Migrate off Custom acquirer

Move off a bespoke acquirer endpoint without losing credentials

Direct bank or internal payment switches should not own your card file. Veliro tok_* persist when you replace a custom HTTPS forward target with Stripe, Adyen, or a new bank gateway.

Large merchants and regulated verticals often built custom acquirer integrations: internal switches, bank-hosted gateways, or legacy ISO bridges. Those endpoints frequently became the accidental system of record for stored cards because no neutral vault existed.

Veliro’s connection type custom registers your HTTPS endpoint for forward today and lets you replace it tomorrow. tok_* and scheme relationships stay on Veliro; the custom URL is just connection_id. Migrating off the bespoke stack means implementing the successor PSP connection and shifting forward, not exporting PAN files.

Custom routes often use mutual TLS and idiosyncratic JSON. Document timeout budgets before cutover; Veliro forward is synchronous. Staging endpoints should accept the same cryptogram fields your production issuer expects.

Shadow traffic is especially valuable here: run dual forward to custom and a modern PSP on sampled rebills, compare responses, then drain custom connection when parity is proven.

Migration phases

  1. Document the custom contract

    Capture URL, auth (mTLS, bearer), timeout SLAs, and which fields your endpoint requires for tokenized vs PAN fallback traffic.

  2. Neutralize custody

    Provision new and migrating cards into tok_* via Veliro; stop writing PAN or proprietary tokens into your internal switch database.

  3. Stand up successor connection

    Register Stripe, Worldpay, or another custom endpoint as a new connection. Test cryptogram and ECI passthrough in sandbox.

  4. Dual forward and compare

    Sample rebills to both connection_id values; log approval codes and latency. Custom connection remains default until metrics clear.

  5. Retire custom endpoint

    Disable custom connection when forward volume is zero. Keep runbooks for bank-side certificate rotation only if that endpoint remains for non-card products.

Common pitfalls

  • Custom endpoint timeouts blocking checkout, set aggressive client timeouts and retry with fresh cryptograms.
  • Treating internal switch PAN database as source of truth after tok_* migration starts.
  • Skipping mTLS renewal calendar on the legacy endpoint during dual-run.

Plan your Custom acquirer cutover.

Same tok_* on the next acquirer, no card re-collection campaign. Talk to us about cohort sizing and sandbox forward tests.

Contact salesView Docs (opens in new tab)