Payments vaults are moving to the forefront of many businesses’ customer experience strategies.
Joseph Meuse, vice president of product management at Spreedly, told PYMNTS in a recent interview that vaulting has always been done in some form or another — it’s simply the concept of storing a card.
In their current form, these secure apps store and encrypt consumers’ payment credentials, most notably with network tokens. Among the positive ripple effects: Network Tokenization, he said, is leading to several points’ worth of higher approval rates among issuers and fraud is reduced (and in some cases with the payments networks, there’s a reduction in interchange, so merchants’ margins get a boost).
“But what we’re seeing now is the recognition,” on the part of organizations, “of newer, advanced ways to do that vaulting.”
Vaulting, he said, can be used for far more than just protecting data — it can help a business realize the value of the stored data in other ways.
The same key questions apply as companies mull a variety of vaulting options, Meuse said:
“What are your growth plans as a company? How important is it to you to be able to route [payments] to multiple places? Do you have geographical diversity in your customers?” Companies may opt to use the vaults that are offered up by payment gateways. In other cases, firms may opt to build their own in-house vaults.
There’s also a growing recognition among these enterprises of the compliance and other obligations they take on when building it in-house. Doing so offers a level of personalization, it’s true, but the up-front costs are considerable, and there’s the ever-present challenge of remaining PCI-compliant.
“You’re making a lifetime commitment to security and fraud management,” he said, if the decision is to go it alone. In the meantime, fraud and fraudsters’ attacks — tied to compromised credentials — are inexorably rising, leading to some urgency to find new ways to protect payments credentials.
For forward-thinking firms considering the most time-and-cost-efficient ways of embracing the advantages of vaulting, Meuse said partnerships or outsourcing models are strong options. And while some providers may focus solely on securing credentials, orchestration-focused vault providers recognize that the reason for having a vault is to use that vault for a business purpose — for supporting other business activities. Spreedly, he noted, offers its PCI Level-1 vault that, in turn, allows client firms to own, maintain and organize their payment methods as universal tokens.
“These vaults,” he said, “can include new capabilities, and allow you to not just store the data, but use that data for its maximum potential.” The most effective vaulting strategies ensure that tokens are refreshed every time a card is replaced and updated on a regularly timed schedule.
“Something that we talk a lot about now is payment account reference, or PAR,” he said. Browsers are building out virtual card solutions, which in turn give rise to several “aliases” associated with the same physical card stored in a vault.
Companies will want to tie all those options together, Meuse noted. An omnichannel retail provider or merchant will ideally want to “recognize” that there are several different numbers related to the same physical card. A partnership with a vaulting provider includes that into vaulted data so businesses can use that information for their business processes.
“As an orchestration provider, what we pride ourselves on is the ability to keep your PAN in a secure environment, to enrich it with a network token, and then to intelligently decide on the merchant’s behalf which is the right solution to use under a given scenario. And we will make all that happen on our own, without the merchant having to influence that,” he said.