About the company
Payouts Network is an intelligent payment platform that enables businesses to dynamically manage their capital through real-time issuance of disbursements via existing financial accounts and payment credentials. This platform eliminates the need for businesses to disperse cash, issue gift cards, write checks, or issue paper vouchers to deliver compensation to customers and employees. Payouts Network also offers a loyalty point conversion platform to Visa and Mastercard issuing banks that converts cardholder loyalty points into instant cash back for real-time purchases without merchant integration.
Industry: Payment processing
Location: Bozeman, MT
Company Size: SMB
Products Used: Token Services API
Tokenization for cardholder data
When Payouts Network discovered that their legacy tokenization provider was shuttering their service, converting tens of thousands of stored credit card tokens to a new provider without downtime became a top priority. Steve Bacastow, CTO, Chief Strategy Officer, and Chief Compliance Officer of Payouts Network, points out, “For us, it was just a risk because if we didn’t convert from our existing provider to TokenEx, we’d effectively been unable to provide our services.”
To illustrate the importance of keeping their platform running, Bacastow shared an example of a person losing their luggage at an airport at four in the morning. “The airline can talk to our platform with an API call and send the person $1,000 or $2,000. This money immediately gets deposited into their checking account so that they can go buy new clothes,” Bacastow said.
“If we have the person’s card already on file, we must be able to use the token, turn that into a credit card number, and send that to the payment network. The payment network can then pay the person through their existing bank account,” Bacastow explained. The platform must always be available, or else Payouts Network cannot push payments to customers.
Reliable availability and simplified PCI compliance
Payouts Network needs to run 24/7, 365 days a year, as a payment processing platform. With their previous provider, they had occasional hard downtime. For example, “We could be down for five minutes. When they did scheduled maintenance, they’d convert us over to their other system, which came with a slight hiccup when waiting to route payments. I just haven’t seen that with TokenEx,” Bacastow said. This reliable availability ensures that this payment processor can maintain critical business operations.
As for compliance, Payouts Network’s PCI compliance is simplified because TokenEx takes responsibility for the controls of storing and protecting raw cardholder data. Not needing to store the data on their platform reduces their PCI scope. In turn, PCI audits are easier because Payouts Network can tell their auditor that TokenEx covers those controls and shows them TokenEx’s Attestation of Compliance (AoC). This shifts the burden to TokenEx for those requirements. By working with TokenEx, “it’s 10 or 15 [PCI] controls out of 250 that we don’t have to worry about,” Bacastow mentions.
How Payouts Network uses TokenEx
Payouts Network uses Token Services API to tokenize stored cardholder data securely. One potential use case would be an airline losing one of their customer’s luggage. The airline sends a request to reimburse their distressed customer via Payouts Network. Payouts Network sends a secure web form link for the airline’s customer to fill out their credit card information.
Once the traveler fills out the payment form, Payouts Network receives the form and sends the data to be tokenized by TokenEx to ensure the cardholder details are securely stored outside of their internal platform.
In the same example, Payouts Network calls the Token Services API with a request to detokenize the tokens. After the tokens are detokenized, Payouts Network sends money directly to the traveler’s debit card for purchasing new luggage and clothes.
Growth and Security
Keep sensitive cardholder data out of their internal payments platform.
Reduce their PCI scope and simplify PCI audits with fewer controls.
Process payments with high service availability to ensure customer satisfaction.
“A token provider should be seen and not heard. They should be running in the fabric. You shouldn’t even know they exist. You want a token provider like TokenEx that is always up and available. You don’t have to worry about it. That’s what you want.”
Chief Strategy, Technology, & Compliance Officer,
How can we help
Connect with us to learn how we can generate similar results for you.