Papaya Gaming

Securing critical data and enabling multiple payment processors

How partnering with a third-party tokenization provider removed sensitive data, enabled a multi-processor setup, and helped them focus on critical security priorities

About the company

Papaya Gaming is a market-leading mobile games company. With powerful, innovative technologies, they develop a platform that turns popular, casual, single-player games into skill-based, multiplayer experiences enjoyed by millions worldwide. 

Industry: Mobile Skill Games

Location: Tel Aviv

Company Size: Commercial

Products Used: Mobile API and Transparent Gateway

Balancing security and compliance 

As a former PCI Qualified Security Assessor, Papaya Gaming Chief Information Security Officer (CISO) Michael Abramov knows the challenges of storing sensitive payment information. Especially since the time and effort of PCI compliance audits can take away from other pressing security issues.

“I’m always balancing compliance requirements with security requirements and procedures,” Abramov said. “We want to focus on securing our data and securing our users, and not spend all our time just on compliance processes.” 

In his role as CISO, a big part of compliance is ensuring that Papaya follows the Payment Card Industry Data Security Standards (PCI DSS). These standards ensure that customer payment information is handled safely and securely.

Working with TokenEx gave Papaya an easy solution to address PCI DSS concerns. Payment information could go directly to TokenEx and then to their payment processors. None of its customers’ payment information would be stored in their internal systems. 

Easy audits and multiple processors

One immediate benefit of working with TokenEx is the reduced effort for PCI audits. “Our scope for the PCI audit will be really small,” Abramov says. “We don’t need to meet all the requirements because we are not storing any sensitive payment information. We don’t store the cardholder data, and the payment processing goes through TokenEx.”   

If Papaya weren’t using TokenEx and had to store this sensitive information in their internal systems, it would be a significant and costly change to their infrastructure. According to Abramov, “We would need to change our whole environment, hardening all of our servers and enabling a lot of monitoring. And meeting these PCI requirements alone would take away from other security-related initiatives.” 

Finally, working with TokenEx allowed Papaya to easily work with multiple payment processors. With TokenEx, there is a single token that can be used across all of its payment processors. And it gives Papaya the flexibility to easily add new processors in the future if needed.

How it works

Papaya utilizes the TokenEx Mobile API to capture sensitive data in its mobile application. When a customer using the app provides credit card information, this information is sent directly to TokenEx. TokenEx stores the data and returns a non-sensitive token to Papaya. This ensures that payment information never enters their internal systems, drastically reducing their PCI scope.

When Papaya needs to charge a customer, they send the token for that customer to TokenEx. TokenEx detokenizes the payment information and sends it to the appropriate payment processor. Since the TokenEx token isn’t tied to a specific payment processor, it works with all of their existing payment processors and gives Papaya the flexibility to work across multiple payment processors.  

Improved data security and
payment flexibility

Papaya Gaming drastically reduced effort for PCI audits.

Papaya Gaming increased focus on higher-priority security issues.

Papaya Gaming enabled working with multiple payment processors. 

I definitely recommend using TokenEx. I know how it has eased my life as a CISO. We are not storing any payment data within our platform, and that’s a big success for me. I don’t need to deal with it because it’s not a risk for us.”

Michael Abramov

Chief Information Security Officer, Papaya Gaming

How can we help
your business?

Connect with us to learn how we can generate similar results for you.

See more customer stories