What Is a Card Vault?
A card vault is a PCI DSS Level 1 certified environment that stores raw card numbers (PANs) and replaces them with secure tokens. By consolidating all raw card data in one audited vault, merchants remove sensitive data from every other system they operate.
Card Vault: Definition
A card vault (also called a PAN vault or card data vault) is an isolated, heavily hardened system that is the only place raw Primary Account Numbers (PANs) are stored. Every other part of the payment infrastructure interacts with tokens instead of real card numbers, drastically reducing the attack surface and PCI DSS scope.
Isolated PAN Storage
Raw card numbers are encrypted and stored only inside the vault, isolated from every other part of your infrastructure. No other system ever holds the PAN in cleartext.
Token Issuance
For every stored PAN, the vault issues a random token. Merchants and processors use only the token. The vault performs detokenization at the moment of payment processing.
PCI DSS Level 1
The vault is audited annually by a Qualified Security Assessor (QSA) and must satisfy all 12 PCI DSS requirements. This is the highest level of the payment card security standard.
Card Vault Questions Answered
01 What is a card vault?
A card vault is a secure, isolated environment certified to PCI DSS Level 1 that stores raw PANs. The vault issues a random token in place of each PAN. Merchants and processors interact only with the token, keeping raw card data entirely inside the vault.
02 Why do merchants need a card vault?
Storing raw PANs makes every system that touches them in scope for PCI DSS. A card vault consolidates all raw card storage into one heavily audited environment, dramatically reducing PCI DSS scope, lowering audit cost, and eliminating card data from systems not designed to secure it.
03 What is the difference between a card vault and a payment gateway?
A payment gateway routes transactions to acquiring banks. A card vault stores raw card data and issues tokens. They are complementary: the vault holds the PAN and provides a token; the gateway uses that token to authorize the payment. PCI Proxy is a card vault that works alongside any payment gateway.
04 What certifications should a card vault have?
A card vault must be a PCI DSS Level 1 Service Provider. Additional certifications that indicate a high-security vault include ISO 27001, SOC 2 Type II, and GDPR compliance. PCI Proxy holds all of these and operates exclusively from EU data centers.
05 Can I migrate from my current card vault to PCI Proxy?
Yes. PCI Proxy offers a structured vault migration process. We work directly with your existing vault or processor to retrieve and re-tokenize card data without exposing raw PANs at any point. The migration is transparent to end customers and requires no re-enrollment of stored cards.
Store Card Data in a Vault That Never Lets It Out
PCI Proxy's EU-based card vault keeps raw PANs locked away while giving you a secure token you can use with any payment processor.