Published: October 28, 2024
Reading time: 3 minute read
Written by: Galit Shani-Michel

At the Merchant Advisory Group (MAG) conference in September, I had the pleasure of sharing insights on how merchants can better optimize their card vaults. 

Card vault management is crucial for businesses that handle recurring payments, store card-on-file for future transactions, or simply want to enhance customer experience by streamlining the checkout process. However, managing these card vaults is complex — and comes with decisions that can significantly impact your business.

Internal vs. External Vaults

For many merchants, the top priority of card vaulting is to balance control and security. Today, merchants typically manage their card vaults in one of three ways: maintaining an internal vault, outsourcing to their payment processor, or using a third-party vault provider. 

Maintaining an internal vault gives merchants full control but requires significant investment in infrastructure and PCI compliance. This is an expensive solution for merchants to take, and also means any risk or liability of a data breach is squarely on their shoulders.

In contrast, outsourcing to a payment processor shifts the responsibility for security and compliance to the processor, but reduces control — often through tokenization and encryption solutions that only work with that processor’s set of payment services.

As a result, many merchants are turning to third-party vault providers, which offer a more flexible solution. These providers allow merchants to retain control over their card processing paths while leveraging external expertise for security and compliance.

Card Vaulting Capabilities 

When building your card vaulting strategy, it’s critical to have the right capabilities in place for optimal security, control, and performance. I view these capabilities as progressive levels: 

  • Level 1 represents base requirements
  • Level 2 offers essential enhancements
  • Level 3 focuses on advanced optimizations

Level 1: Technology and Security Capabilities

These core features are fundamental to maintaining control and security over your card vault:

  • High Availability: Ensure low latency, high throughput, and contractual uptime commitments for uninterrupted service.
  • Hosted Fields/Checkout Pages: Securely capture payment details within the merchant’s desired customer experience, while minimizing PCI compliance scope.
  • Forward Proxy: Enable routing flexibility to use multiple processors or services without having to expose sensitive PCI data to the merchant’s ecosystem.

Level 2: Lifecycle Management Capabilities

The next critical step is keeping your card vault updated, ensuring seamless checkout even when customers receive new payment cards from their bank. This is especially important for subscription merchants, where failed payments can result in lost recurring revenue via involuntary subscription churn. Merchants should consider the following: 

  • Network Tokens: Provision network tokens in addition to card numbers in the vault for added security and the ability to automatically receive “pushed” card updates from the banks whenever there is a card change available. 
  • Account Updater Services: Ensure batch and real-time account updates are available to keep card details current and reduce transaction failures.

Level 3: The Emerging Role of AI & ML

The final level focuses on how AI and machine learning can further optimize your vault. By intelligently deciding when to use network tokens or update credentials, merchants can improve authorization rates while reducing costs.

  • Optimal Credential: Determine whether to leverage Network Tokens, Credit PAN, or Pinless Debit PAN for each transaction, maximizing conversions and minimizing costs.
  • Least Cost Refresh: Only update credentials that are likely to be used, reducing unnecessary refresh costs.

Key Takeaways

As you refine your card vaulting strategy, focus on creating a secure, flexible foundation that supports both operational efficiency and customer satisfaction. Prioritize control, seamless updates, and intelligent optimizations to unlock the full potential of your vaulting approach. Key points to consider include:

  • Ensuring flexibility and control, no matter where your vault is located
  • Optimizing Network Tokens and Account Updater services to keep active cards updated
  • Leverage AI and machine learning to reduce costs and improve authorization rates

Jeff Hallenbeck currently serves as the Global Head of Payments for Forter, where he is focused on building unique payment products and partnerships on behalf of Forter customers with a goal of connecting the right data points with issuing banks to maximize approvals and eliminate fraud from the ecosystem.

3 minute read