Why Data Portability Matters

January 7, 2015 · 3 min read

Who controls your data? That’s a big question in the news right now as Apple is currently in talks with the FTC about who owns the health data it collects through software on its new watch. A few years ago, Facebook faced similar scrutiny about user photos and other private data that are posted on the platform. At that time, the EU competition commissioner, Joaquin Almunia, summed up the debate by stating: “I believe that a healthy competitive environment in these markets requires that consumers can easily and cheaply transfer the data they uploaded in a service onto another service. In those markets that build non users uploading their personal data or their personal content, retention of these data should not serve as barriers to switching.”

Credit Card Data

Obviously, credit card data is even more sensitive, and the same questions circle around payment processing. Many merchants rely on payment processors for better efficiency but are surprised to learn they don’t have the ability to port all of that valuable information to a new provider when they are ready for a change. PayPal, for example, is one of the biggest names in processing that doesn’t allow merchants to port its data. Often, payment processors that are the easiest to set up are often the ones that make it impossible to download that data, which can be frustrating to say the least.

A few years ago, the Credit Card Data Portability Standard was set up as an opt-in community for companies that process electronic payments. Members agree to provide merchants with all of their credit card information and the associated transaction data when they ask for it and in a way that is compliant with PCI regulations.


The Credit Card Data Portability Standard was modeled after the 1996 Telecommunications Act, which allowed people to keep their phone numbers and port them to other phone companies. It has three objectives:

  1. Stop forcing merchants to rely on a single provider to store credit n card and transaction records.
  2. Allow data transfers to be completed securely with a standards-based n process that makes it PCI compliant.
  3. Foster the principles of fair competition in a free market.

Vaults and Security

One final consideration: Make sure that subscription relationship management software vaults cardholder data in-house and that they support the portability standard. If they don’t vault it, it means that they only retain tokens that refer to cardholder data stored elsewhere. That means that portability isn’t even an option with them. As a proud member of the data portability community, Rebilly is committed to making sure clients have full access to their data when they need it. This is absolutely critical for startups that depend on payment processors but don’t want their private client payment data held hostage. The safe, secure, free-flow of data makes it a better online experience for everyone.

When it comes to choosing a subscription management tool, data portability and security shouldn’t be the only thing you look at. Make smart subscription billing decisions without the stress by downloading our free report that covers security must-haves and has a bonus three-page feature checklist. Get it below:

Six Must-Haves

Enter your email below to receive the Six Must-Haves download and subscribe to Rebilly updates: