Challenge
XP is the largest independent brokerage in Brazil, and its Global Account product offers currency conversion and transfers in US Dollars, and comes complete with a debit card for transactions and withdrawals. To launch the Global Account’s card program, and offer a market-leading user experience, XP needed to partner with a third-party card issuer and handle customers’ card data themselves.
Their card issuer required a rigorous PCI DSS review before allowing them to access cards in production. XP wanted to get their Global Accounts product to market quickly, so that they could offer the product to the 1M+ investors using their international investment account service.
To do so, they chose to partner with Evervault, and leveraged Evervault’s Payments Platform to secure customer card data and offload the majority of PCI DSS compliance overhead.
Solution
Using Relay, XP fetches card data from their processor’s API and lets Evervault encrypt the data before it touches their infrastructure. Using Functions, they can then retrieve card data from their own databases and render it in their app—without it touching their infrastructure in plaintext.
Impact
XP was able to build their custom debit card program with their processor and become PCI DSS compliant in less than 4 weeks. Not only was it faster, they did it at a price that was 60% less than what it would cost to manage the PCI compliance process themselves.