No items found.

Data Residency and PCI Compliance: Why Apaya Chose Skyflow

No items found.
December 15, 2022

Apaya is a modular, scalable platform that enables merchants to automate their payment infrastructure in just a few clicks.  Apaya chose Skyflow to solve their data residency requirements and protect sensitive customer data.  Skyflow allows for ease of implementation and speeds PCI compliance, while offering Apaya’s merchant customers total flexibility over payment processing. 

Apaya is on a mission to become the largest payment automation platform in the EMEA region. To do this, they combine their expertise in regional payments across the EMEA region with data residency, data privacy, and PCI compliance capabilities from Skyflow. The result is a platform that makes it easy for merchants to:

  • Connect to major payment service providers (PSPs) – companies like Checkout.com, Stripe, and Tamara – to process payments
  • Protect customer data, while radically easing PCI compliance
  • Meet or exceed data residency requirements across regions
  • Build intelligent workflows  optimize performance for each transaction
  • Maximize payment processing flexibility, so they can easily choose their preferred payment processor(s) in each region while delivering a great payments experience

The team at Apaya knew that implementing all of these capabilities into their architecture from scratch would be complex and expensive, and cost them time better spent creating delightful experiences for their customers. So, they worked with Skyflow to build a comprehensive solution while accelerating their time to market.

“Apaya built a payments infrastructure to enable every merchant to easily offer their customers a world-class payment experience, with just a few clicks. Our no-code software empowers merchants to build and automate payment workflows to increase their reach, improve their acceptance rates and reduce operational costs.” said Michael Tomlins, CEO of Apaya. “Not only did Skyflow have the most comprehensive solution available to help us build our platform, they also worked closely with us to make the deployment and implementation process smooth, quick, and worry-free.”

How Does Apaya work?

Apaya is creating a payments automation platform inspired by a simple but bold goal: to give every merchant, irrespective of size, capital, or location the chance to offer their customers a world-class payment experience, while using their preferred payment processors.  

Their intelligent platform provides functionality that future-proof payments infrastructure for digital merchants, by providing them full control, automation, and visibility of their end-to-end payment strategy through the following tools: :

  • Marketplace: A portfolio of leading global and local payment processors and payment providers accessible via a single super API.
  • Studio: - A no-code drag and drop tool to easily build intelligent workflows with conditional filters to optimize the performance of each transaction
  • Checkout: A fully customisable mobile and desktop checkout that delivers the chosen workflow to the consumer 
  • Dashboard: An analytics dashboard presenting unified data visualization and insights to optimize the performance of each workflow
  • Secure and Versatile Vault: A PCI compliant vault for payment card data and other customer data that gives merchants versatility to switch as needed between payment processors 

Here’s a look at Apaya’s no-code payment workflow routing tool, which lets merchants build intelligent workflows with conditional filters to optimize the performance of each transaction:

Apaya’s No-code Workflow Management Tool

To quickly deliver flexible payment routing capabilities to merchants, Apaya worked with Skyflow to give their merchant customers PCI DSS-compliant payment processing solutions that avoid PCI lock-in, handle CVV codes to facilitate payment retries and re-routing, and also address their data residency requirements.

Flexible, PCI-compliant Payment Processing

Apaya leverages Skyflow’s PCI Level 1 certification in their PCI-compliant platform so they can free their customers from needing to pick a single payment processor to store their PCI data. 

This lets Apaya’s merchant customers avoid the drawbacks of working with a single payment processor that might not suit their needs in all of the regions where they operate. With Apaya’s Studio, merchants can easily route their payments through multiple payment gateways.

Manage CVV Codes for Seamless Retries and Re-routing

Skyflow’s time-to-live (TTL) capability lets Apaya temporarily cache CVVs in a PCI-compliant manner, so their merchant customers can work across multiple payment processors for authorization.

This reduces merchants’ reliance on a single payment processor, and lets them give their customers a smooth payments experience that doesn’t repeatedly ask for their CVV when rerouting payments.

A Scalable Approach to Data Residency 

Apaya is a platform that helps merchants to operate across geographies, so effective data residency is critical to their business, and to maintaining customer trust. As payments experts, the team at Apaya knows that avoiding sensitive data sprawl is critical to helping their merchant customers comply with data residency requirements. They looked to Skyflow to help them solve this problem for their customers’ PCI data.

As a modular payments platform, Apaya built its architecture so that it can quickly and easily deploy Skyflow Data Privacy Vault instances to new regions. This approach provides immediate data residency compliance solutions for their merchant customers’ PCI data. 

Currently, Apaya’s customers include merchants who operate in the Middle East. They found that deploying a Skyflow Data Privacy Vault in that region gave them a quick and secure way to let their merchant customers who operate there ensure compliance with laws such as PDPL and other regional data privacy laws

Using Skyflow aligns with Apaya’s modular approach to building payment solutions because they can easily add new Skyflow Vault instances in new geographies to comply with local data residency requirements. 

In the near future, Apaya plans to deploy new Skyflow Vault instances in additional regions around the globe including Africa, which will make it easy for their merchant customers to comply with data residency and protection requirements. These vaults will make it easy for merchants who operate in these locations to take advantage of the payment flexibility and optimization capabilities offered by Apaya.

Apaya’s Architecture: Modular PCI and Data Residency Compliance

Apaya chose Skyflow because it provides a developer-friendly API that makes managing sensitive data across regions easy to implement, and because of Skyflow’s PCI compliance, data residency capabilities, and support for payment processor flexibility.

Apaya’s architecture uses Skyflow to capture, tokenize, and store sensitive PCI data, and then calls Skyflow APIs to retrieve the payment information required for payment processors. This modular architecture gives their merchant customers flexibility, compliance, and convenience in each country where Apaya optimizes payments. It also keeps Apaya’s backend infrastructure and database free of sensitive data, so they can focus on using their payments logic and routing expertise to enable merchant clients. 

You can see Apaya’s architecture below:

Apaya’s Architecture Ensures PCI and Data Residency Compliance in the Middle East and Europe


Try Skyflow


To learn more about how Skyflow Data Privacy Vault can help your organization prioritize privacy, sign up to try try Skyflow, or join us to learn more about How a Data Privacy Vault Simplifies Data Residency.

Keep Reading

December 12, 2024

Unlocking Privacy-Preserving AI with Skyflow’s Secure AI Functionality

Discover how Skyflow’s Secure AI Functionality empowers businesses to build privacy-preserving AI applications with enhanced usability, advanced privacy controls, and seamless data management—unlocking innovation while safeguarding sensitive information.
November 12, 2024

Navigating China’s PIPL Requirements: How to Unlock China Go-to-Market

In this post, we show how companies can address China's PIPL regulation by leveraging AWS infrastructure in China in combination with Skyflow Data Privacy Vault.
Data Privacy Vault
Data Residency
October 28, 2024

India SEBI's New Cybersecurity and Cyber Resilience Framework: Data Protection Strategies for Regulated Entities

Learn about SEBI’s new Cybersecurity and Cyber Resilience Framework (CSCRF) for regulated entities in India. Discover key data protection strategies for compliance and enhanced security.