Overview
Customer Vault is a secure payment data storage solution provided by NMI. It enables merchants to store sensitive payment details—such as credit card or bank account information—safely in the cloud using gateway-issued tokens. These tokens can be used to perform future transactions, reducing the merchant's PCI DSS compliance scope and improving data security. NMI’s Customer Vault is certified at Level 1 PCI DSS, the highest level of compliance.
This system is ideal for:
- Recurring or membership-based billing
- On-demand invoicing
- Businesses looking to eliminate the storage of payment data on local systems
Features and Benefits
Customer Vault provides the following capabilities:
- Secure Tokenization: Sensitive payment information is replaced with unique NMI-generated tokens.
- Credit Card and ACH Support: Supports the storage of both credit card and electronic check (ACH) payment methods.
- Cross-Platform Compatibility: Works with both card-present and card-not-present transactions, including NMI's iProcess mobile app.
- Flexible Transaction Management: Use tokens for one-time sales, recurring payments, refunds, or membership billing.
- Automatic Card Updater Integration: Automatically updates expired or replaced cards, helping to reduce transaction failures.
- White-Labeling Option: Allows partners to brand the Customer Vault interface.
- Secure Online Access: Merchants manage customer profiles and billing methods through a secure web interface.
- No CVV Storage: In compliance with card network rules, CVV data cannot be stored.
- Reduced PCI Burden: Eliminates the need for merchants to store card data locally.
Prerequisites
- ONE platform
- Enable Customer Vault in the Marketplace Apps
New: Sandbox Access Available!
Customer Vault is now available to Sandbox users. This means you can start integrating and testing Customer Vault functionality before going live in production.
Supported Processors
Customer Vault is supported across most processors integrated with NMI. There are no processor-specific limitations for this service, as long as the Customer Vault feature is enabled in the gateway account.
How Customer Vault Works
The process for storing and using payment data with Customer Vault is as follows:
- The customer enters their payment details.
- NMI securely stores this data in the Customer Vault and generates a Customer Vault ID (a gateway token).
- The merchant uses the Customer Vault ID to process future transactions without viewing or storing the card details.
- Transactions can be initiated through the Virtual Terminal, Payment API, Batch Upload, or mobile devices using the iProcess app.
- The Automatic Card Updater service helps maintain valid card data without manual input.
Using the Customer Vault: Step-by-Step Walkthrough
Step 1: Add a Customer to the Vault
- Navigate to Customer Vault > Add Customer.
- If both Credit Card and Electronic Check options are available, select the payment method.
-
Enter the required information:
- For credit cards: card number and expiration date (required fields are marked with a red asterisk).
- Add optional details such as name, billing address, and shipping address.
- Use the "Same as Billing" checkbox to duplicate address details.
- Click Submit to save the customer to the vault.
Note: You can provide a unique Customer Vault ID when adding a customer to the Vault. If you do not, the gateway will automatically create a unique Customer Vault ID for you.
Step 2: Search for a Customer
- Navigate to Customer Vault > List Customers.
- Use filters like Vault ID, last name, billing ID, or account number.
- Click Submit to search.
Step 3: Review the Customer Record
- Click on the customer name to view:
- Customer Vault ID (unique identifier)
- Billing method(s)
- Shipping address(es)
- The customer record page also includes action buttons such as:
- Run a Sale
- Authorize a Transaction
- Send a Credit
- Create a Recurring Subscription
- Send an Invoice
- Run a Sale
Step 4: Process a Transaction
- Select the credit card (
) to initiate a Sale.
- Card and billing info will pre-fill from the vault record.
- Enter the transaction amount and optional CVV.
- Click Charge.
- A confirmation message will indicate success.
- You can identify a transaction as a Vault-based payment by checking the Customer ID field, which will show the Vault ID.
Step 5: Add an Additional Billing Method
- Go to the customer record (click the name).
- Click Add Billing Method.
- Select the method (e.g., Electronic Check).
- Enter required fields such as:
- Account name
- Routing number
- Account number
- Click Submit.
- The new method will be listed under the customer record.
- You can now choose between billing methods when processing future transactions.
Note: This walkthrough utilizes our Virtual Terminal, you can learn more about using our Customer Vault with our API in our Integration Portal.
Partner Experience - Enabling Customer Vault
Partners can make Customer Vault available to merchants by following these steps:
- Log in to the Partner Portal.
- Go to List Accounts and select the appropriate merchant.
- Scroll to the Value-added Services section → click Update Services.
- Set Customer Vault to either:
- Active - the merchant will have access to Customer Vault immediately.
- Free Trial - the merchant will have 30 days to try out the service (see Free Trials).
-
Offered - the merchant will have the option to activate the Customer Vault in the Marketplace Apps section of their gateway.
- Click Submit to apply the changes.
Merchant Experience
How Merchants Can Activate Customer Vault
If Customer Vault was set to Offered above, then to activate Customer Vault, the merchant must:
- Log in to their Merchant Portal.
- Navigate to Marketplace Apps → App Store.
- Find the Customer Vault card and click Enable.
They can also navigate to Customer Vault in the left-hand menu bar and click Enable Customer Vault.
After activating, merchants can immediately begin storing payment profiles and using tokenized transactions in the Customer Vault.
Customer Vault Settings and Configuration
Merchants can manage their Customer Vault records and configuration using the Merchant Portal:
- Storage Capacity: Each Customer Vault ID can contain up to 255 billing or shipping IDs.
-
ID Lengths:
- Customer Vault ID: Max 36 characters
- Billing/Shipping ID: Max 32 characters
-
Editing Records:
- Merchants can update card numbers, expiration dates, and billing details.
- Billing ID numbers themselves cannot be modified.
-
Record Access:
- Go to Customer Vault > List Customers to search, view, and manage saved records.
Frequently Asked Questions
Can I store CVV numbers in Customer Vault?
No. Visa and other card networks prohibit merchants from storing CVV codes. While CVV can be submitted on the initial transaction, it is not stored in the vault.
Is there a limit to how many customer records can be stored?
There is no limit to the total number of Customer Vault records. However, each individual Vault ID is limited to 255 billing/shipping records.
How can I update a card stored in the Customer Vault?
Cards can be updated automatically using Automatic Card Updater (if enabled), or manually by editing the Customer Vault record.
Can I use Batch Upload to create new Vault IDs?
Yes, you can find more information in our Batch Upload | Vault, Invoicing, Products, Recurring article.
Can I export Customer Vault data?
Yes. Customer Vault data can be exported. See our Data Import, Export, & Transfer Information article.
What is the difference between Customer Vault and Customer Token Vault?
- Customer Vault uses gateway-issued tokens that are only valid within the merchant’s NMI account.
- Customer Token Vault uses network-issued tokens (Visa, Mastercard) that support additional features like cross-platform compatibility and advanced fraud protection.
Can a transaction update the vault record?
Yes, but only under specific conditions. If both the transaction and the Customer Vault update fields are submitted correctly, the vault record will be updated. If not, only the transaction data may change.