Guardian
PCI Vault & Tokenization
Security built into every transaction.
Guardian protects sensitive payment data at every stage:
From card entry and credential storage to vaulting, tokenization, identity verification, and compliance. It keeps your transactions secure, your credentials invisible, and your business free from PCI complexity.
Storing card data is risky and costly. PCI compliance shouldn’t hold back innovation.
Most teams still manage sensitive payment data across multiple systems - juggling vaulting, PCI audits, token management, and verification on their own. The result is higher risk, higher cost, and constant friction between compliance and innovation.
The result?
Delayed launches, mounting audit pressure, and exposure to regulatory and reputational risk.
PCI compliance overhead
Data fragmentation and exposure
Manual audit and token processes
Security handled.
Compliance solved.
1
Vault
Store cardholder data safely inside a PCI-certified vault. Sensitive information never touches your systems, eliminating compliance risk.
2
Tokenize
Replace raw card data with reusable tokens for secure, flexible transactions across acquirers and PSPs.
3
Verify
Validate cards, identities, and devices in real time - ensuring every transaction starts from a trusted source.
PCI-Compliant Vaulting
Store and secure sensitive cardholder data inside Guardian’s fully compliant vault - removing PCI scope from your environment entirely.
Tokenization & Network Tokens
Replace raw card data with reusable tokens or network-issued credentials that reduce risk and improve approval performance.
Account Updater
Keep card-on-file credentials valid automatically - reducing declines and failed renewals across recurring payments.
Identity & Verification (ID&V)
Authenticate users and payment sources in real time using device fingerprinting and risk-based verification.
Metadata Enrichment
Add context to every transaction with detailed metadata - enabling smarter fraud detection and analytics across the CPA suite.
Seamless CPA Integration
Guardian powers security and compliance across all CPA modules - from Hub’s orchestration to Specter’s fraud intelligence and Link’s connectivity.
Hellgate Guardian is perfect…
For teams handling sensitive payment data
Offload the risk of storing cardholder information. Guardian vaults and tokenizes everything so you stay secure and out of PCI scope.
For SaaS platforms
Keep customer credentials fresh and transactions flowing. Guardian’s account updater and network token support reduce declines and failed renewals.
For enterprises with complex security needs
Consolidate your compliance stack with one trusted layer. Guardian manages vaulting, encryption, and ID&V across all regions and providers.
For fintechs building at speed
Launch faster with enterprise-grade security built in. Guardian removes the need for costly audits or external compliance teams.
Use-cases
Keep recurring revenue secure and uninterrupted.
Guardian automatically updates expired or replaced cards and maintains tokenized credentials, so billing continues seamlessly without compliance risk.
Scale globally without security trade-offs.
Guardian handles PCI vaulting and ID&V across multiple providers and regions — ensuring consistency, trust, and compliance wherever you expand.
Replace outdated compliance infrastructure.
Guardian eliminates siloed vaults and manual audits, providing a single, modern PCI-aligned foundation that scales with your business.
Hellgate's Composable Payment Architecture (CPA) enables businesses to choose the modules they need or combine them with their existing engine, PSPs, or providers.
Built for trust. Backed by compliance.
Guardian integrates directly with every part of the Hellgate CPA framework - from Hub’s orchestration logic to Commerce’s payment engine and Specter’s fraud intelligence. It delivers compliance and protection automatically, so developers never have to manage it manually.
Works natively with all CPA modules
One vault for every provider
Unified token and credential management
No extra setup or audits
PCI/DSS-Aligned Vaulting
Network Token Management
Real-Time Identity Verification
The foundation of payment compliance.
Guardian keeps every transaction, token, and identity compliant by design. It’s built on a PCI-DSS-aligned framework that secures sensitive data, manages network tokens, and validates users in real time - all without slowing down your flow.
Every module in the Hellgate CPA ecosystem inherits Guardian’s protection automatically, giving your team the freedom to build, scale, and innovate without ever touching raw card data.
Add-on Services
Enabling efficient orchestration, expanding merchant access, and powering embedded finance models.
Network Tokens
Manages lifecycle of network tokens (Visa, Mastercard, etc.)
Enables secure token provisioning and refreshing
Enables processing over different PSPs and Acquirers
Optional fallback for PAN vaulting
Build modern, user-friendly authentication flows aligned with PSD2 and beyond with delegated authentication
Account Updater
Keeps stored CHD actual and refreshes if needed
Reduces transaction failures through expired, replaced, reissued CHD
Is integrated with VISA (Account Updater) and Mastercard (Automatic Billing Updater)
Improves authorization rates
Improves customer retention, esp. for loyalty programs and recurring billings
Fully compliant with EMV 3DS 2.x protocol
Supports both frictionless and challenge flows
Designed for seamless use across multiple PSPs and Acquirers
Compatible with PSD2/SCA and global authentication mandates
Card Metadata Service
Provides Card Metadata, like Issuer, BIN, and country
Delivers card types, scheme affiliation and feature flags
Provides the fuel to improve routing scenarios and customer analytics
Scale on your terms
Our usage-based pricing is built for growth
— with no hidden fees, no surprises, and no friction.
Playground
0.28 EUR
per hour
5000 tokens
Development Tier
SAQ/A, A-EP, D
Single node
EU region only
Network Token support
DAuth Support
DEV
Hello World
0.56 EUR
per hour
Unlimited Tokens
Production Tier
SAQ/A
Single node
EU region only
S
Go Live
1,000 EUR
per month
Everything in "Hello World" Plan
Cluster M
EU and US region
Network Token support ¹
M
Think Global
5,800 EUR
per month
Everything in "Go Live" Plan
SAQ/A, D
Cluster L
All regions
Network Token support ²
L
Think Big
12,500 EUR
per month
Everything in "Think Global" plan
SAQ/A, D, RoC
Cluster XL
High Availability
Network Token support 3
XL
God Mode
Contact us
Everything in "Think Big" Plan
Cluster XXL
DAuth Support
Extension Support
Network Token support 4
XXL
