Why retailers are rethinking where payment data lives
As payment choice grows, Jacob Spencer, CRO, BR-DGE, explores why retailers need payment infrastructure that can support more providers, methods and customer journeys without spreading sensitive card data across more systems.
Retailers are under growing pressure to offer more ways to pay, but the infrastructure behind those choices is starting to carry too much payment data.
A checkout may look simple to the customer, yet the data behind it can pass through e-commerce platforms, mobile apps, point of sale, fraud tools, loyalty systems, customer service, reporting and finance.
Some of that data is useful. It helps teams understand approval rates, failed transactions, refund patterns and provider performance. Sensitive card data is different. When raw card details or stored credentials sit across systems built for other jobs, they add risk, compliance work and provider dependency.
A key thing is to separate those two things more clearly: merchants need to keep useful payment data available to the teams that need it, while reducing how much sensitive card data they hold or use directly.
Payment choice creates new data flows
The growth in providers, wallets, local methods and acquiring options has been healthy for the market. It gives retailers more flexibility, more ways to serve customers and more room to improve acceptance across different markets. The work begins when those options have to be embedded into the systems behind checkout.
Retailers add those options for commercial reasons, not because they want another integration project. A wallet may answer customer demand, a local acquirer may improve acceptance in one market and a backup payment service provider (PSP) may give the business another route when the main one is under pressure. Each addition then has to be connected, supported and understood as part of the wider payment setup.
That setup reaches further than the payment page. A stored card can support one-click payments, recurring transactions, loyalty activity, refunds and customer service. A transaction record may be needed by finance, fraud teams, reporting tools and operations. A routing change can affect the provider used, the token format, the retry logic and the data available to different teams.
When raw card data sits inside that flow, even a checkout update can pull in more systems than expected. Fraud checks, refunds, customer service, reporting, reconciliation and provider management all become part of the impact assessment because the credential has travelled further than the payment journey required.
Holding less sensitive data changes the infrastructure model
The Payment Card Industry Data Security Standard, or PCI DSS, gives the card payments industry a framework for protecting cardholder data. In simple terms, systems that store, process or transmit payment account data may fall into scope. More systems touching payment account data means more to document, secure, monitor and assess.
Retailers still need payment data. They need to know which providers approve more transactions, where payments fail, how refunds behave and which routes perform well in different markets. Raw card data belongs in a much smaller part of the payment estate.
Tokenisation helps separate the useful data from the sensitive credentials. Instead of storing raw card details, a token is used as a substitute reference. The Primary Account Number (PAN), the long card number associated with the payment card, can be kept away from systems that have no reason to hold it.
The useful part of tokenisation is that the payment journey can still work without raw card data passing through every supporting system. Tokens can be used for the operational flow, while the sensitive credential is kept in a more controlled place.
That gives retailers a cleaner way to support saved cards, refunds and repeat payments without allowing card data to spread through applications that only need a reference or status update.
The token model still needs careful thought. A PSP-native approach can work well at the start, especially for a simple setup with one provider, one market and one checkout flow. Problems appear when the business wants more flexibility. A new acquirer, wallet rollout, backup route or provider switch becomes harder if saved credentials only work inside the original provider’s vault.
By the time that issue is spotted, the commercial work may already be moving. The new provider is ready, the local acquirer is in place or the checkout change has been built. Then the stored-card problem lands. The team has to map tokens, re-tokenise cards or ask customers to enter details again before the new route can work properly.
Vaulting changes where payment risk sits
An independent token vault gives retailers another way to structure stored credentials. Sensitive card data can sit in a controlled vault rather than being spread across internal systems or held only inside one PSP’s vault. Tokens can then be used across different PSPs, gateways and acquirers, reducing provider dependence and siloed data.
A separate vault also gives payment teams more room to work. A provider can be added, an acquirer can be tested or a new payment method can be supported without pulling stored-card journeys back into a rebuild. The customer keeps the saved payment experience, while the business gets more freedom behind it.
Orchestration supports resilience
Payment orchestration can offer an independent vault to help retailers use that structure in live traffic. It sits between checkout and the provider network, helping manage routing, retries, failover and provider connections. The orchestrator also gives payment teams a faster way to bring new providers, acquiring connections and payment methods into the business.
Orchestration should add to the infrastructure already in place, giving the business more routes and more resilience without forcing every payment decision through one provider model.
If stored credentials can work beyond the original PSP, the team has somewhere to move when a provider route fails, weakens or needs replacing.
That also supports optimisation. Better payment performance depends on data: which routes approve more transactions, which providers perform well in each market, where retries are working and where customer journeys are failing. The business needs that information. It does not need raw card details travelling through every system, creating compliance and security blockers.
The infrastructure test
Payment infrastructure has to be judged by how cleanly data moves through it. Useful payment data should be available to the teams improving acceptance, refunds, reporting and customer experience. Sensitive card data should travel a much shorter route, with fewer systems touching it and fewer future changes depending on where it happens to sit.
Payment choice will keep growing. Retailers will keep adding providers, local options, wallets and new customer journeys because customers expect choice and businesses need better acceptance. The infrastructure behind those choices has to absorb more connections without creating more exposure.
The aim is to be deliberate about which payment data travels where. Useful payment data should keep flowing through the business because it supports optimisation, reporting and customer experience. Sensitive card data should travel a shorter route. That is the infrastructure model retailers need as checkout, data and digital operations become more connected.
Read the original feature and discover further retail technology insights over at INTELLIGENT retail.tech.
Related content