When vaulting cards with Butter, we have ensured that your data is carefully encrypted with NIST and FIPS-compliant algorithms. Additionally, we ensure one-time-use encryption keys are used, which are then encrypted again and securely stored. This process guarantees that merchant data is uniquely encrypted each time a new card is vaulted. Merchant encryption keys are never mixed or reused. Encryption keys and encrypted data are scoped to individual private merchant containers to provide maximum security and separation of data.

Card elements exist in a secure iframe embedded within your checkout page that acts as a secure container, isolating payment information from the rest of the webpage. This isolation helps in preventing malicious scripts or third-party plugins on the merchant’s website from accessing sensitive card details. The card data captured within the iframe is encrypted and securely transmitted to a proxy endpoint which vaults the data and continues the request to the respective payment service provider. Since the data never touches the merchant's servers, the risk of compromising card information due to potential security vulnerabilities in the merchant's system is greatly reduced. Additionally, merchants are not exposed to PCI DSS requirements.

Butter has partnered with industry-leading fintech security company 

 to make the vaulting and elements as secure as possible. PCI-DSS AOC documentation can be provided upon request.

Learn how Butter Payments ensures security and compliance in card vaulting and card elements, utilizing NIST and FIPS-compliant encryption algorithms and secure iframes to protect sensitive payment information.

Stripe API Key Setup

Security & Compliance

docs

docs.butterpayments

Stripe Billing

Braintree

Recharge

Platform Integration

Integration Guide

API Reference

Enterprise API Integration

Recover

Integration

Disputes API

Disputes Webhooks

Dispute

Butter Form Element (Stripe) (cloned)

Enhanced Data

API Key Provisioning

Vault