When a user and an entity are carrying out a transaction, such as with electronic commerce, the entity often processes and/or stores sensitive information. For example, a merchant may collect, process, and store a credit card number when a user accesses a commerce application, such as a web site, to purchase a good or service sold by the merchant. Collecting, processing or storing such data may subject the entity to costly security audits and regulations. Moreover, an entity may utilize multiple unique deployments of commerce applications for electronic commerce, thereby introducing multiple systems that collect, process, or store sensitive information, such as credit card or debit card numbers for payment processing. Having multiple systems that collect, process or store sensitive information may subject the entity to additional regulatory burdens which may be repetitive across the multiple systems.