Anonymous | Global Fintech Payment Processor
200K TPS
Sustained Throughput
<1ms
API Response Time
3
Compliance Frameworks
0
Vault Infrastructure
Executive Summary
About this case study
Who: A fast-growing global fintech payment processor operating across multiple jurisdictions, processing card-present and card-not-present transactions at high volume with compliance obligations across PCI DSS, GDPR, CCPA, India DPDP Act, and Brazil LGPD.
What: Deployment of Rixon Technology’s patented vaultless, keyless tokenization platform to replace legacy vault-based tokenization infrastructure, eliminating vault storage, key management overhead, and vendor lock-in entirely.
Where: Multi-region global operations. All processing within designated regional cloud infrastructure. Data sovereignty requirements met per jurisdiction through geofenced detokenization policies.
Outcome: 200,000+ TPS sustained throughput, sub-millisecond API response times, PCI DSS scope materially reduced, vault infrastructure eliminated entirely, vendor dependency removed from critical path.
A fast-growing global fintech payment processor operating across multiple jurisdictions faced a critical inflection point: transaction volumes were scaling rapidly, but the vault-based tokenization infrastructure underpinning its PCI compliance was introducing performance bottlenecks, audit complexity, and vendor dependency that the business could not sustain.
The organization selected Rixon Technology’s patented vaultless tokenization platform to replace its legacy approach. The deployment eliminated centralized vault storage entirely, sustained throughput exceeding 200,000 transactions per second without performance degradation, and simplified compliance across PCI DSS, GDPR, and CCPA simultaneously.
The result: a leaner, faster, and more resilient payment infrastructure — with no vault, no keys, and no stored sensitive data.
Client Profile
Industry: Global Fintech Payment Processing
Region: Multi-region global operations
Scale: 200,000+ payments per second peak throughput
Transaction Types: Card-present and card-not-present processing
Compliance Obligations: PCI DSS, GDPR (EU), CCPA (US), regional data sovereignty
The Challenge
As the organization’s transaction volumes grew, its vault-based tokenization model created compounding operational and compliance problems that threatened both performance and scalability:
Primary Pain Points
- Centralized token vault creating a single point of breach concentration risk
- Database replication overhead degrading performance under peak transaction load
- Key lifecycle management adding operational complexity and audit surface
- Difficulty meeting data sovereignty requirements across multiple jurisdictions simultaneously
- Vendor lock-in and escalating infrastructure costs tied to vault scaling
- Growing PCI DSS audit scope as more systems touched stored cardholder data
The organization needed a fundamentally different architecture — one that eliminated sensitive data storage at the source, rather than attempting to protect it in a centralized repository.
The Solution
Rixon implemented its patented vaultless, keyless tokenization platform. The core architectural shift: instead of protecting stored sensitive data, the platform eliminates stored sensitive data entirely.
Architectural Principles
- Ephemeral processing — sensitive payment values handled transiently, never persisted
- No centralized token vault or mapping database
- Deterministic token generation — consistent, reproducible tokens without stored state
- API-first integration — minimal changes to existing payment flows
- Tokenized values remain within client infrastructure — Rixon retains no cardholder data
- Format-compatible tokens — existing applications and databases required no structural changes
This final point — format preservation — was particularly significant. The organization’s existing search indexes, data filters, and application logic continued to function against tokenized values without modification, eliminating the engineering rework typically associated with tokenization migrations.
Following deployment, the organization achieved measurable improvements across performance, compliance, and operational complexity.
Results
Area
Outcome
Transaction Throughput
Sustained 200,000+ TPS — load tested with zero failures or latency increase
API Performance
Sub-millisecond response times maintained under sustained peak load
PCI Scope
Materially reduced — no stored PANs within tokenization infrastructure
GDPR Alignment
Data minimization principles met across all EU-region processing
CCPA Compliance
Sensitive data exposure reduced across US-market operations
Vault Infrastructure
Eliminated entirely — no vault servers, no key rotation, no replication overhead
Vendor Dependency
Removed third-party vault vendor reliance from critical path
Scalability
Horizontal scaling with no database bottleneck — capacity grows with demand
Strategic Implications
For fintech platforms scaling transaction volumes globally, vault-based tokenization becomes a liability at a certain point — not just a cost center. Centralized breach risk, key management complexity, database replication overhead, and multi-jurisdiction compliance friction compound as scale increases.
Vaultless tokenization resolves this by shifting the architecture from protecting stored sensitive data to eliminating stored sensitive data. The security posture improves not because defenses are stronger, but because the target no longer exists.
The platform sustains 200,000+ transactions per second with sub-millisecond latency — with no vault, no keys, and no stored cardholder data.
Rixon Technology | Production Performance Summary
Format-compatible tokens allow existing systems to operate without modification. Right-to-be-Forgotten obligations are satisfied by design — there is nothing to delete. And the elimination of vault infrastructure removes both a cost center and an attack surface simultaneously.
Frequently Asked Questions
Vaultless tokenization replaces sensitive payment values — card numbers, account identifiers, personal data — with deterministic tokens, without creating a stored vault or mapping database. The sensitive value is never persisted in the tokenization service.
By eliminating persistent storage of primary account numbers within the tokenization infrastructure, fewer systems qualify as in-scope for PCI assessment. This reduces the audit surface, simplifies compliance documentation, and lowers the cost of annual assessments.
Both frameworks impose data minimization obligations and Right-to-be-Forgotten requirements. A vaultless architecture satisfies data minimization by design — there is no stored sensitive data to manage. Right-to-be-Forgotten requests are handled at the source system, not in the tokenization layer.
Format-compatible tokens maintain the same structure as the original value — for example, a 16-digit card number is replaced by a 16-digit token. This means existing database schemas, application logic, search filters, and reporting tools continue to function without modification, reducing implementation complexity.
Yes. Because there is no vault database to query, scaling is purely horizontal — additional compute handles additional volume with no latency increase. Rixon’s platform has been load-tested to 200,000+ transactions per second with zero failures and no observable performance degradation.
Want to discuss a deployment like this?
Additional technical documentation is available for qualified prospects under NDA. To learn more about how vaultless keyless tokenization works, visit rixontechnology.com. For implementation guidance, see the Fintech Practical Guide on our resources page.