Xsolla Case Study
Xsolla and Its Millions of Microtransactions
Scaling API Security for the payment processing platform
- Industry: Fintech
- Products purchased: API Threat Protection & API Security Testing
- Google Cloud Platform
- Protected sites: Xsolla.com
Have you ever paid to change your eye color? Would you pay for an amazing cybernetic weaponized arm or turbo engines? Evidently, millions of ordinary people will. Sometimes something niche revolutionizes a much bigger industry. Enter Xsolla, the video game business engine that helps developers operate and sell more games globally. Nothing has done more for e-commerce and the growth of in-app purchases than video games, exchanging virtual bounties for real-world currency. In-game purchases are filled with tough challenges around surges in traffic, international players, multiple currencies, and high-volume micropayments. At the heart of that is Xsolla.
Life in 2005 witnessed the unveiling of Xbox 360 and Playstation 3, over $10.5B of US sales for the video game industry, and the newly born MMORPG World of Warcraft ranked #1 as top-grossing video game. By 2020, it’s expected that over $32B will be spent on in-game purchases alone—three times the total of the 2005 sales across the industry, from accessories to hardware.
Monetization of gaming was a fresh concept, growing in tandem with larger builds, open worlds, and sequences.
Now, the market continues to grow. In-game purchases are a niche form of in-app purchases. And, Xsolla has grown as well into a global company working with more than 2,000 game projects worldwide.
Xsolla operates as the Merchant and Seller of Record for major gaming entities like Valve, Twitch, Ubisoft, Epic Games, PUBG and more.
Strong Security Measures
As a fintech company in the gaming space, one of Xsolla’s most important priorities is protecting its customers’ data. The complexity of that challenge grew as Xsolla grew from a local company to a worldwide service. Their clients depend on global players to pay in whatever way is most convenient for them. Compliance with PCI DSS was crucial.
In 2015, Xsolla was looking for something that would protect from the broader range of threats and at the same time would be easy to use and grow with the company. And, they wanted it to be as continuous and thorough as they are in their own CI/CD. There is no time for slowdowns when the global gamer is always online.
"We started using Wallarm in 2015. For more than five years of a successful partnership, we’ve used their solution in the blocking mode across our entire infrastructure. It has shown high efficiency in detecting attacks, with an insignificant rate of false-positives. We recommend this solution as a proven and effective WAF and API protection to anyone who wants to increase the security for their business."
Konstantin Golubitsky, Xsolla CTO
Wallarm Finishes the Competition
Wallarm helped Xsolla to up their security game without reinventing the wheel. It provided the ease of use they needed and intelligent threat detection.
As Xsolla grew, the importance of compliance grew. Working with international payment and banking systems all over the world, they were required to be certified under PCI DSS, specifically where requirement 6.1 called for a WAF.
Results: More Than a Technical Win
“The key things we were looking for in a security solution are effectiveness, ease of use, ease of deployment, and good technical support. Wallarm met all of these requirements.”
The biggest takeaway for Xsolla is that Wallarm is an incredibly easy-to-use product. They love the machine learning aspect, which allows them to focus on growth. The interface is clear and intuitive, and there were no problems training anyone at their company. Switching to Wallarm’s enterprise solution with support meant minimal resource allocation from Xsolla. Once tuned initially, it just worked. Instant security upgrade.
Here’s how Wallarm helped
- Set it up, let it run
“Unlike ModSecurity, Wallarm is an Enterprise solution with full support and doesn’t require continuous attention. Once the system is turned on, all we do is look at the reports, and from time to time, review the rare false positives and feed the information back into the system.”
“Security and compliance are critical in protecting users’ personal data. As a company, you protect your customers at all costs.”
- Plug-and-play deployment
“We didn’t need to change anything in the application deployment infrastructure. The installation itself is easy and straightforward.”
- Technology powered by ML learns while we grow
“Each of our custom self-written applications had their own loads and their own traffic profiles. Wallarm is a self-learning system, so it was initially in the learning mode to understand each of the context and learn each of the applications.”
- Excellent customer service
“We’ve had a great experience with Wallarm technical support. We have a direct communication channel where response time is almost immediate.”