Mallow Help Center
Security

How is payment information stored in Mallow?

Security is our top priority. Mallow is designed so that sensitive payment data never touches our servers. Instead, we use a process called tokenization to keep your customers' information safe.

How Tokenization Works

When a customer enters their credit card details into Mallow, the data is instantly sent to our payment partner, Fiserv, Inc. — the world’s largest payment processor.

  1. Secure Exchange: Fiserv replaces the sensitive card numbers with a unique, non-sensitive string of characters called a "token."

  2. Safe Storage: Fiserv stores the actual encrypted card data in their world-class, PCI-compliant vaults.

  3. Mallow’s Role: Mallow only has access to the token. This token allows you to process future transactions or refunds without ever having to see or store the actual credit card number.

Why this matters for you

Because Mallow uses this "off-site" storage method:

  • Reduced Risk: Even in the unlikely event of a security breach, there is no usable credit card data for an intruder to steal from Mallow.

  • PCI Compliance: This significantly reduces your PCI DSS compliance burden, as you are not storing "raw" cardholder data on your own systems.

Was this helpful?