PCI DSS compliance and cardholder security is a topic travel-technology startups rarely speak about, not least because it’s challenging and involves time and money without immediate and tangible returns. No matter whether you are bootstrapping or backed by external funds, you should be very conscious about PCI compliance because a breach will not only hit you financially but also on reputation-level. So it’s crucial to gain customers’ trust and loyalty.
As a startup, there are basically two approaches to achieve PCI compliance. You can either build your own PCI compliant environment from scratch or use a proxy tokenization solution as a service. More information about this make or buy approach can be found on our latest blog.
Taking that into account, let’s find out how startup Bookiply initially approached PCI DSS compliance, what was important for choosing a solution and what made them trust in PCI Proxy to keep their cardholder data safe. Therefore we had the pleasure to chat with Amélie, Product Manager at Bookiply.
Hi Amélie! Would you give us a quick introduction about Bookiply?
Amélie: Of course! Bookiply is a technology company, offering a channel manager tool for homeowners, property managers, and agencies in the vacation rental business. Bookiply’s product drastically simplifies online distribution and online bookings, reduces administrational tasks, and thereby saves precious hours of work per week. The service is currently available for clients with properties in European holiday destinations, with a focus on Spain, Italy and France. Bookiply has offices in Munich, Germany and Palma de Mallorca, Spain.
How did you initially get in contact with PCI DSS?
Amélie: Our business model involves working as a middleman between booking platforms and property managers or agencies which is how we got introduced to the topic of PCI DSS. As a channel manager we handle credit card data on behalf of property managers and agencies on a regular basis. Since we are connecting to more and more booking platforms, we have the need to receive and process credit card data in a secure environment. And obviously, we want to avoid facing penalties and fines for non-PCI compliance.
What approach did you use to become PCI compliant?
Amélie: We looked into the PCI compliance process and quickly realized that it would simply be overwhelming to deal with the sheer quantity of guidelines and requirements, as we are a young startup that needs to focus on its core-business. That’s why we researched services and companies that could help us achieve the goal of PCI compliance without going through the compliance hassle ourselves.
Why did you decide against building your own PCI compliant environment?
Amélie: Certainly costs are a factor here, as your own PCI compliant environment comes with a high price tag. In addition, our team is creating a product and service from scratch: i.e. we do have an almost unlimited backlog, but quite limited headcount. Therefore, it is extremely important for us to stay fast, agile, and focused on our core-business and main priorities. So we decided to outsource the PCI compliance and hand over this delicate topic to the experts of PCI Proxy.
What were your main criteria for choosing a solid tokenization solution?
Amélie: Our most important criteria for our selection was: API quality, support, experience, and price.
Could PCI Proxy fulfill your needs or why did you decide for PCI Proxy?
Amélie: Overall, PCI Proxy is the perfect solution for protecting cardholder data. It simplifies the complexity of being PCI compliant and makes it easy for us to meet PCI security requirements. We had initially compared some other companies and PCI Proxy seems the best solution for us. They were promptly responding to all our queries within minutes. Apart from that, the over-all integration was quite easy and documentation was very precise and to the point.
Thanks to Amélie for taking the time for this short Interview. If you would like to know more about PCI Proxy, just contact us. Cheers!