Case Study - Honk | Very Good Security

Case Study

Providing safe, simple contactless parking payments

Contact SalesDownload Case StudyDownload Summary

Honk

Client

Since 2013, Honk has been delivering safe, touch-free parking payments to drivers across North America. Thanks to Honk, parking operators are able to provide their customers with a best-in-class parking experience while reducing their costs, increasing revenue, and gaining unprecedented insight into customer behavior.

Headshot of Tony La

Tony La,
CTO

Region:
United States & Canada

Industries:
Parking; Contactless payments, Mobile app; Ecommerce platform

Goal

Smoothly transition from merchant to service provider; focus resources on business growth

The Challenge

Support multiple payment processors (no vendor lock-in) and take back significant, valuable time spent on PCI DSS quarterly maintenance, yearly recertification, and product change audits.

Solutions Summary

A complete shift from Honk’s homegrown PCI solution with the VGS Platform. Within just a few weeks, the ongoing compliance burden and liability was transferred onto VGS, the Honk team was back to driving the business forward, and they were able to use VGS Multiplexing to process payments from multiple vendors.

Background

An Evolution to Parking Revolution

Who among us hasn’t run into frustration with parking? Whether it’s been a packed parking lot, fumbling for change, or having to run back to feed the meter – there’s no denying the user experience can be less than ideal.

Enter Honk: In 2013, Honk disrupted parking and turned it on its head. The parking experience became safe, easy, and hassle-free. Far ahead of its time, Honk created technology to allow drivers to seamlessly pay for parking via contactless payments and as a result, bypass the archaic pay station.

While the focus is ultimately excellent user experience, the means to that end is upgrading the way parkers pay. The company’s direction has been guided by the founder’s extensive background in payments technology. This has steered Honk’s product suite: the mobile app (HonkAPP), an iPad powered parking terminal kiosk (HonkKIO), and their latest product, a touch-free virtual pay station, HonkTAP. The parking industry’s first-of-its-kind virtual smart station, HonkTAP allows drivers to pay for parking with a simple tap or scan of their phone. No app download, or account setup required – drivers simply tap, pay & go.

Along with this evolution and growth came the strategic realization that Honk was a platform for consumers and operators rather than just a consumer parking app like so many of its competitors. Parking operators needed a secure, compliant and vendor-agnostic comprehensive Parking System Management solution.

Challenge

Success Problems – Growing Pains

“One of the big headaches around payment is PCI compliance; it’s a huge challenge. Before VGS, we were doing it ourselves - in house - and it was taking up too much time, energy and focus.”

- Tony La, CTO

Like all things that grow and evolve, Honk had areas that needed to grow along with them to keep up with the ever-evolving parking payments machine.

After the initial beast of building a PCI DSS solution internally, the Honk team found themselves spending time and resources each year on PCI DSS maintenance, including quarterly vulnerability scans, yearly recertification, and all of the surrounding documentation and process updates. In addition, developing new features and functionality became indirectly impacted – since following PCI compliance meant a scan and update of materials every time code touching the payment stack was changed.

Documentation diversion

“A month or two before recertification, suddenly focus was shifted from building features, driving revenue, and driving the business forward to getting all of our PCI documentation together. It was a time sink,” Tony said. Add to that a special audit and updating paperwork and processes every time a product change, front- or back-end, happened, and by conservative estimates the team was spending the equivalent of two engineers, two months per year on PCI maintenance—at least.

Technical challenges

In addition, because of Honk’s transition from merchant to service provider, their technical use case was more complicated than just accepting payments. As they talked to multiple other vendors during the evaluation process, they found that there was always a ‘gotcha’. Not only was vendor lock-in nearly ubiquitous, but other vendors did not support easy integration and deployments of new gateway connections as Honk’s business expanded. With VGS, Honk knew they’d be in control of their own destiny with new connections and vendors, able to connect to any endpoint they need or want for their business (i.e., no more waiting for other vendors’ roadmaps to catch up to their needs).

Solution

Goodbye to DIY PCI, Hello VGS

VGS provided a unique solution in the market. Their proxy solution is ingenious... it provides incredible flexibility.”

- Tony La, CTO

When Tony started conversations with VGS, he noticed a significant difference from other vendors. In fact, until he and his team started testing, he thought there might be some “magic” happening (i.e., he was a bit skeptical). He marveled, “The VGS proxy solution is ingenious. It’s a solution that keeps our servers clean, and it provides incredible flexibility.”

Zero Data = Zero Liability

The most attractive thing about VGS was the unique Zero Data approach that guarantees PCI compliance by ensuring customer data never touches a client’s servers. This contrasts with the older encryption or tokenization methods used to protect data, by most solutions today. Though both have their strengths for certain use cases, the original data still resides on a client’s servers to some degree in each, leaving systems within the scope of PCI DSS.

VGS solves for this by using data aliasing, a next-gen technology that allows clients to collect, protect and exchange data just as if it was in its raw state, but without the client ever possessing it. Data never touches a client’s servers, taking systems out of PCI DSS scope. This shifts the ongoing compliance burden and liability from Honk.

Full Data Ownership

Though the Honk team never possesses the data, they still own it and retain full control. “One big question was, ‘Hey, what happens if this relationship doesn't work out, and I want my credit card data moved to another place?’ With VGS, you own the data and already have access to it, so you just pull that data out and send it to another location,” Tony said.

Faster, Less Work for Honk

Tony also appreciated the ease of obtaining a Report on Compliance (ROC) by using VGS. Through VGS, obtaining an ROC takes just a couple of weeks, not several months of Honk employees’ time. Tony explained that this is important as they transition from merchant to service provider, “If we were running our own payment infrastructure, it would actually be a relatively large change to go from merchant directly to service provider.”

Developer Focus

VGS’ focus on developer experience allows the team to support several critical scenarios without extra development work. This was a key comparison criteria for the Honk team. They found they were able to integrate VGS into their environment easily, without making any changes to their product architecture. As they expand internationally, VGS also supports easy integration into local payment service providers (PSPs) and enables intelligent routing to the customer's preferred PSP. This means huge potential time savings for the team, since if another vendor’s back-end doesn’t support a certain gateway, they would have to change both the back-end and front-end.

Ease of Use

Of the whole experience, Tony says, “VGS was super easy to get up and running and test. We tested it pretty easily. And once we installed it, it was quickly up and running.”

Results

Accelerating Business Growth

“I no longer dread February and March. Returning several months of development time accelerates the big picture and our strategic growth. We can focus on the business logic, not the compliance issues.”

- Tony La, CTO

Partnering with VGS allowed Honk to turn their full attention away from tedious compliance issues back to their core business. With an extra 2-3 months of two full-time engineers available, the development team has been able to re-focus on building out the features needed to continue their rapid growth and expansion across the US – without compliance distractions.

Future-Proof PCI Compliance

Implementing VGS immediately alleviated Honk’s PCI burden, and set up their business for any future compliance needs by subscribing to an "always-on" compliance model. For example, when PCI 4.0 rolls out next year, Honk will automatically get the most current version of compliance. And as they expand into long-term parking and beyond, Tony says, “If there's a use case or a segment of the market where we have to comply with something as serious as HIPAA, we have a solution. We know it, and it's relatively easy. We can do it in a short period of time using VGS. That’s a big win.”

Want to try VGS?

Sign up for a free account to access our dashboard, or get in touch.