Tokenize cards

Introduction to Payrails Vault

Tokenization refers to the process of collecting sensitive payment information and returning a token that represents this information. When you tokenize with Payrails, we handle the sensitive payment information for you, so responsibility for PCI compliance remains with us. If you want to learn more about tokenization and its benefits, you can refer back to this guide.

There are many ways to use our Token Vault, depending on your needs. Our vault can be used as:

  • An easy-to-implement solution, that you can use solely for managing sensitive data while you manage all your third-party integrations and business decisions on your platform while using the vault as a proxy in any inbound or outbound sensitive data flows.
  • An optimization solution, that you use as part of payment orchestration, tokenizing securely while adding new payment flows and integrations to your platform with one single Payrails integration.
  • Combination of both, according to what is optimal for you.

We recommend consulting our solutions team before choosing one of the options so we can help you decide which one best adapts to your use case.

Tokenize cards

Whether using Payrails Vault as a Token Vault only or tokenization alongside other payment workflows, when it comes to collecting payment data from the users, you will have to select how to pass sensitive data to Payrails.

There are many ways to send card details to Payrails Vault, with varying efforts and PCI scope on your side. We here again recommend consulting our solutions team so we can help you decide which one best adapts to your needs.

Here's a table comparing your options from a high-level perspective:

Tokenization TypeIntegration EffortPCI Scope
Secure FieldsMediumLowest
Client-Side EncryptionMediumMedium
API-onlyHighHigh
ElementsLowLowest
Drop-inLowestLowest

Secure Fields

Secure Fields provides developers with pre-built form fields to securely collect sensitive data from the client side. These fields are hosted by Payrails and injected into your web page as iFrames. This reduces your PCI compliance scope by not exposing your front-end application to sensitive data. Follow the steps below to collect data securely with Payrails Fields on your web page. Check our Secure Fields guide for more detailed information.

Client-Side Encryption

Client-side encryption is used for payment details to be sent directly to Payrails by card details being encrypted on the client side with a public key given by Payrails. The encrypted data is then sent to Payrails and is then tokenized and returned to the client as a Payrails payment instrument. Check our Client-Side Encryption guide for more detailed information.

API-only

If you want full control over collecting card details from your customers and complying with the required level of PCI DSS, you can send card details to us via API. We are following the highest standards in our API in which the card details are encrypted while they travel from your system to Payrails, thus raw card data is not exposed. Check our API-only guide for more detailed information.

Drop-in

Payrails Drop-in is our pre-built UI solution for tokenizing payment methods and accepting payments on your application. Drop-in shows all payment methods as a list, in the same block.

Tokenizing new cards, adding new payment methods, and managing 3D-Secure or APM redirect flows usually don't require more development work than simply integrating our drop-in into your user journey. Check our Drop-in guide for more detailed information.

Elements

Payrails Elements are payment UI components you can assemble together to build a payment form, giving better flexibility than Drop-in with the ability to manage each element separately. Check our Elements guide for more detailed information.

If you want to learn more about storing other payment methods such as Apple Pay, Google Pay, and PayPal, you can refer to their guides.