Company Overview  

Finsupport is a payment solutions provider helping corporate clients embed payment capabilities into their businesses. Rather than acting as a Payment Service Provider (PSP), Finsupport partners with PSPs and acquiring banks to build complete and custom payment technology stacks for its clients. Finsupport’s customers span diverse industries across Europe, including financial services, e-commerce and crypto.  

Challenge  

Launching a payment platform starts with PCI DSS compliance. For Finsupport, building their own PCI DSS-compliant infrastructure would require significant investment in time, resources, and ongoing maintenance. The process could take months or even years, requiring specialised staff, infrastructure and ongoing audits.  

Finsupport needed to move fast without compromising security. The team wanted a solution that simplified compliance obligations while giving them full control over their payment stack and integration roadmap. They also needed robust 3D Secure capabilities for strong customer authentication across each unique client. The answer was clear: partner with an external tokenization partner to offload PCI DSS requirements while retaining control.

Solution

After a successful proof of concept, Finsupport integrated PCI Proxy’s token vault, including its secure card components and forward proxy. This ensured raw cardholder data never touched Finsupport’s systems, keeping it out of their Cardholder Data Environment (CDE) and keeping their PCI scope to the absolute minimum.  

For Finsupport, flexibility was just as critical. PCI Proxy’s agnostic tokens solved this challenge by allowing Finsupport to share tokens seamlessly across any new PSP or acquirer integrations. PCI Proxy acts as an invisible protective layer for Finsupport’s payment stack, enabling the team to hit integration timelines while keeping customer data secure and compliance effortless.

Results  

By implementing PCI Proxy’s token vault, Finsupport made a strategic decision to reshape how they managed compliance. Their CDE now only interacts with tokens instead of sensitive card data. Interfaces and APIs tokenise cardholder data before it enters the environment and de-tokenise it when it leaves, ensuring compliance and security.  

With no cardholder data present, Finsupport qualified for a partial assessment scope, reducing PCI obligations by more than 90%. Audits that usually took months now take just weeks. This transformed disruptive audits into light-touch validations, which took up less time and effort from Finsupport’s teams, and strengthened security posture.  

Control was key. With a fast-growing number of PSP and acquirer integrations, Finsupport achieved true flexibility and reduced vendor lock-ins at the same time.

"Whatever ideas we might have, they’re always well received by the team and we always get a solution back in 99.9% of the cases," notes Gabriela, Head of Product and Technology for Finsupport. "It's reassuring that no matter what we are trying to achieve, there's always a conversation about really understanding the need for our customers and delivering it accordingly."  

Beyond simplifying PCI compliance, Finsupport also leverages PCI Proxy’s 3D Secure and Network Token components, both part of PCI Proxy’s composable payment offering. This approach adds the same interoperability benefits to downstream integrations as the token vault, while delivering additional benefits such as enhanced fraud prevention and improved approval rates.

"PCI Proxy helps us adhere to industry standards with no worries and no friction."  - Gabriela Oprescu, Head of Product and Technology, Finsupport.

‍