Neural Payments partners with Cobalt and Secureframe to maintain SOC 2 and PCI compliance, customer trust, and overall security.
Community banks and credit unions use the Neural Payments solution to provide peer-to-peer payment services to their customers as an alternative to competing solutions. These banks are highly motivated to keep and grow their existing customer base through services and innovation, and Neural Payments helps them achieve those goals.
Being in the FinTech sector and handling sensitive cardholder data, Neural Payments and its solution are subject to SOC 2 and PCI compliance requirements. Although this compliance is required, a strong commitment to security also helps Neural Payments demonstrate to partners and customers their data is safe and secure.
Needed a strong compliance partner to meet SOC 2 and PCI requirements
Secureframe has an in-depth understanding of what a startup like Neural Payments needed, and provided expert guidance and tools necessary to pursue SOC 2 and PCI compliance.
Had aggressive timelines to meet
Neural Payments had strict partner deadlines needing to be met which required a pentesting partner capable of scheduling and completing a pentest quickly.
Needed to maximize value for spend
As a startup, getting high value for compliance effort spending was important for Neural Payments.
Unhappy with their prior compliance tool, the team at Neural Payments partnered with Secureframe, a security compliance automation platform that makes obtaining and maintaining the most rigorous global compliance standards, including SOC 2, ISO 27001, HIPAA, and PCI DSS, easier than ever.
Using Secureframe’s policy templates and system integrations, Neural Payments was able to make quick progress towards SOC 2 and PCI compliance. Ex-auditors on the Secureframe team also provided expert SOC 2 and PCI guidance, in addition to recommending vendors for services such as background investigations, MDM, pentesting, and audits. These recommendations and access to compliance experts led Neural Payments to choose Cobalt as their pentesting provider and saved them valuable time.
Neural Payments was navigating a dynamically changing environment due to being in the midst of re-architecting their solution for PCI compliance. This necessitated a vendor capable of providing pentesters with SOC 2 and PCI experience who could also get started quickly. This helped ensure the pentest could be scheduled with all in-scope components included in the test, and completed in time.
“We had a few findings requiring engineering effort. Once we addressed them after the pentest was completed, I reached out to the Cobalt pentesters and they all responded - some of them immediately. They were able to retest right then and there, and we were confident the findings had been remediated, retested, and accurately reflected on the Cobalt platform. Although we were told about free retesting in the sales pitch, seeing it in action was amazing. Cobalt delivered by retesting quickly and updating the report accordingly.”
DAVID PATRICK, DIRECTOR OF ENGINEERING, NEURAL PAYMENTS
Short lead time to schedule and start a pentest
Neural Payments was able to schedule and start their pentest with a 48 hours lead time.
Rapid, unlimited retesting
Neural Payments was able to get all remediated findings retested quickly and their report updated dynamically.
High quality and dynamic reports
Remediated findings were dynamically updated on the platform and reports which reflected the thoroughness of the test, and fulfilled the requirements for SOC 2, PCI, and partners.
“As Neural Payments demonstrates, this relationship is just as important as the tool you're using. The relationship Neural Payments has with Secureframe and Cobalt is really more of a partnership than just tools used to gain compliance."SCOTT SUGIMOTO, HEAD OF PRODUCT MARKETING, SECUREFRAME
Once the Neural Payments environment was ready for testing, they were able to schedule a test with a Cobalt team of pentesters within 48 hours. The test was completed and reports delivered in two weeks, which was critically important as they had strict partner deadlines supporting go-to-market goals needing to be met. The Neural Payments team was in direct communication with their pentesters throughout the engagement via Cobalt’s Slack channel, and findings were dynamically updated within Cobalt’s PtaaS platform, which made it easy for the Neural Payments developers to take fast action on “low hanging” findings as they were discovered.
By leveraging both Cobalt’s PtaaS platform, a global network of pentesters, and Secureframe’s security compliance automation platform, Neural Payments created and scaled its foundational security program.