Keeping our card data safe while offering the best experience for our users is a non-negotiable and Modernbanc has delivered beyond our expectations.
Alternative Payments is a B2B payments and checkout infrastructure company, providing an all-in-one payment platform designed for service-based businesses.
For decades, service-based businesses have faced challenges with outdated payment infrastructure creating issues with collection times and invoice collectibility. Innovation in payments has been focused on other verticals, so service-based businesses still face challenges getting paid while offering a smooth checkout experience to customers.
Alternative Payments is changing this dynamic by offering a white-labeled checkout and payments experience to their customers, resulting in quicker collection times and reduced manual work.
Alternative Payments needed to ensure seamless customer onboarding and payment migration from other payment processors in PCI-compliant manner.
However, the Alternative Payments’ team quickly realized that there was a problem. In order to have a great onboarding experience, they’d have to migrate payment method data from the existing payment processor and securely upload to their payments solution.
In order to see or touch cardholder data Alternative Payments would have to obtain PCI DSS certification.
PCI DSS is a mandatory certification introduced by card networks to keep cardholder data safe. Merchants, issuers and service providers that want to accept, process, store, or transmit card data are required to maintain a secure environment and go through the strictest security protocols and resource-intensive audits in order to receive a certification.
To achieve PCI Level 1 certification (strictest security level, unlimited transaction volume) companies can spend anywhere from $250k to $1m+ to build the required encryption infrastructure not including pen-tests, audits. This process can easily take more than a year and incur an annual $200,000 maintenance cost.
With an ambitious roadmap and on tight timelines, the Alternative Payments team came to us looking for a solution to compliantly process cardholder data for their clients.
By leveraging Modernbanc’s Tier 1 certification and encryption infrastructure, Alternative Payments was able to seamlessly onboard their customers and have full control over customer card data.
Alternative Payments set-up Modernbanc to receive card data directly from payments processors while specifying Modernbanc as its subprocessor and effectively delegating PCI compliance burden to us.
Once collected, the data is encrypted and stored in Modernbanc Vault for future use. The cardholder data is then transformed and filtered (e.g to remove inactive and duplicate cards) and sent to the destination payment processor with Modernbanc Workflows module without any exposure to Alternative Payments’ servers, app or team.
Files with masked and redacted card data are then generated and used for reconciliation. Throughout the whole process Alternative Payments has full control over the card data in a PCI-compliance manner and maintains the highest-standard security posture on customer card data.
By choosing Modernbanc, Alternative Payments was able to:
- Accelerate growth by onboarding customers from other processors.
- Save 1+ year obtaining PCI DSS certification.
- Save $250k+ building encryption infrastructure to secure cardholder data and $200k on annual engineering research and maintenance.