EedenBull Achieves PCI Level 1 and SOC 2 Compliance 
with VGS in Half the Time & Cost

Case Study Summary

Case Study LogoCase Study

Client

EedenBull is a fintech innovation company specializing in creating and delivering B2B and commercial payment solutions. They work with banks, card schemes, and payment partners on a global basis to enhance and drive innovative business solutions and products to better serve Corporate and SME clients.

Client Photo

Andrew Veitch
COO

Region

Global

Industries

FinTech

Goal

Become PCI DSS and SOC 2 compliant to make it easier to sell

Challenge

Meet a client deadline to become PCI Level 1 and SOC 2 compliant, with limited resources

Solution

PCI DSS Level 1, VGS Vault, VGS Control for SOC 2

Result

With help from VGS, EedenBull became both PCI Level 1 and SOC 2 compliant in less than four months, with no additional headcount and at half the time and cost quoted by the Big Four Accounting Firms.

Background Img

Background

EedenBull’s mission is to work with partner banks to improve how businesses pay and get paid. They provide a spend management and card program, Q Business, in partnership with more than 60 banks. In turn, these banks are able to meet their customers' needs for better, safer and more convenient ways to pay and manage their expenses using EedenBull’s cloud platform.

One of EedenBull’s key offerings is their turnkey card management system (CMS) that helps banks issue and manage cards. Though the team employed serious data security measures, they always knew they’d need to adhere to international standards like SOC 2 and PCI since banks were their primary partners.

Challenge

Though SOC 2 and PCI compliance were on their roadmap, EedenBull signed a large banking partner that accelerated their timeline. The contract had deadlines for achieving certifications in each area.

As a young organization, EedenBull never intended to take on the heavy workload of compliance internally. They began discussions with some of the Big Four Accounting Firms, but quoted timeline for SOC 2 alone was 6-7 months.

When discussions were well under way, Andrew Veitch, COO at EedenBull came across VGS.

“It was always in our heads to use a third-party that could help us with compliance because it's a nightmare to do yourself.”

Andrew Veitch
COO

Solution

“I don't think we would have hit our date if we hadn't used VGS.”
- Andrew Veitch, COO

At the start, Andrew looked to VGS to help with PCI compliance and to provide data security through the VGS Vault. Once he got into discussions around PCI and VGS Control, it soon became apparent there was a time-saving and cost-cutting solution for SOC 2 as well.

“I must say we were quite skeptical at first. Can VGS really do what they say? If it looks too good, it can’t be true, right?” Andrew shared. “But we talked to VGS clients and they all raved about VGS. They confirmed that not only would it be half the cost of the Big Four, it would take only half the time.”

Andrew went on to explain, “Considering time and cost were the major decision making factors, it really became a very easy choice to partner with VGS.”

Protecting EedenBull, Its Banking Partners’, and Their Customers’ Sensitive Data

Accelerating PCI all starts with the VGS Vault, which insulates EedenBull’s architecture from ever touching cardholder data. VGS intercepts data as it flows to their servers, redacting the sensitive data and replacing it with an alias.

API-Driven Virtual Card Enablement

While EedenBull, their banking partners, and even their banking partners’ customers only have access to that aliased data, using VGS enables virtual card presentment so the end cardholder can receive and see their card information. Since virtual cards are a huge area of growth, this ability to do real-time card issuance while keeping EedenBull and partners PCI compliant is invaluable.

And it’s all done through API calls, which is one of the things that drew Andrew to VGS in the first place. “We’re very API-driven, so Vault fit our infrastructure model well,” Andrew explained. “The virtual card is generated via our API calls into Visa APIs. VGS sits in the middle, redacts the sensitive information, holds it, and then shows it to the cardholder in the app – and it never sits anywhere in our architecture. It's always between VGS and the app, and it keeps us PCI compliant.”

Collaborative Problem Solving

While technology was obviously important to Andrew and team, they were also looking for a true partner. “It was important to us to find a team that understood our working style and culture. We wanted collaborative problem solvers who deeply understood our industry.” Andrew said. “It’s not just VGS’s product, it’s the guys on team that sit behind it. Whether that be from their support or development team or anyone else within the organization. Everyone is willing to talk to us and help us move things forward. It’s been a real team effort.”

Soution Img

Results

"With VGS, EedenBull got our PCI DSS Level 1 and SOC 2 compliance at less than half the cost and several months earlier than we would have with one of the Big Four.” - Andrew Veitch, COO

In addition to implementing PCI DSS and SOC 2 compliance at half the rate quoted by the Big Four Firms, VGS also mitigated the need to hire additional staff. If EedenBull had partnered with a larger firm they would have to hire one to two in-house employees at £75-100K each to manage the process. With VGS, EedenBull did not have to make any additional hires. Andrew noted that partnering with an auditor familiar with the VGS platform further accelerated and simplified the auditing process.

VGS surpassed EedenBull’s expectations of a vendor so much that their internal team members have become champions of VGS, promoting it to other clients as a quick, simple way forward in compliance. Andrew says, “Because with VGS Vault, our database did not hold any sensitive information, getting PCI certified was just so, so easy to do.”

Results Img