A payment platform's triumph: Balancing autonomy, security, and compliance at EBANX

EBANX, a leading payment platform in Latin America, supports diverse payment methods such as credit/debit cards, boleto bancário, and local bank transfers. Global businesses like Airbnb, Uber, and Coinbase rely on EBANX for their payment processing and infrastructure needs in Latam.

The challenge: Ensuring security and compliance.

With millions of transactions processed daily, EBANX must protect sensitive data and navigate various security and compliance challenges:

• Safeguard credit card numbers, bank account information, and personal identification data
• Address security controls and compliance challenges in the financial industry
• Ensure data privacy and manage operational risk
• Adhere to regulatory compliance such as Payment Card Industry Data Security Standards (PCI DSS)
• Demonstrate commitment to preventing financial crimes
• Maintain the integrity of the payment ecosystem

By adhering to these regulations, EBANX showcases its commitment to preventing financial crimes and maintaining the payment ecosystem's integrity.

Cultivating a culture of innovation and collaboration.

EBANX believes in empowering developers with autonomy to encourage innovation and collaboration. However, it is crucial to balance autonomy with accountability, security, and responsibility. EBANX recognizes the importance of meeting compliance and regulatory requirements to ensure customer safety and security.

Pursuing their vision, the EBANX team embarked on the development of an internal tool designed to provision temporary user accounts for their engineers. The journey to the first iteration spanned several months, during which the tool became a focal point for internal grievances. Its sluggish performance and poor user experience, combined with a shortage of essential features, significantly hampered its effectiveness. Additionally, the team found themselves constrained by limited resources, hindering their ability to enhance and refine the tool.

The solution: Hoop.dev.

EBANX chose Hoop.dev to provide its development and support teams with autonomy while maintaining security. Hoop.dev enables central control over access and audits all user activity, ensuring compliance with PCI-DSS standards. It also introduces new approval flows, such as requiring user authorization for scripts containing SQL statements or PL/SQL blocks with write operations, providing an additional layer of security.

Thanks to Hoop.dev, EBANX can:

• Offer developers secure access to databases
• Audit, troubleshoot, or provide evidence for any user action across all platform connections
• Automate tasks through integrations like Slack, PagerDuty, and Github
• Manage secure and auditable database access
• Eliminate insecure silos
• Improve approval flows for write and delete queries

A platform for secure and auditable access.

Positive transformation.

Alysson Regio, a Cloud Security Engineer at EBANX, highlights the benefits of using Hoop.dev:

1. Better-defined roles and clear audit events across the organization, enabling easy access to evidence for compliance or audits.
2. Delivering autonomy to developers while maintaining security flow approvals and auditable access, eliminating silos or interdependencies that could slow processes.
3. Automating operational tasks and integrating with third parties like Slack and PagerDuty, promoting developer autonomy.

With Hoop.dev, EBANX has successfully balanced developer autonomy with security and compliance, leading to a more efficient and secure payment platform.