Q&A with Sascha Huwyler at PCI Proxy

Kevin Smith, Payments Risk Director at the Payments Consulting Network, recently caught-up with Sascha Huwyler, Head of PCI Proxy.

As a leading tokenisation provider, PCI Proxy empowers organisations around the globe to securely protect the payment data they store, process and transmit. By using their unique universal token vault solution, businesses can minimise the scope of their PCI compliance and ensure they retain the flexibility to work with any payment service provider, such as payment gateways, orchestrators, and acquirers.

Leading brands worldwide use PCI Proxy to enhance their payment flexibility, improve the security of transactions, and reduce the significant burden and cost of PCI DSS compliance.

So, what does this mean? Kevin asked Sascha a few questions to gain a better understanding of PCI Proxy, its products and services and the tangible benefits it provides clients around the globe.

KS: Thank you for the opportunity to chat Sascha. Could you please provide a high-level overview of the PCI Proxy business?

SH: Let’s go back in time. Since 2001, Datatrans has been the leading payment service provider in Switzerland, processing roughly 2/3 of all online transactions. Our founders recognized relatively early that every merchant, every service provider, and every buyer operates online in their own way and therefore deserves individual solutions. One of many good examples of such customer-driven collaboration was the invention of an early version of PCI Proxy. Triggered by a support ticket from SWISS International Airlines and Seekda, we worked on our very first tokenisation solution back in 2009.

In 2013, Datatrans launched PCI Proxy as a separate product focusing on vendor-agnostic payment data tokenisation. 10 years later, today’s most advanced companies from various industries use our tokenisation platform to store and handle sensitive payment data securely and with total flexibility.

In 2021, Datatrans was acquired by Planet, a leading technology company providing connected commerce solutions to customers in the hospitality and retail sectors and worldwide via a network of payment partners. Again, we realised early on that Planet had the same philosophy regarding customer-focused collaboration, which made it easy to get on board. This was a great fit for us as a company but, more importantly for our customers and partners.

KS: What payment services and solutions do you offer merchants and third parties?

SH: PCI Proxy empowers businesses of all sizes to build and maintain secure and flexible card payment flows. We offer modular, componentised solutions to merchants and service providers that want to own their payments value chain as much as possible while outsourcing selected services such as tokenisation, 3-D Secure or the processing across a wide range of payment card acquirers and payment gateways without spending time setting up and maintaining integrations.

Consider it like an “a la carte” menu of services. Order the full menu or pick and choose only the parts you need. All our solutions are designed in a way that they can be used on top of existing processors and third parties, helping our clients to reduce dependencies.

Our tokenisation solution is the backbone of PCI Proxy, allowing customers to offload PCI DSS compliance but also enhance flexibility across their processor and third-party integrations due to the universal token approach. We provide a broad set of flexible tokenisation APIs ready for almost any interface. This allows our customers to integrate quickly and, more importantly, share our universal tokens across any of their integrations without becoming locked into one PSP.

These days, most of the processors provide their tokens. Unfortunately, those tokens only work across their gateway or, in other words, within a closed ecosystem. With PCI Proxy, this is different; our tokens work across any processor or orchestrator in the world.

That said, we strongly focus on providing services in a self-service manner. So, we built an intuitive and self-serve dashboard, allowing our customers to integrate our solution. You can add PSP integrations in just two clicks. And if help is still needed, we are only a Slack message or call away. No ‘Please hold the line’ – we work in a way that feels natural for our customers and provides instant access to our expertise from day one.

KS: Are there any industry sectors or client types that you focus your delivery on?

SH: We are not tied to any industry sector or client type. But there is a strong focus across international retailers, platforms, and travel businesses – mainly because we started in those industries and have built a strong industry knowledge over the last 20 years. We also work with many companies outside of those areas and cover industry sectors such as financial services, gaming, food and beverage and mobility. Thanks to our modular platform approach, we can integrate with literally anyone processing payments online. Not being restricted to industry sectors means that we can jump out of our comfort zone, learning new processes and use cases continuously.

KS: What do you see as the PCI Proxy’s key strengths and differentiators concerning the products and services you provide?

SH: From my perspective, some are more measurable – like our global reach, system availability, platform features or our list of prestigious customers – but at the heart of PCI Proxy and its success over the past 20 years is, I firmly believe our culture. This includes challenging the status quo, responding to queries within minutes and not hours or days, giving our customers a chance to chat with developers to see what happens in the background, working with our customers and partners to build unique services, and in general, being there if help is needed.

Our knowledge in payments is also a huge differentiator. Working in compliance and payments for more than 20 years sets us apart when it comes to explaining complex payment processes. We are uniquely positioned to share best practices about reducing PCI DSS scope to the minimum, how to make use of network tokens most efficiently or how to optimise conversions when it comes to 3-D Secure.

Lastly, our modular platform approach is a key differentiator. You might remember the “a la carte” menu of services we spoke about before. This allows us to focus on those types of merchants that want to keep control and flexibility but outsource specific services to an expert. All services we provide are in-house, so no additional third or fourth party is involved in providing those services.

KS: What were your key achievements over the last 12 months?

SH: Firstly, the acquisition by Planet is and will be significant. It provides access to a complete set of complementary payment products that we can include in our componentised offerings to provide even more flexibility and vendor-independent payment solutions to our customers. At the same time, it allowed us to scale- up our team, and we could hire and onboard great new colleagues across different departments.

There are also significant achievements regarding our approach to security and product innovation. We renewed our PCI L1 certification for the 16th year in a row, certified ourselves as an official network token requestor for Visa and Mastercard, complied with the latest 3-D Secure specifications for our authentication-only approach, and built a lot of new APIs and functionalities.

KS: What merchant services innovations do you have on your product/service roadmap for the next 12 months?

SH: As you can see from our continuous product development, we do not stand still. Our infrastructure resilience is far above the industry average, but we strive to improve it to ensure we can deliver even tougher service level commitments, which we know is a comfort factor essential to our customers.

Delivering an enhanced payments-orchestration layer is also part of our componentised product vision. We are giving merchants a chance to leverage orchestration through us or build it themselves. We also continue to develop our platform and modular solutions to deliver even greater control to our customers where they request it, through integration with more acquirers, payment facilitators, gateways, and payment processors.

This also includes more fantastic integration support for mobile payment solutions, including Apple and Google Pay. This solution should be released in the upcoming weeks.

We continue to expand our strategic partnerships with leading qualified security assessors (QSAs) to help our customers navigate through the remaining subset of PCI DSS requirements and reporting.

KS: What industry changes or trends do you see occurring over the next 2-3 years that will significantly impact your business and your clients?

SH: Two particular changes are heading in our direction.

A continued and increasing focus on payment data security and compliance is expected, with associated enforcement. New and more significant regulations and scheme requirements increasingly impact companies within the e-commerce space. Good examples are PCI DSS version 4, which is much more stringent than the current version, and scheme initiatives such as 3-D Secure or Network Tokenisation which also became mandatory in certain parts of the world. Shifting to those new standards is a considerable drain on time and resources for many businesses.

Apart from that, we see a trend toward adopting more frictionless checkout solutions. Consider solutions such as wallets, click-to-pay or network tokenisation. I’m sure that card schemes will encourage those solutions more and more. And who knows, most probably, there will be other solutions available to improve the customer experience and security of card transactions during checkout in the next few years.

Author: Kevin Smith, Payments Risk Director, London, Payments Consulting Network

Kevin has over 30 years of experience in the retail management, financial services, and payments industries. With 17 years at Visa globally he has a proven track record in developing and executing innovative and practical business strategies, product development and service definition in card acceptance and acquisition. With both marketing and risk management backgrounds, he brings a pragmatic approach to business development. As ‘Riskskill’, he is a Visa-approved reviewer under the Visa Global Acquirer Risk Standards (GARS) programme.


PCI Proxy is a member of our Payments Orchestration Panel.

If you found this article helpful and would like to read similar articles, please subscribe to our newsletter.

To get notified of our latest posts, follow the Merchant Advisory company LinkedIn page and click on the bell icon at the top right section of our company profile.