VGS Vault
Collect, Protect and Transmit

A vault is a secure, isolated data environment where sensitive information (like payment card numbers, SSNs, or PII) is stored, tokenized, and managed.

It acts as your organization's data safe, allowing you to collect, store, and exchange sensitive data without it ever touching your own systems, drastically reducing your PCI DSS or data privacy scope.

VGS Vault is exactly as described above.

You can store any form of sensitive information, including:

• Payment card data (PANs, CVVs, expiration dates, digital wallets)
• Personally identifiable information (names, SSNs, addresses, DOBs)
• Financial data (bank account numbers, IBANs)
• Health data (PHI under HIPAA)
• Crypto credentials (digital assets such as NFTs)

VGS supports structured and unstructured data across APIs, files, and forms.

When sensitive data enters your application (e.g., through a form or API call), it is securely sent to the VGS Vault. The Vault then tokenizes (aliases) the data, replacing it with a unique reference ID. This alias can be stored and used in your systems without exposing the real value. When needed, VGS can securely detokenize and forward the original data to authorized third parties (like payment processors), ensuring you never have to handle sensitive information directly.

When data is sent to the Vault, it is replaced with a VGS alias, a secure, randomly generated token that represents the original value. These aliases can be used safely in your internal systems or databases. Only the Vault can map aliases back to the original data, and only when explicitly authorized to do so.

You can interact with the Vault through the VGS Dashboard or APIs. Data can be retrieved, updated, or securely forwarded to external services using pre-configured routes. Access is controlled through strict authentication, encryption, and permissions.

Yes. VGS is PCI DSS Level 1 compliant, the highest level of certification available. Using a Vault means that sensitive data is handled within VGS's secure infrastructure, dramatically reducing your organization's PCI scope and audit requirements.

Using a VGS Vault allows your organization to:

• Reduce compliance scope under PCI DSS, GDPR, HIPAA, and other data regulations
• Prevent data breaches, since no sensitive data is stored in your environment
• Simplify integrations with third parties through secure routing
• Enable new use cases like recurring billing, card-on-file payments, or automated account updates without storing actual card data

A VGS Vault is used in various scenarios where sensitive data must be securely handled without expanding the scope of compliance. Common use cases include PCI DSS scope reduction, where organizations can store and process payment card data without exposing raw card numbers; data privacy and compliance, ensuring customer PII is protected to meet regulations such as GDPR and CCPA; payment integrations, allowing businesses to send aliased card data securely to processors like Stripe or Adyen; and network tokenization, where VGS issues and manages network tokens that replace primary account numbers (PANs) with secure, network-approved aliases. These network tokens enhance transaction security, improve authorization rates, and automatically maintain up-to-date payment credentials. Additionally, the Vault supports Account Updater functionality, which refreshes stored tokens—including network tokens—through VGS's secure network connections to ensure the ongoing accuracy of payment information.

You can contact VGS if you would like VGS Vault. If you already have VGS solutions, please contact your account manager.