Scentbird is a subscription service for perfumes, colognes, candles, and car fresheners. Scentbird was founded in NYC in early 2013 and established as a subscription business in 2014.
Scentbird enables its users to choose and receive a supply of sample designer fragrances monthly before buying them. It has grown to have more than 700,000 active subscribers.
Headquarters
New York, USA
Jscrambler’s client
Since 2024
Industry
E-commerce
Use cases
PCI DSS v4 Compliance
Scentbird has been developing its e-commerce subscription platform in-house. That came with handling many things, including security and compliance and working with multiple payment providers. One of the things that were being asked from one of the payment providers was to be PCI DSS compliant. Aside from that, it was essential for Scentbird to ensure that its audience could trust Scentbird with its data. Andrei Rebrov, CTO & Co-Founder at Scentbird, shares, "The customers should safely leave their credit card information on our website. If people think something is wrong, they will feel unsafe, and there will be no conversion. And if there's no conversion, there is no revenue." The Scentbird team realized that with the upcoming change in PCI DSS, they needed a proper way to comply with the specific requirements 6.4.3 and 11.6.1.
The team's most important question was what was going on with the customer data. Traditional cookie consent management platforms didn't track who interacted with which form, the changes inside the scripts, or what kind of data was being transmitted outside.
Scentbird mission is to give users fragrance recommendations and personalizations. So, Scentbird has to collect information about the customer and share this information with marketing platforms to fuel personalization. So, it was essential to achieve a balance between the information they gathered, how they treated it, and how they controlled the third-party scripts on their website. They needed a solution to help them control third-party scripts without spending too much time tending to minor changes.
“So what starts as a list of around 60 different scripts and pixels and sort of interactions with a third party, might be the list of 100 more with the dependencies. And then when you start looking at the scripts for the past 30 days, you will see a huge list with one script that has changed the version every other day. It’s a minor change, but it’s very annoying.”
Andrei Rebrov, CTO & Co-Founder at Scentbird
The Scentbird team first examined several cookie consent management tools that offered PCI DSS compliance. However, they didn’t provide a proper solution and couldn’t answer any specific PCI DSS questions. Another category of solutions they looked at were big enterprise platforms (CDNs, WAFs) that would cost a lot of money and would have you undergo a rigorous integration process. Moreover, Andrei, Scentbird’s Co-Founder, noted that while the major platforms often release features aligned with their general protection offerings, they do not delve deeply into specific matters like PCI DSS v4 compliance.
It was clear to the Scentbird team what they needed to do. Andrei notes, “The Jscrambler team explained how the integration would work, how to prepare for the audit, how to view the rest of the inventory, how notifications about specific changes would be received, how those changes would be reflected, and how we should respond. I appreciate this in a partner—they provided a clear protocol and outlined exactly what I needed to do. I had no additional questions and felt confident about using the product properly.” Andrei shares that it was quite easy to implement the solution, and there were no major obstacles.
“I didn’t want to spend a lot of time having someone on my team manage this. So, I was looking for something I could implement once to ensure we are protected. If something new comes up, the team will reach out to notify me about changes and any actions I need to take, allowing us to focus on what we do best: selling fragrances.”
Andrei Rebrov, CTO & Co-Founder at Scentbird
Top Jscrambler Features for Scentbird
PCI DSS v4 compliance status with the Jscrambler Agent
Convenient alert mechanisms for PCI DSS compliance
Ease of use and quick implementation
Scentbird became PCI DSS-compliant in early 2024, well ahead of the 2025 deadline and earlier than many e-commerce companies.
When asked why Scentbird chose Jscrambler, Andrei mentioned the delivery of what they needed to be PCI DSS-compliant, quick implementation, and the quality of the Jscrambler team's support.
Related resources
