The Butter Card Vault solution is designed to streamline and secure the card data handling process for merchants during checkout flows. The key component of our system is the integration of secure elements into your checkout pages. These elements, which are essentially an embedded iframe, ensures that sensitive card information is never processed or stored on your systems, maintaining PCI DSS compliance and reducing your liability.

Our elements can be easily integrated into your checkout flow, are compatible with popular frontend frameworks like React, and are fully customizable from a UI perspective. We also offer native JavaScript implementations that can be tailored to work with any other frontend frameworks.

In addition to elements, we also offer direct API access for merchants requiring integrations with mobile applications or backend requirements. Interacting directly with our vaulting API will require providing PCI DSS AOC documentation. Please reach out if this is a requirement for your integration. 

 Each card is encrypted within a dedicated merchant container vault, ensuring that sensitive information is securely compartmentalized. Additionally, we utilize UUIDs to reference encrypted cards, minimizing any potential risk exposure.

 Our encryption methods adhere to the highest standards set by the Payment Card Industry Data Security Standard (PCI-DSS). This includes utilizing envelope encryption with AES256-GCM, ensuring robust protection of card data.

 Our system is designed to restrict direct access to underlying credit card information. Butter employees do not have the capability to view or access raw card data, aligning with strict PCI-DSS compliance requirements.

 Transmitting raw card data outside of our vault requires stringent endpoint whitelisting, with validation of PCI certification. Currently, this access is restricted to select major payment service providers like Stripe, Braintree, Worldpay, etc.

 Our solution undergoes rigorous examination by independent certification organizations to validate its security and compliance with PCI-DSS standards. This ensures that our system remains robust and resilient against potential threats.

Method 1: Vaulting via Embedded Form Element

Directly interacting with the Butter Card Vault API requires certification of PCI compliance.

Interested in working with Butter to bring more revenue back to your business? Reach out to us here: 

Securely handle card data with Butter's Card Vault. Integrate secure card elements, ensure PCI DSS compliance, and reduce liability while customizing for popular frameworks like React or using direct API access for advanced use cases.