Token Vault

For merchants, handling payment data securely to meet compliance standards and the security of the payment data are must, while ensuring a smooth payment experience is as critical. Token vaults simplify this process by storing sensitive payment data as secure tokens, allowing merchants to process transactions without ever touching the sensitive card details. This approach not only strengthens security but also enhances flexibility, scalability, and compliance in payment workflows.

Tokenization and detokenization via Payrails Vault ensures that sensitive information stays protected in a PCI-DSS Level 1 compliant Vault, while still allowing merchants the flexibility in their payment workflows.

What is tokenization?

Tokenization refers to the process of collecting sensitive payment information and returning a non-sensitive value (usually named as token reference or alias) that represents this information. When you tokenize with Payrails, we collect and store the sensitive payment information for you, so responsibility for PCI compliance remains with us.

What is detokenization?

Detokenization is the process of retrieving the original sensitive payment data using its non-sensitive reference. When a merchant needs to use the actual card details, such as for sending a request to a third-party service, Payrails securely resolves the token and sends the sensitive data to the intended destination without exposing it to the merchant's systems.

Payrails Token Vault

With our Payrails PCI-DSS Level 1 compliant vault, you can tokenize and detokenize your customers' payment information and minimize your PCI scope.

100% PSP agnostic

Payrails Token Vault allows you to switch between any payment service providers at any time, without disrupting your customer experience or facing technical hurdles. Because your token vault is independent of any single payment processor, you’re not locked into any one provider—this means you can take advantage of better rates, improved service, or new features from other providers at any time.

For your returning customers you can use stored payment methods for a smoother checkout experience, use tokenized payment methods which are the best performing in subscription or recurring payment scenarios (particularly when used with network tokens), and enable users to manage their saved cards and have control over their sensitive information.

Connect to any third-party service and proxy sensitive data

Payrails Vault enables you to securely receive and send tokenized data to a variety of third-party services—not just PSPs—without exposing sensitive information to your systems.

Whether it's fraud prevention tools, online travel agencies, channel managers, property management systems, loyalty platforms, other external token vaults, or internal systems, you can configure proxy connections to route sensitive data securely and stay out of PCI scope.

How to use Payrails Token Vault?

There are 2 main alternatives to use Payrails Token Vault:

  1. Token Vault as a standalone module:

In the case that you want to manage third-party integrations within your system, such as payment providers or your travel partners, but only use our Vault for the storage and processing of the sensitive data via Payrails Vault, you can use our Vault as a proxy which collects the sensitive data via our SDKs and proxy connections with third parties, and pass the sensitive information to third parties without ever touching the sensitive data. If this is what you need, you will tokenize records in our vault.

You can tokenize any type of records, such as cards, network tokens, or a custom set of data that you would like to tokenize. You can use our secure SDK or proxy connections to store any data, and detokenize them when using in outbound connections with third parties or display them in our secure SDK. You can read more about records and about proxy connections and how to use them in our guides.

If you start using our Vault as a standalone module, you can always start using our other modules later, such as payment orchestration or analytics, at any moment in time.

  1. Token Vault as part of payment orchestration:

In this option, you integrate with our payment orchestration platform, where you have one single API integration to the Payrails API, which, in the background, Payrails manages all the provider integrations for you in a PSP-agnostic way. If this is your intention, you will be tokenizing payment instruments that are fully compatible with our payment orchestration platform.

You can see how to tokenize a user’s card information as a payment instrument in tokenize payment instruments guide. After a user’s payment information is tokenized with Payrails, Payrails will return to you a payment instrument ID, which is a non-sensitive ID that you can use to refer to the actual instrument stored in our vault at any time. With instruments, we handle the complexity of using this information to make payments across different providers or networks. You only store a single Payrails payment instrument to process future payments, while we link all tokens to the instrument in which we orchestrate them in an optimized and configurable way. Read more about payment instruments and statuses in our guide to manage instruments.

It is also possible to use both integration methods at the same time, if your business needs require that. Our solution engineers, before your integration phase, will work with you to understand your goals and your current flows to propose the best design solution for you.