Tokenization & PCI Compliance
Store your customers cards securely in a centralized and PCI compliant vault
Last updated
Store your customers cards securely in a centralized and PCI compliant vault
Last updated
In this section, you will learn how to store your customers cards securely and use them on subsequent payments
Hyperswitch provides you with the capability to store your customers cards securely in a centralized PCI DSS Level 1 compliant vault. Our Unified checkout automatically handles saved cards flow. Customers choose the 'Save card details' checkbox while providing their card details for the payment and the transaction is successfully processed while the card is tokenized and stored securely in the card vault.
For a returning customer, our Unified Checkout automatically shows the list of their saved cards from previous sessions if the same customer_id
is passed during payments/create API call from your server.
The list customer payment methods API is used here which retrieve the list of cards saved against that customer in a tokenized form. These payment_tokens can then be used to confirm a payment. (API Reference)
Once the user selects a particular card on the checkout page, the corresponding payment_token
is used by Hyperswitch to communicate with the card vault and securely retrieve card information to make the payment.
To save the customer's payment method during account onboarding or in the billing/payment management, use the following API to store the card for future on-session payments.
If you are not able to handle the sensitive payment card info, you can collect it using the Hyperswitch Unified Checkout. Use the client secret obtained from the above API's response to initialise the SDK.
Cards saved using this API will be listed under saved payment methods for future on-session payments for the customers to use.
Hyperswitch also supports migrating your customers’ saved cards from your processors’ vaults to Hyperswitch. This process typically involves requesting your processor’s support team to share your customers’ saved cards data to Hyperswitch in a secure file transfer format and may involve sharing Hyperswitch’s PCI DSS certificate with them. Please write to biz@hyperswitch.io to know more and kickstart your card migration process.