About Countingup
Countingup is a business current account and taxes solution designed specifically for the UK’s smallest businesses. Serving micro-businesses across the country, Countingup combines the functionality of a traditional business bank account with automated bookkeeping and tax tools in one place.
Challenge: Meeting Strict Compliance While Minimising Admin
As a business operating in a regulated space, via a white-label Banking-as-a-Service provider, Countingup must regularly evidence security best practice. This includes providing annual penetration test results and providing their banking partner with details of vulnerability scan data and insights.
Before partnering with OnSecurity, Countingup relied on separate security vendors for manual penetration testing and automated vulnerability scanning. Although technically strong, this arrangement created significant administrative overhead, especially when preparing for and scheduling repeat annual tests.
Mike, CTO at Countingup, shared: “The manual pentesting firm we used previously was very good from a security point of view. But the admin overhead every year was more burdensome than we wanted.”
With the same regulated testing required each year, Countingup looked for a solution that would streamline processes, reduce repetitive work, and integrate directly into their security workflows.
Why Countingup Chose OnSecurity
Countingup’s priorities were clear:
1. One integrated platform
Switching to OnSecurity allowed Countingup to manage scoping, testing, communication and findings in a single place, which was a major draw.
“There’s obvious efficiency in getting both automated scanning and manual testing from one provider… It’s really useful to have it all in one place.”
2. Deep Slack integration
Countingup utilises Slack for its security vulnerability process. Having OnSecurity’s findings, scans, and pen-test updates delivered to Slack was essential.
“We’re big users of Slack. Your Slack integration makes everything easy for the team and helps democratise access to information.”
3. Minimal administrative overhead
With templated scoping forms, saved answers from previous years, and the ability to clone repeat tests, OnSecurity significantly reduced prep time.
“Preparing for tests used to involve big documents. With OnSecurity, everything is formulaic and easy. Cloning last year’s setup saves us at least half a day.”
4. Clear, practical reporting
Without a dedicated security team, Countingup values the clarity and actionable nature of OnSecurity’s findings.
“Your team puts the work in upfront. Explanations are always clear and remediation actions are obvious.”
Solution: Straightforward Testing for a Lean Team
Countingup operates with an experienced engineering team, but no dedicated security staff. Instead, security responsibilities are shared, with a small approval group handling final sign-off.
OnSecurity’s platform fits this structure perfectly:
- The four approvers use the OnSecurity platform
- The wider team receives read-only Slack alerts
- No need for complex access group setups
- Testing is fast to schedule and repeat
OnSecurity also supports Countingup’s approach to balance security best practices with real-world financial inclusion requirements, such as supporting older mobile devices.
“You recognise the tension we face between ideal security and FCA financial inclusion principles. It’s clear in your reporting that you understand those constraints.”
Impact: Faster Testing, Clearer Communication, and Lower Overhead
By switching to OnSecurity, Countingup:
- Reduced annual test setup time by at least half a day
- Consolidated manual and automated testing into one straightforward workflow
- Improved visibility across the engineering team via Slack
- Eliminated bulky document-based scoping
- Streamlined compliance reporting for its banking partner
“The ease of scheduling repeat tests and interacting with your testers through the platform has been excellent. They clearly put a lot of thought into what they send back to us, which makes our life easier.”
Would Countingup Recommend OnSecurity?
“Yes, absolutely. You’re very easy to work with, which is really important for something we must do every year. Even when we’ve needed to schedule a test at short notice, you’ve always done your best to accommodate us.”
Countingup’s positive experience even extended through due diligence: when a shared investor was considering investing in OnSecurity, Countingup served as a qualifying reference call.
From compliance-driven annual testing to ongoing vulnerability management, Countingup’s experience with OnSecurity has been consistently positive. The combination of seamless integrations, reduced admin, clear communication, and strong tester collaboration ensures Countingup can meet regulatory requirements efficiently, without diverting focus from product development.
“It’s been very positive on all fronts. From setup to scheduling repeat tests to the quality of interaction with your testers, the whole engagement has been excellent.”
Start your security partnership with OnSecurity today. Get an instant quote now!
