Maximize business growth with payment flexibility

As a payment facilitator company, TiloPay needed to expand its products and services without increasing its PCI scope. Businesses like TiloPay that accept, process, or transmit cardholder day must maintain PCI DSS compliance. PCI compliance is time-consuming and costly to achieve without a tokenization provider. If unchecked, non-compliance can lead to hefty fines, data breaches, reputational damage, and revenue loss.

Previously, TiloPay had a much simpler payment solution. Their platform allowed them to connect directly to payment gateways, so “the banks and gateways were the only ones handling the credit card data on hosted payment pages,” says TiloPay CTO and co-founder Henry Nanne. TiloPay couldn’t even connect to major ecommerce platforms like Shopify or BigCommerce. This platform quickly fell short because it prevented TiloPay from being able to do things their customers needed due to not having control of the credit card tokens.  

“Customers were demanding more complex solutions and efficient ways to accept credit cards,” says Nanne. TiloPay was being held back by the amount of payment data they could transfer and store. Nanne says, “That’s where TokenEx came in and kind of saved the day because we were able to offer a bunch of different channels to customers.” TiloPay now had control over the payment experience without adding PCI scope. Nanne mentions their company was able to reduce its PCI scope by roughly 80 to 90 percent because they don’t store credit card data internally.  

Before working with TokenEx, this client did not store payment data. This significantly limited the payment processing features they could offer their customers. Now, TiloPay can control the payment experience from start to finish. They can choose how their payment experiences are handled based on merchant requests. For example, merchants may want to: direct payments to an antifraud system before they use 3-D Secure (3DS), skip 3DS and only use an antifraud system, or directly route payments to payment gateways without fraud prevention efforts. Nanne says, “It’s given us the flexibility to offer almost any kind of [payment processing] service” to merchants. Without TokenEx, this payment flexibility wouldn’t be possible because TiloPay didn’t want credit card data to pass through their servers, which would introduce PCI scope, increase costs, and compromise their payment data and platform security.   

Additionally, TiloPay can reuse their card tokens on any payment gateway they work with. TokenEx uses randomly generated data called tokens to tokenize credit cards, which removes and safely stores the original card data outside of their internal environment. A nonsensitive card token is returned to our client as a placeholder for the credit card numbers. Card tokens can be sent to any endpoint via the Transparent Gateway.

Payment flexibility has allowed TiloPay to easily connect with nearly 30 banks and offer services to almost 22 countries in Central America and the Caribbean. Once their platform is connected to another payment processor or gateway, this client can open new markets quickly and easily. How fast? “From the technical aspect, we’re able to open new markets, connect to specific gateways and banks, and launch in a matter of weeks.” Very little platform maintenance is required because TokenEx makes it easy to reuse the same token, integration, and affiliation process. Without payment independence, this wouldn’t be possible and would decrease their market speed. 

“Before TokenEx, we weren’t offering 90 to 95 percent of the services and products that we have right now. It was a different company,” says Nanne. By having really good support, small businesses like TiloPay can leverage platforms like TokenEx to work with big ecommerce players like Shopify, VTEX, BigCommerce, WordPress, and Wix. Indeed, implementing TokenEx allowed this payment facilitator to offer additional products and services they couldn’t provide before. Scaling their business has also had a significant impact on the revenue generated from this growth. 

To use the Transparent gateway, TiloPay sets up unique API endpoints to capture incoming payment data (primary account numbers or PANs) from third-party APIs. This way, they can safely ingest sensitive card data outside of their internal environment and avoid introducing scope. Card tokens can also be detokenized and directed to virtually any API endpoint, so they can focus on growing their business. 

With Browser-Based Encryption, TiloPay can use the TokenEx public RSA key to encrypt cardholder data from customers’ browsers to prevent raw data from entering their platform. Once the data is encrypted, the data can be sent to TokenEx to be decrypted and tokenized without introducing scope.  

These services are critical in enabling TiloPay to provide direct or indirect affiliations for merchants. Specifically, they provide merchants with connections to big ecommerce platforms via their payment facilitator platform, as well as other services like payment links and recurring payments.