How Pattern (formerly Setoo) empowers e-businesses with secure, embedded insurance-as-a-service.

Founded in 2017 (initially as Setoo) and headquartered in Tel Aviv with offices in London, the company was born out of the AXA Group’s insurtech studio, Kamet.

In 2021, Setoo merged with Pattern Insurance to create a global leader in the embedded insurance space.

Their mission is to transform every online transaction into a protected experience, backed by major underwriters like AXA and Spinnaker.

As a provider of automated, parametric insurance, Pattern deals with highly sensitive payment information from "the clients of their clients."

Maintaining trust above all else

For an insurance platform, trust is the primary currency.

"A security breach will fracture the trust between our end users and our clients, and between our clients and us."

‍

Any security breach involving card data would not only fracture the trust between the end-user and the merchant but also between the merchant and Pattern.  

Staying out of PCI Scope

To maintain their competitive advantage and meet strict legal and regulatory requirements across multiple regions (Europe and the US), Pattern needed a way to collect and store payment data without the massive overhead and risk of becoming a high-level PCI-compliant entity themselves.

Pattern implemented PCI Proxy's Token Vault to externalize their payment data security.

Out of scope, out of mind

By choosing PCI Proxy, Pattern can securely capture and tokenize sensitive card information at the earliest possible stage of the transaction.  

"PCI Proxy allows us to offer an end-to-end air-tight solution... without compromising on security, scale, and quality."

‍

Because the data is intercepted and stored in the PCI Proxy vault before it ever touches Pattern’s servers, the company effectively reduced its PCI scope to the absolute minimum.

With PCI Proxy, Pattern achieved PCI compliance quickly and easily, allowing their product team to focus on developing new insurance products rather than managing security audits.

The integration provided:  

• Risk Mitigation: Sensitive payment data is stored externally, removing the "honey pot" risk from their own infrastructure.  ‍
• Seamless Experience: The tokenization process happens in the background, ensuring the frictionless customer journey that is central to their "Insurance-as-a-Service" model.‍
• Scalability: As the company expanded globally and merged with Pattern, the infrastructure remained robust and compliant across different jurisdictions.

"Being fast and agile for any startup is a MUST... becoming PCI compliant by using PCI Proxy was an easy choice."

In the world of InsurTech, security is not just a checkbox; it is the foundation of the business model.

For companies like Pattern that operate as a middle-layer between merchants and underwriters, externalizing payment data is a strategic necessity.

By using a token vault, they ensure that they never "touch" the risk, allowing them to focus entirely on their core mission: protecting the customer journey.

‍