Reliable cloud tokenization and uptime availability

When Payouts Network discovered that their legacy tokenization provider was shuttering their service, converting tens of thousands of stored credit card tokens to a new provider without downtime became a top priority. Steve Bacastow, CTO, Chief Strategy Officer, and Chief Compliance Officer of Payouts Network, points out, “For us, it was just a risk because if we didn’t convert from our existing provider to TokenEx, we’d effectively been unable to provide our services.”

To illustrate the importance of keeping their platform running, Bacastow shared an example of a person losing their luggage at an airport at four in the morning. “The airline can talk to our platform with an API call and send the person $1,000 or $2,000. This money immediately gets deposited into their checking account so that they can go buy new clothes,” Bacastow said.

“If we have the person’s card already on file, we must be able to use the token, turn that into a credit card number, and send that to the payment network. The payment network can then pay the person through their existing bank account,” Bacastow explained. The platform must always be available, or else Payouts Network cannot push payments to customers. 

Payouts Network needs to run 24/7, 365 days a year, as a payment processing platform. With their previous provider, they had occasional hard downtime. For example, “We could be down for five minutes. When they did scheduled maintenance, they’d convert us over to their other system, which came with a slight hiccup when waiting to route payments. I just haven’t seen that with TokenEx,” Bacastow said. This reliable availability ensures that this payment processor can maintain critical business operations. 

As for compliance, Payouts Network’s PCI compliance is simplified because TokenEx takes responsibility for the controls of storing and protecting raw cardholder data. Not needing to store the data on their platform reduces their PCI scope. In turn, PCI audits are easier because Payouts Network can tell their auditor that TokenEx covers those controls and shows them TokenEx’s Attestation of Compliance (AoC). This shifts the burden to TokenEx for those requirements. By working with TokenEx, “it’s 10 or 15 [PCI] controls out of 250 that we don’t have to worry about,” Bacastow mentions.

Payouts Network uses Token Services API to tokenize stored cardholder data securely. One potential use case would be an airline losing one of their customer’s luggage. The airline sends a request to reimburse their distressed customer via Payouts Network. Payouts Network sends a secure web form link for the airline’s customer to fill out their credit card information.

Once the traveler fills out the payment form, Payouts Network receives the form and sends the data to be tokenized by TokenEx to ensure the cardholder details are securely stored outside of their internal platform.

In the same example, Payouts Network calls the Token Services API with a request to detokenize the tokens. After the tokens are detokenized, Payouts Network sends money directly to the traveler’s debit card for purchasing new luggage and clothes.