VGS as a Solution for Agents and Offering Platforms

Reduced PCI Compliance Scope

Platforms can add a VGS Token Vault to their stack and leverage it to securely collect and store their end users' incoming sensitive payment data. Payment information (PAN, CVV, and more) can be received using an API for web or mobile payments or from the hosted VGS Collect solution. This is stored in tokenized form in the VGS Vault.

Since sensitive data never touches the platform's systems, offering platforms can reduce their PCI compliance requirements. This results in compliance cost savings, breach risk mitigation, and the redeployment of internal resources to other critical tasks.

Data Security

At VGS, we convert sensitive payment information into randomized tokens, safeguarding against data hacks and ensuring data remains secure.

Tokenized data eliminates the risk of data breaches caused by older practices such as storing sensitive information in shared sheets and transmitting raw PAN and CVV information in person, in the cloud, by email, or even by fax.

Data Entry Automation

Platforms can reduce the risk of data inaccuracies due to manual error in the complex double-loop payment process. Combining a headless browser and browser proxy facilitates automated data entry and integration with service providers without directly revealing sensitive information.

Platforms can use a headless browser (a web browser without a graphical user interface (GUI)) to collect information from their VGS Vault and automatically populate the end provider's desired web page.

A forward browser proxy from VGS can route the OTA web traffic and securely reveal the data to the travel service provider with minimal manual intervention or compliance exposure.

If the ultimate travel, insurance, or other service provider offered an API endpoint, and the OTA was integrated with them, automation would be even more straightforward with a standard, HTTP-based API. The data could be collected from the end user via API when entered into the web browser or mobile apps and stored as randomized tokens in the VGS Vault.

Control and Ownership of Your Data Without Being the Merchant of Record

With VGS, agent platforms do not have to add on the complexities of becoming the Merchant of Record (MoR) or have a direct business relationship with the PSP simply to gain access to their data.

They can offload sensitive payment data to their independent vault provided by VGS. Their data is secure in tokenized form while they stay PCI-compliant.

VGS Account Updater can be added to the VGS Vault to keep card-on-file information up-to-date, so any card data forwarded to the provider and their PSP has minimal chances of failing due to outdated information.

By working with VGS, offering platforms ensure that they keep control of their data and ensure its accuracy without being required to handle it directly.

Grow your Business by Building in Provider Flexibility

When agent platforms own their end users' payment data, they can easily use multiple providers and avoid vendor lock-in. For example, if the initial provider can't provide a travel product or the carrier can't bind a policy, the platforms have options. Since they hold the end user's payment credentials in their VGS Vault, they can share them with an alternate provider.

If the alternate provider has a different PSP processing the payment, the offering platform can support that without needing a direct business relationship with that PSP, and just having the technical integration via API endpoints or browser proxy routes.

With the ability to compliantly access their end user's card details in a token vault, they can seamlessly send the information to the second PSP.

The platform can use the provider's credentials to automatically send the card details via API to the PSP to process the payment for both the initial and second providers. Direct integration with the PSP's API avoids the need for manual data entry or direct PSP relationships and allows platforms to use multiple providers.

Support Multiple Models and Expand to New Payment Methods

If an agent platform wants to move to the merchant model to handle payments directly and gain greater control over the transaction process and new payment options like BNPL, centralized payment data in a universal vault is a significant enabler.

The VGS Vault can tokenize all PCI and PII data types, and new providers can be easily integrated.

If a platform wants to become the Merchant of Record with direct PSP relationships and become PCI-compliant independently instead, VGS can enable its PCI Compliance journey.