Data Vault & Tokenisation¶
Spoynt can guarantee to transact payments without confidential data ever touching your servers. Our secure card vault allows you to protect customer data and minimise your PCI DSS requirements.
A data vault is a secure database consisting of a pair of linked tables used for storing information. Typically the data remain in the vault until they need to be retrieved to make a payment, identify an individual, or serve a variety of related tasks. Once the retrieved data has fulfilled its function, they can be returned to the vault for further secure storage.
To enhance security, we recommend using the Card Tokenisation option when creating a payment invoice. In essence, it is one of the critical methods of protection of the users' confidential data at card payments.
Tokenisation payment flow¶
- The payment token itself is the unique string of numbers: a secure identifier generated from data entered by a customer on the Checkout page.
- The token synchronises with the payment invoice data. You store tokens on your side.
- We also link to the token the internal client identifier specified in the invoice (customer reference ID).
- The card's confidential data are securely stored on the Spoynt server, bypassing the repositories of your site.
- The card data is additionally passed via a secure SSL connection to the payment gateway for the transaction. After using tokenisation, you can initiate transactions remotely without having direct access to information about the cardholder, including making a full or partial refund of payments.
Key benefits of the tokenisation use¶
- Payment card data is stored in secure data repositories and synchronised with the tokens stored on your servers
- Removing data from your environment and storing them in credit card vaults reduces the scope of PCI compliance
- We generate tokens using proprietary algorithms, and they cannot be mathematically decoded from the outside
- The token format is optimal for storing confidential data
- Tokenised data supports all type of transactions and processing models, including one-time authorisation, invoicing, recurrent billing and subscription, credit and partial credit, re-authorisation and issuing a statement
- Tokenisation makes the theft of payment data meaningless to hackers and fraudsters because even by hacking your server, they get a set of digital codes, not card data
- You can reconcile payments without processing card data
Enable card tokenisation
Send a request to our support if you need tokenisation for card payments.