Quick and Easy PCI Compliance: Setoo relies on PCI Proxy
Jonathan Arad, Director of Product Management of the insurance start-up, talks about how they got PCI compliant using PCI Proxy and secured its competitive advantage.
The 2018 founded start up Setoo offers insurance-as-a-service for online businesses. The young company does not make any compromises when it comes to security. Therefore, it decided for PCI Proxy to protect the sensitive card data of their clients’ clients. In our interview Jonathan Arad gives insights about their startup experiences, risk mitigation at the earliest and their plans for the next steps.
Hi Jonathan! Would you give us a brief introduction about Setoo?
Jonathan Arad: Setoo is an award-winning insurance-as-a-service platform that offers personalized parametric insurance products to online businesses wishing to protect and cater to their customers’ concerns.
Through the Setoo platform, businesses can quickly and easily build and integrate parametric insurance products that are embedded into the customer journey and with compensation dispensed automatically.
As a start-up in a rapidly growing industry: How important is it for you to move fast and innovative – particularly given the fact of being confronted with a great deal of regulatory guidelines?
Jonathan Arad: Being fast and agile for any startup is a MUST. It is a key factor to success.
For a startup in a heavy regulated domain such as insurance, Time To Market is a concern due to regulatory obstacles. This is why being innovative with finding the best solution to reduce to the bare minimum is required to meet the market at the earliest possible time and gain a competitive edge.
Becoming PCI compliant is a process that can be extremely complex, taking companies months, or even years to achieve. What was the main reason why you decided to use PCI Proxy to securely store payment data outside of your environment?
Jonathan Arad: When it comes to actuary, risk calculation, machine learning driven insurance products and pricing – we are the best there is! And we will always be the sole developers of our core IP.
Having said that, a startup company who wants to be competitive, and act fast, does not develop each and every component of its solution, especially if it is not part of its core IP. In most times, it will be faster, more cost effective and more professional to use off-shelf solutions for highly complicated components where other suppliers have domain expertise and mature solutions.
In this case, becoming PCI compliant by using PCI Proxy to securely store payment data was an easy choice. PCI Proxy allows us to offer an end-to-end air-tight solution to our clients at the earliest without compromising on security, scale, and quality.
How did you come across PCI Proxy?
Jonathan Arad: As we were facing the need to provide an end-to-end ‘main funnel’ payment solution to our customers, we hired a payment consultant agency who helped us build the payment architecture to meet our needs. This firm warmly recommended PCI Proxy from previous engagements and experience.
How was the overall integration process with PCI Proxy?
Jonathan Arad: The integration process was fast, friendly, and tailored to our needs. Throughout the integration process PCI Proxy’s response time was fast and professional making the integration process as easy as possible.
Insurance businesses, by their very nature, are there to protect customers from a wide range of risks. How important was it for Setoo to minimize its own risk and take a step towards greater security by externalizing sensitive payment data?
Jonathan Arad: Working with top clients as we do, requires us to take no risk when it comes to one of the most sensitive issues – payment method of our end users, our clients’ clients.
Our clients expect us nothing less than taking all measures in order to secure their clients’ payment method as well as to comply with all relevant legal and regulation requirements. A security breach will fracture the trust between our end users and our clients, and between our clients and us. And we take no risks when it comes to our end users / clients trust and safety.
Working with PCI Proxy is an important piece of the Setoo generic platform. It allows us an end-to-end solution for a variety of flows and specifically main funnel payment and automatic payout flows.
In 2019 you won the newly created Insurance Times Claims Startup of the Year Award. A great award, congratulations! What did it mean to you and what can we except from Setoo in the near future?
Jonathan Arad: Getting recognition as the ‘Startup of the Year’ is a great achievement and reward for the hard work we have been doing in the past 3 years – building an amazing insurance-as-a-service platform. But it's only the start, and it's putting us in the spotlight of strategic industry players not only in Europe but world-wide.
Being in the spotlight requires us to be disruptive and innovative and act fast in order to seize the many incoming opportunities.
Without exposing discreet inside information, I can share that in the near future Setoo will launch its service with a strategic travel player catering to tens of millions of travelers a year, and expand both in verticals and in territories.
Thank you, Jonathan, for taking the time for this interview.
Jonathan Arad
Director of Product Management, Setoo
«PCI Proxy allows us to offer an end-to-end air-tight solution to our clients at the earliest without compromising on security, scale, and quality.»