Credit Card Data Portability—A Precautionary Tale

Credit card data portability

We frequently subscribe to services, however we rarely notice when they’re renewed. For instance, you may have recently subscribed to an online SaaS product, additional storage on an email client, healthy work lunches or even a curated wardrobe.

But do you remember when you last gave any of these services your credit card details? Chances are, you did it once—when you signed up. When merchants switch payment gateways behind the scenes, it’s usually invisible to you as a customer. You’re never asked for your sensitive billing information again and it’s all thanks to credit card data portability.

But this wasn’t always the norm (and still isn’t.) Which is why it’s one of the most important questions to ask before you sign up with a payment provider if you do recurring billing for your customers.

The Pre-2010 ‘Data Hostage’ Crisis

To understand what credit card data portability is and why we need it, it’s vital to know the story behind its genesis.

Before 2010, if you needed to collect credit card information from your customers for recurring billing your payment provider would store it for you. But perhaps you want to switch payment gateways when you discover a better provider? Tough luck, consider your customer data lost.

In an era where data is the new oil that’s not just an inconvenience, it’s a horror story.

Braintree was the first to champion credit card data portability because they saw this massive problem in the payments processing world. Most payment providers wouldn’t allow merchants to port credit card data stored with them on request, and they cited PCI compliance issues as the reason behind it.

It’s true, the data exchange problem is essentially a security problem. But there was more to it that they weren’t revealing to hapless merchants:

  • It’s a difficult process to port sensitive data securely and map it to another provider
  • Payment providers wanted to retain customers, not make it easier for them to leave
  • Businesses were left with only thing to do if they wanted to switch: start afresh and ask customers to add their credit card information again. A nightmare because churn rates would go through the roof and revenues would take a massive hit.

    So data hostaging effectively prevented many businesses from switching to payment providers they preferred and this vendor lock-in crippled fair competition.

7 Essential Credit Card Data Portability Questions to Ask Your Payment Provider

In 2010, Braintree created the much-needed credit card portability standard. They stated their objectives as:

  • Eliminating vendor lock-in for merchants reliant upon a service provider storing their customers' credit card data
  • Creating a secure, PCI Compliant, and standards-based process for data transfers
  • Embracing free market principles and fair competition

But while this standard has been in effect for many years and is slowly becoming the norm, some payment providers still don’t support it, most notably PayPal and Authorize.NET.

And many merchants don’t find out until it’s too late because, quite simply, they don’t ask early enough. So we’ve put together a list of 7 questions to ask about credit card data portability before you decide to work with a payment provider:

  1. Can I retain my customer’s credit card data if I choose to switch providers?
  2. Are you PCI compliant?
  3. What’s required from me to initiate credit card data transfer to a new payment provider?
  4. How long will this process take?
  5. What happens to new sign ups on the old payment gateway while this process is underway?
  6. Is there an additional fee for you to port credit card information on my behalf?
  7. What are the terms and conditions I must satisfy before you can port my data securely?

The data hostage crisis was a cautionary tale which prompted conscientious providers to volunteer this information to merchants. But as a business, it’s best to stay one step ahead by proactively asking for a solution.

Pro Tip

Your preferred payment gateway doesn’t support credit card data portability. Now what?

As Douglas Adams famously wrote, don’t panic.

Some recurring billing solutions that work on top of payment gateways may be able to solve this issue for you. At Chargebee, we work with a range of payment gateways, some support card data portability and some don’t. For the latter, we store customer credit card information away from the payment gateways in Spreedly’s PCI compliant card vault. You can rest assured that your data will never be lost in limbo and business will go on as usual, whenever you choose to switch providers.

The Billing Intelligencer

A roundup of practical, insightful reads about the challenges of credit card data portability and preventive measures to overcome them:

  • A time machine to 2010: Braintree’s credit card data portability initiative. Still as important today as the day it was set up. PortabilityStandard.org
  • An excellent article from Justin Benson at Spreedly about the difficulty of implementing card data portability and why merchants often turn a blind eye to the problem until it’s too late.
    Credit Card Data Portability – Does anyone really care?
  • Watch a brief 4 minute 30 second whiteboard video from Chargebee’s CEO, Krish, walking you through the terrain of data portability with points to consider when you choose a SaaS vendor.
    Data portability – Whiteboard Monday
  • “There are some well-known industry names that if you were to call and ask about the data migration process the reply would be a flat ‘We don’t do that’.”
    Agile Payments looks at card data portability from both the merchant and payment provider sides of the coin. What’s most interesting is their description of the real-world walls you’ll hit when trying to migrate sensitive information.
    Payment data portability or data hostage

Chargebee supports credit card data portability. Your data is safe with us. Give us a spin?