Mallow Help Center
Security

How is payment information stored in Mallow?

Security is our top priority. Mallow is designed so that sensitive payment data never touches our servers. Instead, we use a process called tokenization to keep your customers' information safe.

How Tokenization Works

When a customer enters their credit card or bank account details, the data is sent directly to our payment processing partner. Card and bank account data are tokenized by the payment processor before reaching our servers, keeping the information private, safe, and secure.

The process follows this secure pattern:

  1. Secure Exchange: Your payment processor replaces the sensitive card or bank numbers with a unique, non-sensitive string of characters called a "token."

  2. Safe Storage: The processor stores the actual encrypted data in their PCI-compliant vaults.

  3. Mallow's Role: Mallow only has access to the token. This token allows you to process future transactions or refunds without ever having to see or store the actual payment details.

Why this matters for you

Because Mallow uses this "off-site" storage method:

  • Reduced Risk: Even in the unlikely event of a security breach, there is no usable payment data for an intruder to steal from Mallow.

  • PCI Compliance: This significantly reduces your PCI DSS compliance burden, as you are not storing "raw" cardholder data on your own systems.

Which processor handles my tokenization?

Mallow currently works with three different payment processors. Your company's assigned payment processor determines how tokenization works. If you're unsure which processor your account uses, contact [email protected].

Was this helpful?