Blog Detail Title

Short Content Here

by Author Name

Date Published

Want something amazing?

Subscribe to thepulse newsletter


How To Move Fast Without Breaking Things

Benjamin Schmid June 22, 2018

Facebook’s old motto to “move fast and break things” became a mantra for many of today’s fast-growing startups. While moving fast is crucial for technology startups to succeed, the idea of breaking things is not a luxury that technology companies which process personal data or credit card information can afford. One mistake with this kind of information could quickly kill a company.  

apaleo was founded on its belief in speed – speed of development, speed of going to market, and speed of its ability to change the way that the hospitality industry works with technology. The company identified a lag in how hotels adopt new technology, caused by legacy technology that is slow to update and slow to integrate with other systems. It set out to build a new, cloud-based property management system (PMS) with an API-first approach that would allow the system to seamlessly connect to any application that a hotel could want, need, or build, all in a matter of minutes.  

As apaleo mapped out its infrastructure, the team knew that, on the one hand, it should move fast, but, on the other hand, it couldn’t make mistakes when it came to data security. PCI compliance was vital to apaleo to ensure its client’s data were secure and to avoid fines and potential punishments for not meeting the laws and regulations. 

Becoming PCI compliant is a process that can be extremely complex, taking some companies months, or even years to achieve. In the past, companies looked to do this all in-house, which is a considerable drain on time and resources. New staff must be recruited, or existing employees must shift their focus away from other projects. Then the team must invest time to understand all the details about PCI compliance and its impact on the company’s systems, products, employees and overall infrastructure. Once the requirements are understood, the team must implement all of the requirements. And finally, after all of this is completed, it is time to start over again, since companies must be re-certified on an annual basis.  

As a lean startup, apaleo did not see this as an ideal solution and searched for another way to achieve PCI compliance – the team had a product to build and wanted to focus on delivering key features and functionality. Knowing that it its very own open API approach was all about connecting with specialists in their field, apaleo chose to find experts in the payments and PCI compliance field. It found Datatrans, which offered a team of experts, as well as PCI Proxy, a purpose-build PCI compliance as a service environment.  

apaleo built its entire PMS platform in less than nine months, something that has taken other companies many years to deliver. And, using Datatrans PCI Proxy, apaleo became PCI compliant in a matter of days.   

PCI Proxy provided apaleo out-of-the-box Level 1 PCI compliance that gets apaleo’s service to market fast and secure. It allows apaleo to connect and exchange payment data with any PCI-compliant service provider and payment gateway while PCI Proxy takes care of PCI compliance. All sensitive data is then filtered and tokenised before it reaches apaleo’s software, ensuring apaleo's systems never touch sensitive card data - reducing the PCI scope to a minimum.  

Since apaleo’s launch, it has now onboarded its first happy clients and has welcomed dozens of developers to develop on its platform, using apaleo’s public APIs. The company remains focused on moving fast and innovating, with speedy release cycles for new functionality and a plethora of new clients and partnerships in the pipeline.  

NB: This article has been adapted from its original version and originally appeared on the website of datatrans here.

Benjamin Schmid

Posted by

Benjamin Schmid
Benjamin Schmid is a co-founder at apaleo. He’s spent more than a decade leading teams to build software that help businesses run smoothly, from ERP systems to SaaS products at SAP hybris. For the last four years, he has taken his product knowledge to the hospitality industry, building up hetras’s API and app platform and now creating apaleo’s open hospitality cloud. When he’s not busy building cool products, Benjamin can be found relaxing in the quietness of the alps or playing sports.


by Martin Reichenbach


4 Must-Haves for a Hotel Tech Stack Ready to Recover in 2021

During the COVID-19 crisis, technology has undoubtedly enabled us to stay safe, connected, stimulated, and productive in a way that would have been ...

by Alicia Wahlberg


apaleo origin stories: get to know Vasily Geyer

Our people make apaleo and its culture pretty darn unique. So, here's a chance to get to know them! We chatted with Vasily Geyer, our Backend Guru. He told us ...

by Alicia Wahlberg


apaleo origin stories: get to know Stephen Willms

Our people make apaleo and its culture pretty darn unique. So, here's a chance to get to know them! We chatted with Stephen Willms, our Lord of Onboarding. He ...


Subscribe to thepulse newsletter for:

  • The coolest industry stories and research
  • Sweet innovations from our app community
  • Secret invites and special offers
By entering your email you expressly consent to receive our newsletter every week and other material related to...