Do I need to be PCI certified?

With RoxPay's PCI Proxy, your PCI scope drops to SAQ A, the simplest level possible. It's a short annual questionnaire, with no on-site audits or dedicated infrastructure required.

Can I switch gateways without losing tokens?

Yes. RoxPay tokens are universal and gateway-independent. You can route traffic to multiple processors simultaneously or migrate to a new provider without losing data.

How long does integration take?

Basic integration requires just a few lines of code. Replace HTML input fields with our Secure Fields and we handle the encryption and secure transmission. Many customers go live in less than a week.

What is network tokenization?

Network tokenization replaces the card PAN with a token issued by Visa/Mastercard networks. Expired or renewed cards are automatically updated, reducing failed payments and improving approval rates.

Does PCI Proxy support 3-D Secure?

Yes. RoxPay supports independent 3-D Secure authentication. You can authenticate with us and share the data with your gateway for payment authorization, protecting you from fraudulent transactions.

Can I migrate tokens from another provider?

Yes. RoxPay supports secure token migration from any PCI-compliant provider. The process is transparent and without service interruption: your customers won't notice any change.

PCI Proxy for Card Tokenization | Zero PCI-DSS Scope, Custom Checkout

-90%

Compliance costs

SAQ A

Guaranteed PCI level

< 1 sett.

Average integration

100%

Vault uptime

Challenges

The PCI compliance trap

Slow and expensive compliance

Achieving PCI DSS on your own can take up to 6 months and annual audits costing €25,000+. Every server that touches card data widens your scope and your costs.

SAQ A in less than 2 weeks

With RoxPay PCI Proxy your PCI scope drops to the minimum (SAQ A). No on-site audits, no dedicated infrastructure. Certified compliance in days, not months.

Rigid checkout, lost conversions

iFrame payment forms are slow, don't match your brand and lower conversion rates. Customers abandon carts when the payment experience feels clunky.

Secure Fields: 100% native checkout

No iFrames. Input fields are native DOM elements of your site, fully customizable. Consistent brand design, instant load, and higher conversion rates.

Vendor lock-in and trapped data

Proprietary tokens tie you to a single gateway. Migrating card data to another provider means months of work, hidden costs and risk of disruption.

Universal Token: zero lock-in

RoxPay tokens are universal and gateway-agnostic. Route traffic to multiple processors simultaneously or migrate to a new provider without losing a single data point.

How it works

How PCI Proxy Works

No changes to your architecture. Just integrate a few lines of code to remove sensitive data from your systems.

Collect card data securely

Integrate our Secure Fields or API into your checkout. Card data travels directly to our certified servers, never passing through your systems.

Tokenization in the secure vault

Data is encrypted and stored in our PCI-DSS Level 1 vault. You receive a universal token you can use with any gateway or integration.

Use the token anywhere

Charges, refunds, pre-authorizations, recurring payments: perform any operation using the token, without ever touching sensitive card data.

Reduce compliance costs by 90% and achieve SAQ A compliance in less than 2 weeks.

Features

PCI Proxy Features

Universal Token Vault

PCI-DSS Level 1 certified vault with universal tokens. Store, manage and distribute card data securely to any integration.

Multi-gateway routing

Route tokenized data to any API endpoint: gateways, GDS, hotels, platforms, with zero vendor lock-in.

Mobile & Web SDK

Native libraries for iOS, Android, React Native and JavaScript. Collect card data securely from any device.

100% native checkout

No iFrames. Input fields are native DOM elements of your site, fully customizable in design and behavior.

Network Tokenization

Visa and Mastercard network tokens automatically update expired cards, increase approval rates and reduce online fraud.

Seamless migration

We import your tokens from any PCI-compliant provider. No downtime, no impact on service.

Use cases

Who uses PCI Proxy

E-commerce

Custom checkout with secure tokenization. No iFrames, maximum conversion and SAQ A compliance.

Travel & Hospitality

Forward encrypted card data to GDS, hotels and airlines via our proxy API without handling sensitive data.

SaaS & Platforms

Tokenize once, use with multiple gateways. Ideal for marketplaces and multi-vendor platforms.

Recurring payments

Store cards securely and automatically charge subscriptions and installments without requesting data each time.

For developers

Integrate tokenization in minutes

Our RESTful API is designed to be simple and intuitive. Tokenize payment cards with a single API call and start accepting payments securely.

Explore API documentation

tokenize.sh

// POST /api/v4/wallet/card/tokenize
{
  "card_node": {},
  "endpoint": "https://api.gateway.com/charge",
  "method": "POST"
}

// 200 OK
{
  "CardAuthToken": "CT-20260222-CDC3A60D35A145D",
  "Message": "Card tokenized successfully.",
  "Result": true
}

Security & Compliance

Security and compliance guaranteed

PCI Proxy handles sensitive data on your behalf, reducing your PCI scope and ensuring European compliance.

PCI DSS Level 1

Annual audit passed for over 5 years

SAQ A Guaranteed

The simplest PCI level for merchants

PSD2 Compliant

Fully compliant with the European PSD2 directive

GDPR Ready

End-to-end encryption, EU data centers

Discover our security infrastructure

Case studies

Our clients, their results

Lodgeasy

PMS for hospitality, integrated with Booking.com, Expedia and Agoda

The Problem

Hospitality properties received card data from OTAs (Booking.com, Expedia, Agoda) and managed it internally, exposing themselves to PCI DSS risks and potential data breaches.

The Solution

RoxPay PCI Proxy intercepts card data directly from OTA portals, tokenizes it in the certified vault and makes it available to Lodgeasy as secure tokens, without sensitive data ever passing through the PMS servers.

The Result

Properties using Lodgeasy have completely eliminated PCI scope on OTA card data. Zero direct handling of sensitive data, guaranteed compliance and uninterrupted operations.

3 OTAs

Integrated portals

Booking, Expedia, Agoda

Card data on PMS servers

zero PCI scope

SAQ A

PCI level achieved

from SAQ D to SAQ A

100%

Vault uptime

continuous tokenization

ACI Informatica

Digital services for Public Administration: vehicle inspections, car tax and PA payments

The Problem

ACI Informatica needed to provide digital payment services compliant with AGID and Public Administration standards to its clients, ensuring maximum security on payment card data for vehicle inspections, car tax and other services.

The Solution

With RoxPay's PCI Proxy, ACI Informatica uses the tokenization service to handle payments without ever accessing sensitive card data. Data is tokenized and routed securely, ensuring full compliance with AGID standards.

The Result

ACI Informatica provides its PA clients with a secure and compliant payment service, without directly handling any sensitive data. Tokenization ensures compliance and total protection.

100%

AGID Compliant

PA standards met

Sensitive data handled

full tokenization

SAQ A

PCI Level

zero scope on servers

24/7

Service active

continuous PA payments

Free your checkout

Start building unique payment experiences today.

Talk to a security expert →

Frequently Asked Questions

Find answers to frequently asked questions

Go to FAQ