Tokenisation Vault
Also known as: Tokenization vault · Token vault · PCI scope reduction
A tokenisation vault replaces sensitive data (card PANs, SSNs, identity numbers) with opaque tokens at the system boundary, isolating the real values inside a dedicated service in a separate VPC. The architectural benefit is not abstract security — it is PCI DSS scope reduction. Only the vault and its callers remain in audit scope, cutting the surface that has to pass a Type 1 review from 'whole platform' to 'two services'.
In production at TantraDev.
Concepts that travel with this one.
Architecture rarely lives in isolation — these are the terms that come up in the same conversation.
PCI DSS
The Payment Card Industry Data Security Standard (PCI DSS) is the security standard every entity that stores, processes, or transmits cardholder data has to meet. The current spec is PCI DSS v4.0. The architectural lever is scope reduction: any service that does not touch a PAN can be carved out of audit, and a tokenisation vault is the standard mechanism for shrinking scope from 'whole platform' to a contained set of services.
FinTech
FinTech is the engineering discipline of building money-movement, lending, and financial-services software under regulatory constraint. The defining architectural pressure is that compliance — PCI DSS, RBI tech guidelines, AML monitoring, audit-trail immutability — is not a layer added late; it dictates how data flows, where services are split, and which boundary trust crosses. Latency budgets are tight (sub-200ms card-network responses), and reconciliation is a first-class system, not a script.
Building a system where Tokenisation Vault is the load-bearing decision?
30 minutes on the phone, one page in your inbox — what to build, what to skip, what it will cost. You keep the audit even if we are not the right fit.