Acquired.com is a Payment Services Partner based in London. Its role as a technology partner is to help businesses unlock the hidden value in payment processing, and to help vendors define their payments strategies.
Meeting the Challenge: For a merchant to accept payments in the digital space, they must work with an acquirer or group of acquirers, then with a payment processor or payment gateway. This creates a string of data that must be reconciled for refunds or chargebacks. Acquired.com is connecting to this chain of data in innovative ways, and that innovation requires the utmost confidence in security and compliance
Quick Glance
Industry Cloud Provider Website Customer Problem- Acquired.com needed a channel partner who could provide its company and customers with a comprehensive security and compliance solution.
- Armor actively reduced the security and compliance burden for Acquired by providing the highest level of managed security for its customers’ data. Armor’s uncompromised security approach enables Acquired.com to meet PCI cloud compliance requirements more easily. Armor security lends credibility to Acquired’s brand, underpinning their stability as a company and showing how seriously they take security and compliance in the cloud.
In terms of compliance, we are PCI Level 1 Gateway and every year we have to go through the compliance process. The biggest benefit of choosing Armor is that Armor takes on many of those control points, so we don't have to worry about them.
OVERVIEW
Fintech companies such as Acquired.com in the U.K. are creating new value by embracing rapid changes in the payment processing industry. In order to focus on the technology of payments, they rely on Armor to keep them and their customers safe and compliant.
ABOUT ACQUIRED.COM
Acquired.com is a Payment Services Partner based in London. Its role as a technology partner is to help businesses unlock the hidden value in payment processing, and to help vendors define their payments strategies.
In order for companies to accept payments in an increasingly digital world, businesses must work with a set of legacy acquirers, intermediaries who stand between consumers and banking institutions. These intermediaries charge fees, create delays, and add complexity that can be difficult to reconcile. Acquired.com offers technology, knowledge, and industry relationships that reduce friction, lower costs, and realize added value in its clients’ payment collection strategies.
“We offer a toolbox of payment technologies that help unlock hidden value in payment systems,” said Vaughn Owen, Acquired.com Director of Marketing. “Enterprise companies often work with consultants that look at ways to streamline technical infrastructure to save money and consolidate technologies.”
“The payment processing industry is somewhat antiquated and fees are seen as a necessary evil of doing business,” Owen added. “In order for a merchant to accept payments in the digital space, they must work with an acquirer or group of acquirers, then with a payment processor or payment gateway. This creates a string of data that must be reconciled for refunds or chargebacks. Acquired.com is connecting to this chain of data in innovative ways, and that innovation requires the utmost confidence in security and compliance.”
SECURITY CHALLENGE
Payment processing requires the highest levels of data security, availability and, of course, compliance with PCI DSS. Acquired.com needed a channel partner who could provide its company and customers with a comprehensive security and compliance solution. Based in the cloud, Acquired.com also required a trusted SECaaS partner that understood hybrid environments. As a consulting company, Acquired.com also wanted to provide turn-key compliance and security solutions as part of its service offering to customers.
“We felt like we could always bring in resources or partners that are strong and make that part of our business, but at the end of day we decided we should focus more on what we’re really good at, which is developing great application and product around a business use case,” said Vaughn, “rather than building our business around the security component. That’s where we win.”
PCI COMPLIANCE
Armor’s purpose-built, managed cloud security solutions were created to simplify compliance—minimizing PCI DSS-related anxiety and preventing breaches of payment card information. Data workloads and applications protected by Armor inherit compliance controls from a PCI DSS 3.2.1-compliant managed cloud security solution. This means easier PCI DSS assessments and heightened security without the need for additional overhead or DIY security tools
“In terms of compliance, we are a PCI Level 1 Gateway, and every year we have to go through the compliance process,” said Thy Tang, Acquired.com Chief Technical Officer. “We have the team and the expertise, we have a great compliance officer on board that can do many things, but PCI control points continue to emerge. With PCI 3.2.1, now there are over 400 control points of questionnaires.”
“Of course, we can do it,” Tang added, “but Armor makes a huge difference when you are still a small company. Smaller companies need to focus on core competencies and where they can capture the most value in a marketplace. For example, we have to conduct PCI compliance audits every year and it can take a month or two of our whole team’s effort. I would rather spend team resources building solutions.”
As for PCI compliance, Armor provides a cost-effective, time-saving solution that stands in for things we would have done ourselves. The result is we reduce the burden on our teams while leveraging Armor’s credibility in security and compliance.
FINDING THE RIGHT SOLUTION
As new technology disrupts the payments industry, where ledger-to-ledger payments are being tested and the world is moving to a cashless society, security and compliance become even more complex. These challenges are compounded by cloud or hybrid environments.
“Security is their primary focus, whether it be a private cloud, public cloud, or their own secure hosting solution, where they manage everything from the infrastructure to the security stack,” said Tang. “We used cloud providers such as Rackspace and AWS but eventually decided we should look for a solution that included security as a focus.”
The right solution for Acquired.com is Armor Anywhere, hosted in Armor’s private cloud. The virtual private cloud (VPC) has built-in security and compliance controls that provide the industry’s leading prevention, detection, and response services—keeping sensitive, regulated data safe and secure.
WHY ARMOR
Armor Anywhere actively reduces the security and compliance burden of organizations by providing the highest level of managed security for its customers’ data. Armor’s uncompromised security approach enables Acquired. com to more easily meet PCI cloud compliance requirements.
With nearly a decade of hosting compliance-driven applications, Armor has built an audit-friendly reputation that simplifies compliance.
“All of our vendors are sitting on a hosted environment where we provide security and PCI Level 1 compliance,” Owen said.
“Security is something that you just have to live and breathe every day,” Tang said. “Armor does this day in and day out. This is their passion. That’s how you get really good at it. Bringing that talent in-house is challenging. For smaller companies, the best security talent usually gets snapped up by bigger companies. It’s not just the money that’s needed to be competitive with them. Still, some companies will hire someone and create a security job title and think that’s enough. You have to make security part of your organization’s culture, a main component of protecting your business.
“Since we’ve been using your cloud from the beginning, we’ve been both a client and a partner, bringing in new business, using different products on your platform, and providing feedback on your product roadmap. We’ve been engaged with Armor to help improve solutions for everyone we work with.”
Armor security lends credibility to our brand, underpinning our stability as a company and showing how seriously we take security and compliance in the cloud.