Tokenization & PCI Compliance

Hyperswitch provides you with the capability to store your customers cards securely in a centralized PCI DSS Level 1 compliant vault. Our Unified checkout automatically handles saved cards flow. Customers choose the 'Save card details' checkbox while providing their card details for the payment and the transaction is successfully processed while the card is tokenized and stored securely in the card vault.

For a returning customer, our Unified Checkout automatically shows the list of their saved cards from previous sessions if the same customer_id is passed during payments/create API call from your server.

Once the user selects a particular card on the checkout page, the corresponding payment_token is used by Hyperswitch to communicate with the card vault and securely retrieve card information to make the payment.

Vaulting a payment method in non-purchase flows

To save the customer's payment method during account onboarding or in the billing/payment management, use the following API to store the card for future on-session payments.

If you are not able to handle the sensitive payment card info, you can collect it using the Hyperswitch Unified Checkout. Use the client secret obtained from the above API's response to initialise the SDK.

Cards saved using this API will be listed under saved payment methods for future on-session payments for the customers to use.

Migrating your customers’ saved cards from your processors to Hyperswitch

Hyperswitch also supports migrating your customers’ saved cards from your processors’ vaults to Hyperswitch. This process typically involves requesting your processor’s support team to share your customers’ saved cards data to Hyperswitch in a secure file transfer format and may involve sharing Hyperswitch’s PCI DSS certificate with them. Please write to biz@hyperswitch.io to know more and kickstart your card migration process.