About the company
Papaya Gaming is a market-leading mobile games company. With powerful, innovative technologies, they develop a platform that turns popular, casual, single-player games into skill-based, multiplayer experiences enjoyed by millions worldwide.
Industry: Mobile Skill Games
Location: Tel Aviv
Company Size: Commercial
Products Used: Mobile API and Transparent Gateway
Balancing security and compliance
As a former PCI Qualified Security Assessor, Papaya Gaming Chief Information Security Officer (CISO) Michael Abramov knows the challenges of storing sensitive payment information. Especially since the time and effort of PCI compliance audits can take away from other pressing security issues.
“I’m always balancing compliance requirements with security requirements and procedures,” Abramov said. “We want to focus on securing our data and securing our users, and not spend all our time just on compliance processes.”
In his role as CISO, a big part of compliance is ensuring that Papaya follows the Payment Card Industry Data Security Standards (PCI DSS). These standards ensure that customer payment information is handled safely and securely.
Working with TokenEx gave Papaya an easy solution to address PCI DSS concerns. Payment information could go directly to TokenEx and then to their payment processors. None of its customers’ payment information would be stored in their internal systems.
Easy audits and multiple processors
One immediate benefit of working with TokenEx is the reduced effort for PCI audits. “Our scope for the PCI audit will be really small,” Abramov says. “We don’t need to meet all the requirements because we are not storing any sensitive payment information. We don’t store the cardholder data, and the payment processing goes through TokenEx.”
If Papaya weren’t using TokenEx and had to store this sensitive information in their internal systems, it would be a significant and costly change to their infrastructure. According to Abramov, “We would need to change our whole environment, hardening all of our servers and enabling a lot of monitoring. And meeting these PCI requirements alone would take away from other security-related initiatives.”
Finally, working with TokenEx allowed Papaya to easily work with multiple payment processors. With TokenEx, there is a single token that can be used across all of its payment processors. And it gives Papaya the flexibility to easily add new processors in the future if needed.
How it works
Papaya utilizes the TokenEx Mobile API to capture sensitive data in its mobile application. When a customer using the app provides credit card information, this information is sent directly to TokenEx. TokenEx stores the data and returns a non-sensitive token to Papaya. This ensures that payment information never enters their internal systems, drastically reducing their PCI scope.
When Papaya needs to charge a customer, they send the token for that customer to TokenEx. TokenEx detokenizes the payment information and sends it to the appropriate payment processor. Since the TokenEx token isn’t tied to a specific payment processor, it works with all of their existing payment processors and gives Papaya the flexibility to work across multiple payment processors.
Improved data security and
Papaya Gaming drastically reduced effort for PCI audits.
Papaya Gaming increased focus on higher-priority security issues.
Papaya Gaming enabled working with multiple payment processors.
“I definitely recommend using TokenEx. I know how it has eased my life as a CISO. We are not storing any payment data within our platform, and that’s a big success for me. I don’t need to deal with it because it’s not a risk for us.”
Chief Information Security Officer, Papaya Gaming
How can we help
Connect with us to learn how we can generate similar results for you.