Payment provider migration
Migrating payment providers can be a complex undertaking, but Cardflo simplifies the process for enterprise and high-risk merchants. We ensure a smooth transition with minimal disruption to your operations, preserving transaction continuity and optimising your payment infrastructure.
Our approach focuses on efficiency and strategic alignment with your business goals.
- Category
- Migration
- Capabilities
- 10
- Available on
- All plans
The overview
Payment provider migration involves the transfer of transaction processing infrastructure from one acquirer or payment service provider (PSP) to another. This process is common for enterprises seeking lower interchange fees, improved authorisation rates, or better support for specific alternative payment methods (APMs).
The migration requires precise coordination between the merchant, the legacy gateway, and the new acquiring partner to ensure that cardholder data, recurring billing mandates, and historical transaction records remain intact and compliant with PCI DSS requirements.
At the centre of a migration is the movement of stored payment credentials, often involving the export of tokens from a legacy vault and their injection into a new environment.
Proper execution prevents service interruptions and avoids the need for customers to re-enter sensitive data, which is essential for maintaining merchant-initiated transaction (MIT) flows and preventing attrition in subscription-based business models.
How it works
Inventory and Audit Phase
The merchant identifies all stored credentials, active recurring billing cycles, and merchant identification numbers (MIDs) associated with the current provider.
This audit defines the scope of data needing transfer and highlights any proprietary token formats that require translation before they can be ingested by the new gateway or payment orchestration layer.
Secure Data Extraction
The legacy provider initiates a secure export of sensitive data, typically via a PGP-encrypted file transferred through a secure SFTP server. This file contains the Primary Account Numbers (PANs), expiry dates, and associated metadata.
Compliance with PCI DSS is mandatory during this phase to ensure that no plain-text data is exposed.
Token Translation and Mapping
The new provider or vaulting service receives the exported data and maps it to their internal tokenisation structure.
During this step, the system verifies that metadata, such as account updater history or 3DS preferences, is correctly associated with the new tokens to maintain high authorisation rates from the start.
Parallel Processing and Switchover
A phased transition often involves routing a portion of new traffic to the new provider while the legacy system handles trailing settlements or refunds.
Once the new integration is stabilised and authorisation performance is validated against benchmarks, the merchant completes the final switchover to the new primary acquirer or PSP.
Why it matters
Preserve Transaction Continuity
For businesses relying on recurring revenue, a failed migration can lead to mass declines if tokens are not transferred correctly.
By ensuring that credentials from the legacy vault are successfully mapped to the new environment, merchants avoid the churn associated with asking customers to update their payment details manually. This preserves the integrity of merchant-initiated transactions and sustains cash flow during the transition period.
Optimise Merchant Service Costs
Migrating to a provider with better interchange-plus pricing or lower scheme fees can significantly improve margins.
A structured migration allows a merchant to move from a blended pricing model to a more transparent structure, or to an acquirer with a domestic presence in a key market.
This reduces cross-border fees and minimises the impact of scheme-related cost increases over the long term.
Risk and Compliance Management
A formal migration process ensures that sensitive cardholder data is never handled in an insecure manner by the merchant's internal systems. By utilising secure transfer protocols and third-party vaulting, the merchant maintains their PCI DSS compliance posture.
This rigour reduces the likelihood of data breaches and avoids potential fines or loss of processing privileges from major card schemes.
Use cases
Subscription and SaaS Providers
Companies with recurring billing models use migration to move thousands of stored tokens without disrupting monthly cycles, ensuring an uninterrupted revenue stream when changing their underlying payment gateway.
Global E-commerce Expansion
Merchants entering new geographic territories migrate to local acquirers to reduce cross-border transaction fees and access region-specific alternative payment methods not supported by their legacy domestic provider.
High-Risk Merchant Adjustments
Businesses in sectors with higher dispute rates migrate to specialised acquirers that provide more robust chargeback management tools or more favourable rolling reserve requirements to stabilise their operational finances.
Redundancy and Orchestration Setup
Enterprises moving toward a multi-acquirer strategy migrate a portion of their volume to a second provider to implement smart routing and mitigate the risk of a single point of failure.
By the numbers
This range represents typical industry success in maintaining authorisation continuity when tokens are correctly mapped and migrated between PCI-compliant vaults.
Standard reduction in administrative overhead for merchants who move from manual file transfers to automated orchestration workflows during a provider transition.
Typical savings achieved by enterprise merchants when migrating from a legacy blended rate to a competitive interchange-plus or interchange-plus-plus model.
Related terms
Talk to our team about a live rollout on your acquiring stack.
What you get with Payment provider migration
- Assess existing payment infrastructure to identify technical dependencies and potential migration bottlenecks.
- Coordinate with legacy providers to schedule secure data exports of stored cardholder credentials.
- Map legacy token formats to new gateway requirements to ensure seamless recurring billing support.
- Verify PCI DSS compliance through every stage of the data transfer and ingestion process.
- Implement parallel processing to test the new provider's authorisation performance before full transition.
- Update merchant-initiated transaction (MIT) flags to align with new acquirer and scheme requirements.
- Configure smart routing logic to distribute volume between old and new providers during switchover.
- Validate account updater integrations to maintain the accuracy of migrated payment information.
- Monitor settlement reports to ensure funds are correctly reconciled across both service providers.
- Decommission legacy MIDs only after all trailing refunds and chargeback windows have closed.
A short scoping call, then a written plan for your MIDs.
Questions about Payment provider migration
How long does a typical payment provider migration take for an enterprise merchant?
The duration of a migration varies significantly based on the volume of stored tokens and the responsiveness of the legacy provider. A standard transition usually spans four to twelve weeks.
This period includes the initial audit, the coordination of secure data transfers between vaulting services, the technical integration of new APIs, and a period of parallel processing to validate authorisation rates.
Technical complexities, such as custom metadata mapping or multi-region requirements, may extend this timeline, whereas a straightforward gateway-to-gateway switch for a domestic merchant may be faster.
Will my customers need to re-enter their credit card details during the migration?
If the migration follows industry-standard secure data transfer protocols, customers should not need to re-enter their details. The process involves exporting tokens and underlying PAN data from the legacy provider's PCI-compliant vault and importing them into the new provider's environment.
Provided the new tokens are correctly mapped to the existing customer profiles in the merchant's database or commerce platform, the switch remains invisible to the end user. This is a critical requirement for maintaining high retention in subscription-based businesses.
What are the common risks associated with migrating payment providers?
The primary risks include data loss during transfer, which can lead to permanent loss of recurring revenue, and temporary declines if the new acquirer's fraud filters are not properly calibrated. Additionally, merchants may face downtime if the API integration is not thoroughly tested.
There is also the risk of 'token lock-in,' where a legacy provider may charge significant exit fees or provide data in a format that is difficult to ingest. Strategic planning and clear contractual agreements regarding data portability are essential to mitigate these issues.
How does migration impact recurring billing and merchant-initiated transactions?
Migration requires careful handling of the original transaction IDs and authorisation codes used for recurring billing. When moving to a new provider, the merchant must ensure that the new system recognises existing mandates to comply with scheme rules for MITs.
Failure to correctly link migrated tokens to previous cardholder-initiated transactions (CITs) can result in soft declines or increased scrutiny from issuing banks, as the transactions may appear as unauthorised or high-risk.
What is the role of a vault in the migration process?
A vault acts as the centralised repository for cardholder data. Using an independent, provider-agnostic vault simplifies future migrations because the merchant does not need to move the actual card data when changing acquirers.
However, if the data is currently stored in a provider's proprietary vault, the migration involves a 'vault-to-vault' transfer.
This necessitates a secure handover of encrypted files between the two PCI-compliant entities, with the merchant acting as the coordinator but never actually touching the raw card data.
Can I migrate my transaction history and dispute records to the new provider?
While card tokens can be migrated, moving full transaction and dispute history is more complex. Most payment providers do not support the direct ingestion of historical transaction logs from a competitor.
Merchants typically maintain access to the legacy provider's reporting dashboard for several months or export all historical data to a third-party analytics tool or data warehouse.
This ensures that refunds and chargebacks related to old transactions can still be managed during the wind-down period of the legacy account.
Ready for velocity?
Tell us about your business. We'll match you with the right acquiring partners and the right route, typically inside a week.
