Storing and securing payment credentials is a critical process in the modern ecommerce infrastructure. A vault that optimizes payment methods offers the ability to accept, store, and automatically update card credentials while minimizing PCI scope. The combination of secure storage and card lifecycle management (i.e. the automated updating of stored card information as they are reissued for any reason) services have worked well together during the surge towards a mobile-first, digital-economy. Entities actively managing these payment credentials have seen a boost to revenue, customer experience, and business intelligence through their implementation.
As critical as this service is in the payments process, we have found that it rarely gets focused attention. The pace of innovation for enriching payment methods has continued at speed, while many organizations that have set up vaulting and basic lifecycle solutions have focused elsewhere. This may be because of the wide availability of basic vaulting solutions, especially those offered by a single payment service provider (PSP). For small-scale merchants and other service providers, payment service providers (PSPs) have made it fast and easy to utilize basic vault and token functionality. Their products operate under the hood of your PSP while keeping your servers free from raw card data and the PCI scope that comes with it.
Complacency around existing vaulting models, especially when looked at against the backdrop of business growth, sophistication, and complexity is something we see more and more at Spreedly. Prevailing conclusions about just how much value can be derived from the vault are based on assumptions that are now years out of date.
It’s amazing to think of how pioneers in card-on-file payments like Amazon, Netflix, Uber - all companies that depend on keeping payment credentials fresh for seamless on demand, recurring, and subscription payments - have spent a decade plus building a vaulting and lifecycle program that is now largely available to merchants through a payments orchestration provider. With over a billion stored payment methods and hundreds of clients across the globe, we believe that the next phase of value through vaulting is upon us.
The Problem with Generic Vaulting
Going direct with a generic vaulting solution, once an easy solution to implement in the short term, ultimately proves a headwind at scale. Maintaining a legacy, low-touch vault provider carries a number of setbacks as an organization grows:
- The lack of ownership over vaulted payment data limits your flexibility as a business and your payments stack to whatever the PSP can currently offer
- Lost revenue due to stale card credentials grows as a portion of revenue and as your revenue grows, that portion becomes harder to ignore
- Account updates to cards become a cost to you and a revenue generator for your vault provider, incentivizing them to maximize card-update responses - even if the response does not actually update your credential on file
- Diminishing quality of your data because of stagnant cards, duplicate cards-on-file, and inability to link a single customer to multiple payment-methods
- Passivity around modern card-features such as network tokenization and lack of enablement in understanding how to put these features to use for your business
What’s missing in this model is not a specific feature, though a commitment to integrating the latest in capabilities is a key determinant of a trusted provider. What is missing is an active component to payment method management – a trusted partnership that allows your payment-storage engine to be fine tuned to the needs of your business. You may have all the right tools in your garage, but if you don’t know how to best use them individually and together, you will never get the best outcomes.
Activating the Vault
Creating a tailored vaulting experience might first look and feel like standard card-storage: cards are secured, PCI requirements are met, and lifecycle functionality (e.g. account updater) is switched on. Where does the active component come in? Let’s start by asking a few questions:
- Does my vault provider offer reporting and recommendations on how my card environment is being managed and what would create more value for me as a customer?
- Do I have the latest update functionality across the networks and the opportunity to provision features like network tokens? If so, does it come with a heavy up-front cost?
- Do I trust my provider to offer vaulting guidance based on how or where I want to process payments? For example, if I am starting to process payments in India, can I automatically redact stored cards to comply with Reserve Bank of India’s guidelines on foreign entities storing card information?
- Am I basically left on my own when it comes to managing and optimizing my vault and stored cards?
- Do they offer a feature sets beyond lifecycle management? Services like Payment Account Reference (PAR) link a customer across payment methods - is the vault an active product with a roadmap?
Are there any surprises as you think about these questions? Basic vaulting and lifecycle functionality may not seem to have changed much, but developments in features and management are growing – so are the opportunity costs of overlooking the vault as a business grows in scale and complexity.
The modern vaulting dilemma – using a staid vaulting approach based on habit and basic functionality – can be overcome by uniting a modern feature set with active management to tailor the vault to the business. We are excited about resetting expectations around vault value and performance and redefining modern vaulting for the decade to come.