment information again.

As a merchant, you can use this token instead of asking the customer to re-enter a payment method. This token is only tied to your business and can only be used by your business.

Since you are storing only the token and your payment service provider is storing the payment details in the payment vault, you reduce the chance of a data breach. You can also reduce your PCI DSS compliance burden because you are no longer exposed to these risks.

When would you store payment methods in a vault?

There are several instances where you may want to securely store payments. Here are some examples and options:

  • When your customer makes a purchase
  • When your customer sets up an account for future purchases
  • When you offer recurring payments or subscription payments

When your customer makes a purchase

While a customer is making a purchase you can ask the customer if they want to save the payment details for later purchases. In this scenario, the customer will complete the checkout process and agree to have their information stored for future purchases

When your customer sets up an account for future purchases

In this scenario, when your customer sets up an account without making a purchase, the customer will agree to have their payment information stored in their customer profile for future purchases.

When you offer recurring payments

Setting up recurring payments, such as subscriptions, involves saving a customer's payment method and charging your customer on a scheduled basis.

How does 3D Secure help protect customer payments?

3D Secure (3DS) is a protocol created to protect credit and debit card payments. It helps ensure that businesses use three different domains to verify each transactions — the merchant, card issuer, and interoperability domain — for a more accurate and secure verification process.

When 3DS is enabled, for example, customers may be asked to verify their identity by submitting or passcode sent to their phone. Meanwhile banks can use up to 100 data points — including card network tokens and biometrics — to authenticate transactions, helping to improve checkout experiences for customers and increase authorizations for businesses.

What are PCI DSS compliance requirements?

Businesses must adhere to Payment Card Industry Security Standards (PCI DSS) requirements to ensure they’re protecting customer information and safely processing each transaction.

When it comes to storing payment data specifically, businesses should take steps to meet these PCI DSS requirements:

  • Install and maintain a firewall configuration for systems that store customer data.
  • Protect stored cardholder data using encryption and industry-accepted algorithms.
  • Encrypt transmission of cardholder data across open or public networks.
  • Restrict digital and physical access to cardholder data by designating authorized users within the organization.
  • Run security and vulnerability tests on your systems to detect weaknesses.

The benefits of storing payments

Vault payment solutions offer many benefits for merchants and their customers, helping to yield more secure and reliable transactions, including:

  • Providing a quicker and more seamless checkout experience
  • Helping protecting sensitive customer payment data
  • Helping maintain PCI compliance
  • Helping keep payment details updated
  • Helping increase repeat customer transactions

Provides a quick and seamless checkout experience

Using a payment vault helps create a fast, convenient, and more seamless checkout experience for returning customers. Customers no longer need to re-enter their payment information. With payment methods safely stored, you can help reduce the steps to purchase, allowing customers to complete their transactions in fewer clicks.

Protects sensitive customer payment data

Safe online payment solutions like the PayPal vault help protect sensitive customer information and help reduce the risk of data breaches. They do this by tokenizing and safely storing customer data with the payment service provider.

Helps maintain PCI compliance

Storing payment information with a payment service provider helps businesses meet and maintain the standards set by the PCI DSS Council. According to these PCI compliance standards, merchants must:

  • Maintain a secure network
  • Protect cardholder data
  • Manage and prevent vulnerabilities
  • Require authentication for access
  • Regularly test and monitor networks
  • Set a policy for information security

By using a payment vault, merchants can cede responsibility for PCI compliance standards to their payment service provider. This also includes other data privacy standards such as the General Data Protection Regulation (GDPR) in the European Union (EU) and the California Consumer Privacy Act (CCPA).

Helps keep payment details updated

A payment vault that offers account updater services decreases your chance of missing a sale. Your customers’ credit card and debit card information will automatically be kept up to date.

Helps increase repeat customer transactions

As a merchant, you want a simple and easy purchasing experience for your customers. You want your customers to continue to return to make additional purchases. The payment vault will serve this purpose. You can help reassure your customers’ payment methods are securely stored. Your customers will have a quicker and easier repeat checkout experience.

How PayPal helps keep your payments safe

PayPal provides a range of solutions to help businesses keep their payments safe and help maintain PCI DSS compliance — whether you’re driving purchases online or through PayPal in-store checkout. Businesses can use the PayPal Braintree Vault to more securely store and encrypt customer information with network tokenization. In fact, PayPal Braintree is one of the largest token service providers in the world, having processed over 1 billion network tokens. PayPal’s Account Updater tool also automatically refreshes customer payment data if their card information changes.

Along with vaulting payments for future purchases, PayPal helps protect businesses and customers with 24/7 fraud detection, powered by advanced machine learning and analytics. PayPal also offers Seller Protection to help you avoid chargebacks, handle dispute resolution, and mitigate risk — so you can keep business running smoothly.

Learn more about accepting secure payments with PayPal.

Frequently asked questions

Was this content helpful?

Related content

Sign up for the PayPal Bootcamp.

In partnership with three expert business owners, the PayPal Bootcamp includes practical checklists and a short video loaded with tips to help take your business to the next level.

*Required fields.

If you accept cookies, we’ll use them to improve and customize your experience and enable our partners to show you personalized PayPal ads when you visit other sites. Manage cookies and learn more