What is PCI Proxy

What is a PCI Proxy?

A service that collects card data on your behalf, keeps it secure, and gives you a token instead of the card number.

You point the way

We secure custody

Token instead of card

Customer pays 4111 •••• •••• 1234

We secure the card PCI DSS Vault

You receive a token tok_••••_abc123

Workflow

How a PCI Proxy works, in 4 steps

You tell us where to collect the customer's card data, we store it in a PCI DSS vault and give you a token — eliminating the cardholder data environment from your scope. PCI Proxy is tokenization as a service: the vault, the encryption, and the compliance stay with us. For technical details, see how it works.

You tell us where to go

You tell us where to collect card data: on your website, via API, or over the phone in your call center.

The customer enters their card

The customer pays. Card data comes to us, not to your servers, databases, or logs.

We store and tokenize

We store the card in a certified PCI DSS vault and give you a token instead of the card number.

You use the token

Instead of the card number you receive a token. Only that appears in your systems, never the raw card data.

Where you use it

Where to use a PCI Proxy: e-commerce, call center, API — and reduce your cardholder data environment

The same mechanism applies wherever you collect a card: only the channel changes, not the concept. See all use cases.

E-commerce and online checkout

The customer pays on your site. The card goes to us, only the token stays in your database.

Call center and phone payments

The agent enters the card in a secure form. It never passes through your CRM or call recordings.

Apps and API integrations

Your application sends card data to us via API and receives a token to store.

Invoices and payment links

You send a link to the customer or record a B2B order: the card enters the secure flow, you receive the token.

Comparison

PCI Proxy and payment gateway: what's the difference

You often use them together: the gateway processes the payment, PCI Proxy keeps card data secure. They're not the same thing. Learn more about card tokenization.

2 roles

gateway + PCI Proxy

The gateway processes the payment. PCI Proxy keeps card data secure. You use them together.

Any PSP

Stripe, Adyen, Nexi…

Works with the processor you use today or the one you'll choose tomorrow

Feature	Payment Gateway	PCI Proxy
Processes payments	Yes	No
Tokenizes card data	Sometimes	Always
Removes card data from your systems	Partially	Significantly
Works with any PSP	No, vendor lock-in	Yes
Integrates via API	Varies	Yes
Works for phone / call center	Rarely	Yes

After the token

What you can do with the token

Day-to-day operations after tokenization, without ever seeing the card number.

Recurring charges

Save the token on the first payment and reuse it every month for subscriptions or automatic invoices.

Refunds

Send the token when you need to refund. We retrieve the card from the vault and pass it to the PSP.

Switch PSP

Tokens stay yours. You can switch from Stripe to Adyen (or vice versa) without asking customers for their card again.

CRM and ERP

Your business software stores only the token, not the card number. Less risk, fewer PCI obligations.

Impact

PCI DSS: with PCI Proxy vs. without

The numbers that matter: pci compliance cost, time, and risk with and without PCI Proxy. Cardholder data protection becomes our responsibility — your PCI DSS requirements shrink to SAQ A. Read the guide to PCI DSS compliance.

SAQ D SAQ A

PCI questionnaire

From SAQ D (hundreds of controls) to SAQ A (a few dozen)

€150k €10k

Annual audit cost

Often reduced by over 90%

12 months Days

Time to compliance

Integration in days, not months

Dimension	Without PCI Proxy Card data in your systems	With PCI Proxy RECOMMENDED
Card data in your systems	Yes, card numbers in servers, databases, and logs	No, tokens only
PCI questionnaire (SAQ)	SAQ D, 300+ controls	SAQ A, a few dozen controls
Annual audit cost	€30,000 to €150,000+	€3,000 to €10,000
Risk if something goes wrong	High, you hold card numbers	Low, you only hold tokens
Time to implement	6 to 12 months	Days or weeks

FAQ

Frequently asked questions about PCI Proxy

Short answers, no jargon.

01 Is a PCI Proxy the same as a payment gateway?

No. A payment gateway moves money. PCI Proxy only handles card data: it intercepts it, stores it in the vault, and gives you a token. You can use it with any gateway or PSP, and switch providers without losing saved cards.

02 How much does a PCI Proxy reduce my compliance scope?

A lot. If card data no longer passes through your servers, your PCI DSS scope shrinks significantly. Many merchants go from hundreds of controls (SAQ D) to a few dozen (SAQ A), with fewer audits, fewer tests, and lower costs.

03 Can I use a PCI Proxy for recurring payments?

Yes. On the first payment you save the token and reuse it every month. You don't need to ask the customer for their card again.

04 Does a PCI Proxy work with telephone / MOTO payments?

Yes. Over the phone or in the call center too: the agent enters the card in a secure form connected to us, and we tokenize it immediately. Card data never ends up in your CRM or orders in plain text.

05 How does PCI Proxy reduce pci compliance cost?

By removing cardholder data from your systems, you eliminate most of the cardholder data environment obligations. Your annual audit cost drops from €30,000–€150,000+ to a few thousand euros, you no longer need internal QSAs or dedicated PCI infrastructure, and you meet PCI DSS SAQ A requirements instead of SAQ D.

Want to try it?

Let's talk about your use case: e-commerce, call center, or API integration.

Get started Talk to us