Data Management and Segmentation
Connected Payments uses a layered model of cryptographic isolation, logical segmentation, and hierarchical access to protect merchant data. This model is aligned with industry security standards and Connected Payments internal security standards.
Token Silos
Tokenised card data is stored in token silos — cryptographically distinct storage domains. Each silo is encrypted with a unique key issued to the merchant or hierarchy division it belongs to. Data outside its silo is unintelligible without the correct key.
All token records are also indexed by customerId (the merchant's unique platform identifier), preventing any overlap or cross-querying between merchants.
customerId represents the merchant entity within the platform — it is unrelated to the merchant's end customers.
Transaction Records and Hierarchy Levels
Transaction records are indexed by customerId and access is governed by hierarchy levels:
- A parent account can view transactions of its subordinate divisions
- A division can only see its own records and those below it
- Divisions at the same level are fully segregated from each other
- No entity can view records upward in the hierarchy
All transactional records are encrypted at rest in accordance with industry security requirements.
The Role of the Processor
A processor manages multiple customerIds and provides infrastructure to merchants, but has no privileged access to merchant data.
Because the processor does not hold merchant-specific customerIds, hierarchy credentials, or silo keys, it cannot:
- Decrypt token data
- Initiate, modify, or complete transactions
- Act on behalf of any merchant
The processor can confirm that records or tokens exist under a given customerId, but this is structural visibility only. This restriction is enforced at the architecture level, not by policy alone.
Summary
| Concept | Purpose |
|---|---|
| Token Silos | Cryptographic isolation of card data per merchant |
customerId Indexing | Logical separation of all records between merchants |
| Hierarchy Levels | Controlled, downward-only access to transactional data |
| Processor Role | Infrastructure management with no data access capability |
All measures are underpinned by industry-aligned cryptographic standards, ensuring merchant data remains protected and segregated across all platform environments.