Payment data portability is one of the most underestimated problems in digital payment management. Anyone managing subscriptions, card-on-file or recurring payments accumulates over time an archive of card data that represents a real business asset. When the time comes to switch gateway or PSP to improve contractual conditions, reduce fees or access new markets, they discover that this data is trapped in the current provider's infrastructure.
The vendor lock-in problem with stored card payments
When a merchant stores card data directly with their PSP or gateway, PANs are kept in the provider's vault. The merchant receives proprietary tokens that only work with that provider: they are tied to the specific infrastructure and cannot be used with a different PSP. To migrate, the merchant would need to request the transfer of PANs in cleartext, which implies a complex and costly process that many providers deliberately make difficult.
Transferring PANs between providers is technically possible but requires an agreement between both parties, specific security procedures for transit (encryption with temporary keys, dedicated channels) and, often, QSA supervision. Timelines are measured in weeks or months. Meanwhile, active subscriptions continue to work only with the original provider: service interruption during migration is a real risk that pushes many merchants to give up switching even when it makes economic sense.
How card data migration between PSPs works
The standard process involves: formal request to the current PSP for release of encrypted PANs, agreement on encryption protocols with the destination PSP, transfer in an agreed format (typically a file encrypted with an asymmetric key), import into the new provider's vault and data integrity verification. Each PAN must then be reassociated with customer profiles in the merchant's system. If during migration a recurring transaction is processed, the merchant must manually manage which system is authorised to process it.
The cost of migration is not only technical. There is the risk of errors during transfer, the possibility that some PANs have expired or are no longer valid, and the problem of automatic card updates that during the transition period are not applied consistently. For subscriptions with high volumes, even an error on a few percentage points translates into immediate churn and revenue loss.
Processor-agnostic tokenization: the freedom to switch
The structural solution to the vendor lock-in problem is to separate the card data vault from the payment PSP. With PCI Proxy EU, PANs are stored in an independent vault and the merchant receives tokens that belong to them, not the gateway. When they need to process a payment, the merchant passes the token to PCI Proxy EU which converts it to the PAN and sends it to the chosen PSP for authorisation. The vault remains the same regardless of how many PSPs are used or changed over time.
This approach also allows using multiple PSPs simultaneously: intelligent routing based on currency, transaction cost, availability or conversion rate, without duplicating the card data archive. Tokens are portable because they are not tied to any specific provider. Switching PSP means only updating the routing configuration in the vault, not migrating PAN databases. Customers notice nothing.
Frequently asked questions
Can I request my PANs from the current PSP to migrate them?
Technically yes, but it depends on the contract and provider availability. Many PSPs allow it on formal request, but the process requires specific transfer security agreements and generally implies costs. Some providers are explicitly restrictive on this point as a retention strategy. Before signing with a new PSP, always verify the contractual terms for data portability.
What happens to active subscriptions if I switch gateway?
If card data is stored in the current gateway's vault, subscriptions continue to work only with that gateway until migration. In the transition period, two parallel archives are created: old cards on the original gateway, new ones on the destination gateway. This scenario must be managed carefully to avoid missed charges. With an independent vault like PCI Proxy EU, the problem does not exist: the token remains valid regardless of the gateway.
Does PCI Proxy EU work with all PSPs?
PCI Proxy EU is designed to be processor-agnostic: it works with any PSP that accepts a PAN as input for authorisation, which covers the vast majority of European and international providers. Integration happens via standard APIs and does not require specific agreements with the destination PSP. For PSPs using proprietary end-to-end tokenization, compatibility must be evaluated on a case-by-case basis.
Your tokens, your PSP: switch when you want without complex migrations. Discover PCI Proxy EU.