Unit helps tech companies build financial features – cards, accounts, payments, and lending – into their products. They own the heavy lifting of compliance and bank relationships so their customers can build, launch, and grow faster.
Implement Visa DPS; Issue a new secure card, in both physical and virtual format.
Become PCI compliant and finalize Visa DPS implementation, within 4 months.
PCI DSS Level 1 Certification, VGS Data Security Platform
"VGS helped Unit implement Visa DPS 50% faster than standard Visa DPS deployments,” Visa
Unit is on a mission to make it easier for companies to provide more financial features to their customers. They’ve created a ‘banking-as-a-service’ platform that lets tech companies – for example, a marketplace where companies can find, hire, and pay independent contractors – embed banking services like payment cards, checking accounts, etc. into their own businesses, by way of an API.
Unit was in the midst of launching a new card product for their customers. Since Visa DPS is the largest processor of Visa transactions globally, they set about becoming a Visa DPS partner to support their card launch.
To complete their Visa DPS implementation, the Unit team found out they had to become PCI compliant. With a new card launch quickly approaching, it had to happen fast. If they couldn’t secure PCI within 4 months, they would either have to postpone their launch or go to market without Visa processing. Neither were options they were willing to entertain.
Doron began exploring the option of building their own PCI infrastructure in-house and running their own audit. The Unit team estimated that to start from zero and build out a PCI compliant CDE environment would take 2-3 FTE engineers, between six months to one full year. And that doesn’t begin to touch the QSA fees for the audit and ongoing maintenance fees and internal time. “I was looking at finding a way to encrypt all the data, then create a card data environment that is secure, doing the descoping ourselves to have an easier PCI process. But we are a small team and that would be a huge headache to try to do all of it ourselves.”
“The Visa DPS team told us we had to become PCI compliant or we wouldn’t be DPS certified by the time we launched our new card.”
“We built our PCI infrastructure solution and secured Level 1 compliance for way less than if we’d done it in house – both financially and in engineering resources – and broke a record for getting Visa DPS implemented at the same time.”
- Doron Somech, CTO
In the initial conversation, Doron was happy to find the VGS team was very knowledgeable about PCI, payments, credit and debit cards. They needed a partner who could not only help them secure PCI compliance and finalize their Visa DPS implementation, but who could also help them issue both a physical and virtual version of their card. VGS fit the bill in more ways than one.
Unit’s API allows their customers to issue cards, and when they issue virtual cards, they need to present the sensitive information in their user interface. The customer will often show a masked number, then allow you to click on it to reveal the number. Unit has partnered with VGS to extend the VGS data security posture to their end customers, to enable them to do this securely. Unit enables the customer to issue the card, and VGS provides the ability through JS Show to present the PAN, without either Unit or their customer ever having to touch the sensitive data.
“Unit’s infrastructure project was extra complicated because of our router and data center set up, the Visa ISO 8583 protocol which is very complicated, and the FTP. I was honestly a bit worried at first. But the VGS team was amazing. They handled every obstacle we presented, and we delivered on time,” said Doron.
PCI compliance infrastructure and certification was worked in tandem with Visa DPS certification. In just over 2 months, VGS helped Unit implement and certify on Visa DPS. In the process, VGS also delivered a PCI compliant data environment.
In addition, VGS helped Unit become the first Visa DPS customer to implement HMS, which allows them to generate card data and the authentication data behind it. For example, for a virtual card’s PAN, Unit will send the first nine digits and the card generation capability will provide the remaining seven digits that get printed on the card, as well as authentication data (like a CVV) that gets printed on the back of the card, pins, and pin blocks.
"VGS helped Unit implement Visa DPS 50% faster than standard Visa DPS deployments.” - Visa
The Unit team estimated that to start from zero and build out a PCI compliant CDE environment would take 2-3 FTE engineers, between six months to one full year. And that doesn’t begin to touch the QSA fees for the audit and ongoing maintenance fees, as well as ongoing internal time - altogether estimated at around $250K-$300K+/year.
“With VGS, we had our infrastructure in place and were PCI compliant in under 2 months. Within 4 months, we were Visa DPS certified. [Visa was] pretty skeptical we could finish that quickly. But with VGS’ help, we did it,” said Doron.
“With VGS, we had our infrastructure in place and were PCI compliant in under 2 months. Within 4 months, we were Visa DPS certified.” Doron Somech, CTO