As businesses and households embrace subscriptions and recurring payments, their payment service providers must adopt new approaches to keeping payment details on file.
“No one likes to see a subscription that we use, and rely on, every day go dark because payment information was stale and the payment was unable to be processed,” Joe Meuse, VP of product at Spreedly, told PYMNTS.
Those payments might fail, he said, because a cardholder might have changed banks, gotten a new card, or replaced the card if it had been lost or stolen.
Providers who don’t take steps to alleviate pain points will forge a fast path to dropping customer lifetime values down to zero.
Card lifecycle management, Meuse said, can get a boost from vaulting and tokenization — which in turn can prevent payments from being interrupted, and can keep customers loyal to merchants, too.
“Think of it as ‘evergreen management,’” he said of the improvements fostered by these lifecycle technologies, adding that this evergreen approach “is about making sure that the card is always available for transactions whenever the payer is ready to make a payment.”
Those cardholders — and the companies with which they are transacting — want to make sure their cards are always in good standing.
As he noted to PYMNTS, card lifecycle management refers to a systematic updating of card-level details, specifically tied to primary account numbers (PAN) and expiration dates. Firms storing card details should be able to identify which cards are outdated, and then update the relevant data automatically.
There are two approaches to getting there, Meuse said: An enterprise might opt to work with the end customer directly or, alternatively, subscribe to a service to ensure those automatic, card-specific updates are made.
The onus is on the merchants and providers to keep card details safe. New PCI standards are on the horizon, slated to debut in 2025. The new compliance mandates, through PCI Data Security Standard 4.0, stipulate changes to password protocols and multifactor authentication. Vault providers (like Spreedly) can ensure PCI compliance with these requirements, which ultimately ensure that merchants are dealing with the “rightful” customer on the other end of online transactions and build confidence for consumers.
Compliance, said Meuse, “is a never-ending game.”
As Meuse told PYMNTS, vaulting solutions should be regarded as a collection of tools — a mechanism through which to store cards and take action upon those cards. But there’s not yet been a lot of optimization built into those vaults. They are largely inert, and with the surge in digital payments over the last few years, this presents a lot of opportunity.
“None of this is a single flip of a switch,” Meuse said, as providers must ensure that cards are redacted and updated appropriately. Beyond regulatory and PCI requirements, merchants may wish to examine the metadata inherent in those cards they keep — such as the home currency of the cardholder, the issuing bank, and the issuing country. This provides insight into a customer base, and its value grows exponentially over time, turning into true business intelligence.
“Data changes over time,” Meuse said, and “you need to be invested in optimizing the vault, keeping it clean and efficient … and the data show that many merchants are not doing so with the best practices in place.”
Network tokenization is another concept that should be in any vault conversation, he added. It can offer an additional layer of security through cryptograms that make for a safer payment ecosystem where fewer and fewer people need to hold onto card data. That’s especially important with the continued adoption of digital wallets, which offer a centralized location to hold cards and transact with a wide variety of enterprises in a streamlined manner.
Looking ahead, he said that merchants can use vaulting “as an advantage to their benefit — by leveraging the data in your vault, it becomes an engine to improve your business, grow sales, and manage risk.”