Inspire Commerce operates a PCI Level 1 certified payment infrastructure — the highest tier in the industry. Card data is stored in a vault your platform controls. It is not pooled, not shared, and does not leave with a processor.
The vault model
When a card is tokenized through Inspire Commerce, it is stored in a PCI Level 1 certified vault that your platform controls. The token we return to you is the reference — the actual card data never touches your servers.
When you route a transaction, we execute against the stored card. When you switch processors, the card data stays. No re-tokenization. No migration. No negotiating with a processor for data portability.
If you stop working with a processor, the relationship ends with that processor. Your card data and your customer relationships remain intact.
How we operate
Payments infrastructure is a target. We have been building and operating under that assumption since 2008.
Card data is encrypted at rest using AES-256. All API communication is TLS 1.2+ enforced. No plaintext card data is ever transmitted.
We undergo an independent Qualified Security Assessor audit every year. PCI Level 1 is not self-assessed — it requires third-party validation.
Network Tokens replace raw PANs with network-issued tokens that rotate automatically. If intercepted, they cannot be used outside your authorized context.
Network Tokens + Account Updater + PAN fallback. When a card changes, we update automatically. The transaction succeeds without your intervention.
Accounts remain active for businesses operating within stated terms. The conditions are documented, not arbitrary. No silent surprises.
100+ countries supported. The same PCI Level 1 vault and compliance posture applies globally — not just within US borders.
Shared responsibility
Clarity on who owns what — so there are no assumptions going into production.
| Area | Inspire Commerce | Your Platform | ||
|---|---|---|---|---|
| PCI Level 1 vault certification | We maintain and renew annually | Your scope is reduced — you never handle raw PANs | ||
| Card data storage & encryption | AES-256 at rest, TLS 1.2+ in transit | You receive tokens — not card data | ||
| Processor routing | We execute the transaction | You write the routing rules in your code | ||
| Network token lifecycle | Token provisioning, updates, cryptogram fetch | You pass the token reference in API calls | ||
| Account Updater | Automatic card updates when issuers push changes | You receive updated card metadata in the vault | ||
| API authentication | API key management and rate limiting | You manage key security and access controls on your side | ||
| Your application security | Use Value.IO to reduce your PCI scope | Card data never touches your servers. Your scope shrinks. Your customers' data stays protected. |
Common questions
Can we get a copy of your PCI AOC (Attestation of Compliance)?
Yes. We provide our AOC under NDA during the vendor evaluation process. Contact us to request it.
What happens to our card data if we stop using Inspire Commerce?
Your vault data is yours. We provide a secure export in standard format. You can migrate to another PCI compliant vault or take custody directly. Card data is not held hostage by our business relationship.
Is card data shared across platforms on the same infrastructure?
No. Vaults are logically isolated. Your card data is not accessible to or commingled with any other platform's data.
Does switching processors require migrating card data?
No. The vault is processor-agnostic. When you change your routing destination, you update a configuration — the stored card token remains the same. No migration, no re-tokenization, no customer impact.
Do you support 3D Secure (3DS)?
Yes. 3DS is available as an add-on. Processor support varies — contact us to confirm availability for your destination processors.
What is your uptime commitment?
We target 99.9% uptime across the transaction processing layer. SLA terms and incident response commitments are documented in the service agreement. Talk to us for specifics relevant to your deployment.
Request our AOC, talk to the team, or explore the developer resources. We don't ask you to take compliance on faith.