December 21, 2021
Build for Frictionless Growth by Avoiding PCI Data Lock-in
When you’re racing to get to market, storing your PCI data with a payment processor and offloading compliance to them seems like an easy way to save time. But what are the long term risks?
One of the most critical decisions that your fintech startup will make is choosing a payment processor. Most payment processors offer a solution to store your PCI data with them in order to reduce your PCI compliance burden. At first, this sounds like a great way to protect your data and get to market quickly. But what happens when you want to switch to a payment processor whose fees make more sense as your business enters new markets or scales up?
Avoiding Lock-in as You Scale
Getting up and running with a well-known payment processor such as Stripe or Braintree can help you start selling right away. Because these payment processors manage and store your PCI data, they free you up to focus on product development instead of worrying about PCI compliance. However, as demand for your products grows and you enter new markets, the payment processor that was once an easy solution can start to hinder your flexibility and profits.
When your company is a young startup processing only a handful of transactions, paying a 2.9% transaction fee seems like a good deal. However, as you scale towards millions of transactions, payment processors can become very expensive, often forcing you to accept tighter margins on every sale. As you evaluate migrating to a payment processor with a more friendly fee structure for higher transaction volumes, you’ll have to consider how to migrate your customer PCI data. Because the payment processing vendor has been storing and tokenizing all of your customer PCI data, there’s no easy way for you to move to a more cost-effective payment solution without a data migration. So, you are in the unfortunate position of choosing between an increasingly expensive vendor and a costly, disruptive, and difficult data migration process.
The following diagram shows this situation, where your company is “locked-in” with Payment Processor B, and you lack the flexibility to work with other payment processors:
To build for the long-term, you need to centralize your PCI data in a vault that can easily integrate with any payment processor. Skyflow’s Fintech Data Privacy Vault is purpose-built for this scenario. By using a vault that can integrate with any payment processor, you can seamlessly switch from one payment processor to another without having to migrate your data. You can enjoy the best of both worlds: continue to offload PCI compliance while gaining the freedom to switch payment processors as you scale — or even work with different payment processors in each market.
Easily Enter New Markets and Increase Authorization Rates
As a fintech company or merchant processing payments, your goal is to increase your payment authorization rates so you can increase your revenue. This means selecting the right payment processor for each market that you’re operating in. Oftentimes, payment processors have different authorization rates across different geographical markets. If you’re looking to enter a new market, you might be able to increase your authorization rates in that market by switching payment processors, or by using a new payment processor just for that market.
But, if you’ve stored your PCI data with your current payment processor, then you’re forced to fragment your PCI data across multiple payment processors. Customers in your existing market will continue to use your existing payment processor, while new customers in your new market will use your new payment processor. This data fragmentation hinders analytics and data visibility, and increases the risk of a data breach since your PCI data is now stored in multiple places.
You can avoid these drawbacks by centralizing your PCI data in your Skyflow vault:
This strategy gives you the freedom to easily enter new markets and work with the right payment processor for each market.
Your Customer PCI Data, Under Your Control
Despite the short-term benefits, transferring control of your customer PCI data to a payment processor eventually becomes a limitation with no easy solution. Skyflow’s Fintech Data Privacy Vault exists to help fintech companies reduce their PCI compliance scope while giving them complete control over their data. Skyflow customers can also take advantage of pre-built integrations with leading payment processors in order to increase their payment authorization rates and lower their transaction fees.
Your new vault becomes the central store of all PCI data but won’t lock you into a single payment processor. Skyflow’s APIs allow you to seamlessly shift from one payment processor to another without migrating data. Additionally, Skyflow offers tokenization and data privacy solutions to help you protect your data and reduce your compliance burden. This lets you enter new markets and scale up without worrying about being locked into your current payment processor. You can also use your vault to provide other teams with the valuable data they need without putting it at risk.
Are you looking to get up and running with a new payment processor? To learn more about how we can help you avoid PCI data lock-in, get in touch with us.