Vanta’s continuous monitoring capabilities cuts Taptap Send’s work to PCI DSS compliance in half.
By leveraging Vanta’s automation capabilities, Taptap Send has moved risk management from siloed spreadsheets to a centralised hub.
With Vanta’s Trust Center, partners and customers can view Taptap Send’s security credentials at a glance, reducing the need for lengthy security questionnaires.
“With Vanta, everything is in the one place. We’re actually doing more risk management work now because we see our risks more clearly! It has definitely improved our security posture.”
The company
Fast, fair, and easy — helping immigrants send money back home
Taptap Send makes it easier for immigrants to send money home to Africa, Asia, the Caribbean, and Latin America. Since launching in 2018, they have moved billions of dollars and reached hundreds of thousands of customers.
Global remittances account for over $500 billion annually, most of which moves back into developing countries. However, the market is dominated by traditional services that are expensive and slow, with limited rural reach. The Taptap Send mobile app helps people send money quickly and securely and at a fraction of the cost.
Taptap Send is venture-backed, with investors including Reid Hoffman, the Omidyar Network, and Helios.
The challenge
Partners with exacting standards demand proof of security
As a cross-border money transfer service, Taptap Send has built partnerships with a large number of credit card providers and payment processors, and they all need proof that their customers’ information is secure and protected. In particular, they need to see PCI DSS (Payment Card Industry Data Security Standard) compliance, says Dimitrios Stergiou, Director of IT and Information Security at Taptap Send.
“That was quite painful to deal with manually. There was a lot of custom documentation that we had to create and a lot of controls that had to be sampled.”
As well as PCI DSS, customers and partners were increasingly asking about the company’s broader security policies.
{{quote-2}}
Taptap Send decided that becoming SOC 2 compliant would put a lot of their concerns to bed. However, working towards a SOC 2 attestation can be a tedious process. The logical next step was to get a trust management platform that could speed up and automate much of the work.
The solution
A springboard to uncomplicated compliance
When Dimitrios joined Taptap Send in January of 2024, they were finishing up their first PCI DSS audit. He saw how time consuming it was and realised that they needed a powerhouse trust management platform that could help with all kinds of security requests and standards.
“We need to be licensed in pretty much every state in the US and also in the UAE, the UK, and Europe. All of these jurisdictions have their own requirements, and we didn’t have a good way to document all the work we were doing. Rather than having multiple Excel files, we needed a single source of truth for our security posture.”
Dimitrios began evaluating trust management platforms, reaching out to eight different vendors. He had a list of essential functionalities that Taptap Send needed, which disqualified some providers straight away. Others were rejected as Dimitrios delved further into their software.
“For example, we wanted something that would allow us to create our own frameworks right out of the box. Some of them could do that, but not in a straightforward way.”
In the end, it came down to Vanta and one other competitor. However, Dimitrios had used Vanta in a previous job and knew just how helpful it could be.
“Nobody I knew had used the other provider," said Dimitrios. "And I thought that it wasn’t great that I couldn’t find one person who could tell me about their own hands-on experience. Vanta was the obvious choice. I had my own positive personal experience and also a network of people who I trust who use and endorse it.”
The impact
Since starting with Vanta, Taptap Send has overhauled how they handle risk management. Everything is contained within Vanta’s Risk Management solution, eliminating the need for siloed spreadsheets and endless email threads. The process has been simplified and automated, so it’s much easier to stay on top of their security profile.
{{quote-3}}
Taptap Send is working towards their SOC 2 attestation, and Vanta is automating the complex work of gathering evidence for their first audit. Their security posture is constantly monitored, and they receive alerts if anything goes out of compliance. They have also moved their vulnerability management to Vanta, integrating their third-party tools.
“We have several tools that yell to us about vulnerabilities! Rather than going into each individual console, we can now gather all that information in Vanta, which saves a considerable amount of time.”
The company will undergo a second PCI DSS audit early next year, and Vanta is taking the pain out of the process. Vanta’s PCI compliance tool automates over half of the work that is needed to prove that consumer data is secure.
“I saw how much time it took to gather the samples that the auditors needed last time, and that’s something we want to avoid. Vanta continually monitors our PCI environment, so we won’t have to scramble to find evidence at the last minute,” says Dimitrios.
For Dimitrios, one of the biggest benefits of Vanta is that it integrates with Taptap Send’s other tools and systems and gives them a bird’s eye view over all their data. Partners and customers also benefit from this increased clarity. With Vanta’s Trust Center, they can view Taptap Send’s compliance posture on demand, reducing the need for time-consuming security questionnaires.
“We already had the information, but no-one was looking at it, or we didn't know exactly what it meant. Vanta has brought it to the surface and visualised it for us.”
