Announcing Payment Method Distribution: Send Card Data to Non-Gateway Endpoints

Posted on April 30, 2014 Ryan Daigle

Spreedly is an independent, Level 1 PCI compliant, credit card vault that lets you store credit card data and transact against over 60 supported gateways. Our focus is to create a bridge between new startups/services and the existing payment infrastructure without the burden of being in full PCI compliance scope – and today we’re pleased to announce you can do even more with your vault.

Our new Payment Method Distribution feature lets you use the card data stored in your Spreedly vault to transact against any PCI-compliant endpoint in verticals such as travel, ticketing and retail. This self-service feature immediately and exponentially expands the financial integrations available to you and your customers – all while keeping you insulated from PCI compliance concerns.

“We’ve been wanting to build this feature for years. Until Spreedly, there was no way we could do it without going through the hassle and expense of PCI-compliance,” says Eric Waller, CTO of SeatGeek. “We had our first integration up in a matter of days, rather than the months it would’ve taken to build and certify our own vault.”

How it Works

In a typical gateway transaction with Spreedly, you specify the gateway to transact against, the payment method token to be used, and any relevant transaction-specific details (purchase amount, capture reference, etc.). We’ve designed Payment Method Distribution to work in much the same way. The only material difference is the request is sent to what we call a “Receiver,” which is simply a non-gateway target.

To initiate payment method distribution, send Spreedly the details of the request (the URL endpoint, required headers, and request body) and Spreedly will add in any sensitive card data before executing the final request against the Receiver directly.

Think of Spreedly as a simple proxy for your interaction with the Receiver. We’ve designed the Payment Method Distribution process to be as flexible as possible, allowing you to interact with any API that accepts card data.

Busbud, Addressing New Markets

We’re really excited about Payment Method Distribution, because it makes the impossible possible. Consider one of our early beta customers, Busbud.

Busbud is an international bus travel platform for finding and booking city-to-city bus tickets, gathering schedules for over 10,463 cities in 89 countries, in 10 languages and supporting 15 currencies. While you as a customer are only concerned with getting from city to city, Busbud has to purchase tickets from any number of independent bus companies in order to fulfill your travel plans, end to end.

One option for Busbud is to directly transact against its partner companies’ merchant accounts when purchasing tickets for customers. However, many companies aren’t comfortable releasing those credentials, and this process bypasses the checks and balances of a well-structured integration. With Payment Method Distribution, Busbud is able to send its customers’ payment information directly to each company’s booking API at the time of purchase. This allows Busbud to integrate with a variety of travel companies, via a well-regulated process, and provide a more compelling service to its customers.

“Our business hinges on the ability to attract and integrate with bus operators all over the world,” says Mike Gradek, co-founder and CTO of Busbud. “Using Spreedly means that we can quickly and securely onboard new operators.”

Supporting your Receiver

Integrating with your Receiver from Spreedly is simple. Because payment methods can only be distributed to PCI-compliant endpoints, new Receivers must be approved and white-listed before they can be used with real card data. However, this is a very low-overhead process and we encourage you to contact us if you’d like to see support added for one of your required endpoints.

As the number of general-purpose receivers grows, we’ll publish a catalogue for an even more frictionless discovery and provisioning process.

Summary

In our experience, confining yourself to a single gateway is extremely limiting. The needs of your business change over time, and gateway-specific vaults are a form of vendor lock-in with your most valuable data. Spreedly breaks this lock-in by providing a gateway-agnostic vault and, today, further liberates your card data with Payment Method Distribution.

Sign up for blog post updates

Get notified about new Spreedly articles on PCI compliance, gateways, & more.

Categories

Archives