Executive Summary
Launching a new financial services product required this e-commerce giant to move beyond unmanaged open source packages to a model featuring indemnification and enterprise support. By partnering with ActiveState, they secured their Python environment against data breaches that cost Australian firms an average of $2.78 million. This partnership ensures compliance with strict data privacy policies while protecting the brand’s reputation.
About the Customer
The company is a premier Australian e-commerce destination known for its diverse range of retail and service offerings. The company recently expanded its portfolio to include a new white-label credit card product. As a high-volume digital platform, they handle significant consumer data and financial transactions, necessitating world-class security and data protection standards.
The Challenge
The launch of the credit card product introduced a new level of regulatory and financial risk. Developers at the company were traditionally using public open source packages that lacked official support or indemnification. Under strict data privacy and protection policies governing financial products, this “unvetted” approach was no longer viable. With the average cost of a data breach for Australian firms rising to $2.78 million, the company needed a way to satisfy compliance requirements without slowing down its development teams.
The Solution
The company chose to work with ActiveState as their secure build provider. The solution focused on obtaining vetted versions of critical Python packages that met their internal security standards. Beyond just providing secure code, ActiveState provided the enterprise-grade Service Level Agreements (SLAs) and legal indemnification required to satisfy the risk management framework of their financial services branch.
The Results
- Mitigated Multi-Million Dollar Risk: The move directly addressed a risk profile valued at $2.78 million per potential breach.
- Policy Compliance: The team successfully transitioned from public, unvetted packages to a secure foundation that satisfies data privacy mandates.
- Enterprise Indemnification: For the first time, the company secured legal protection and indemnification in the event of a data breach related to their open source libraries.
- Guaranteed Support: The development team moved from community-only support to an enterprise SLA, ensuring rapid resolution for critical issues.
Securing the Future of Fintech
A representative from the project emphasized that the security of their customer’s financial data is paramount.
“Using public packages without support or indemnification was exposing us to unnecessary risk,” they noted. By leveraging a secure build provider, the team gained the peace of mind necessary to scale their new credit product.
What’s Next
The company will continue to use ActiveState to manage the Python environment for its credit card transactions, ensuring ongoing compliance as they process increasing volumes of revenue and consumer data.
