Pagsmile

Pagsmile secures rapid international growth, enhancing the performance and security of fintech services worldwide with Cloudflare

Pagsmile is an innovative Chinese game publisher and developer of fintech and ecommerce applications. Established in 2013 as a gaming sales platform for the Asian market, the company’s current flagship products, Pagsmile, an online payment service provider, and Smile.one, a full-featured, modern top-up platform for popular games, are steadily gaining international popularity, primarily in Brazil and Latin-American.

Privately funded with headquarters in Beijing, China, and offices in São Paulo, Brazil, Pagsmile is extending its top-quality gaming and financial services platforms to overseas customers. To support a wider customer demographic and promote steady growth in the Middle East, Europe, and Asia alongside its core Latino markets, Pagsmile has an internationalized workforce — 80% of its staff speak more than one language, and 40% are native to its target markets.

Challenge: Accelerating growth in the ecommerce and international financial services sectors

Operating in the ecommerce and international financial services sectors, Pagsmile prioritizes security and performance across its product platforms — a necessity for longevity and growth in an online landscape marked by ever-evolving, complex threats. To promote its expansion initiatives, the company also needed robust, well-documented security processes that could satisfy a host of international and regional regulatory requirements, particularly for Pagsmile, its payment services business.

“We needed to satisfy the regulators but, from a purely practical perspective, eliminating online fraud was our most pressing concern — database breach attempts and criminal activity aimed at compromising our customer accounts were increasingly common,” explains Jack Wang, Pagsmile’s Director of Business. “Most businesses in the payment industry have had money stolen at least once, so we needed to make sure that our office network and developer and production environments were safe as we pushed forward.”

As a startup with typically limited resources, Pagsmile faced additional growing pains as it expanded at pace. To efficiently manage its growing customer base and workforce, Pagsmile turned to the connectivity cloud, Cloudflare’s unified platform of cloud-native services, to accelerate digital transformation and improve its IT environments by:

  • Ensuring robust security to protect its data, employees, and customers against fraud, BEC, and data breaches
  • Maintaining a safe and scalable international work-from-anywhere application infrastructure
  • Streamlining compliance with international security standards
  • Providing a consistent, performant customer experience across unpredictable international network conditions

“In the last four years we have expanded the business dozens of times, growing our product and our staff and extending our market to areas with problematic network coverage,” says Wang. “Cloudflare gives us a way to provide our clients with a top-notch customer experience while balancing cost against security, performance, and efficiency.”

Solving problems in the connectivity cloud — securing public applications and websites against fraud and other online threats

Pagsmile began its quest to deliver superior experiences by improving security and performance with Cloudflare’s integrated and easy-to-use application services. As a starting point, the company implemented the Cloudflare web application firewall (WAF), DDoS protection, rate limiting, and bot management services.

“We selected Cloudflare because of its unique ability to solve problems,” says Wang. “Most companies in our industry use Cloudflare for its products' efficacy and broad functionality.”

Pagsmile relies on Cloudflare and the threat intelligence it collects natively across the connectivity cloud to keep its web platforms, applications, and customers safe against emerging online threats, particularly layer 7 Challenge Collapsar (CC) attacks that overwhelm their targets with complex, high-volume database operations.

“Before Cloudflare, our defenses were simplistic. We faced each attack independently, constantly adapting our strategies to cope,” says Wang. “Now, we still see advanced security attacks, but with Cloudflare as our front line of defense, we deal with them automatically so they don't affect our users or our business.”

Minimizing threats and optimizing resource workloads with Cloudflare automated detection and mitigation tools

Using technology like machine learning, Bot Management, and JA3 fingerprint , Cloudflare can mitigate complex layer 7 Challenge Collapsar (CC) attacks very effectively, such as low speed attack( 10 attack requests per IP per minute). Cloudflare application services also make it simple for the Pagsmile security team to differentiate between malicious and beneficial traffic.

“Cloudflare easily identifies the difference between genuine users and potential attackers,” says Wang. “That allows us to better categorize site traffic, and implement automated defensive measures to fit every circumstance. We commit the time and money we save towards expanding our products and improving our user experience.”

Thwarting BEC with cloud email security

Cloud email security is another solution in the connectivity cloud that protects Pagsmile staff and customers, this time against phishing, malware, business email compromise (BEC), and other socially-engineered email-borne threats. Wang recalls one BEC instance that underscored the urgency of implementing effective email security throughout the organization.

“BEC and phishing are terrifying — we once received a very convincing statement of accounts from one of our banking partners that contained a JavaScript application that would have severely compromised us if opened,” he recalls. “That is no longer an issue. Cloudflare email security is so effective that when we turned it on we stopped seeing threats overnight with no extra configuration — it intercepts thousands of problem emails every month.”

Work-from-anywhere employee access to applications and internal tools with Zero Trust Network Access (ZTNA)

Cloudflare’s Zero Trust platform provides the last piece of Pagsmile’s security and accessibility puzzle. The company secures its global offices, production environments, and data centers using Cloudflare Access for clientless context- and identity-based user identification. Access helps Pagsmile improve tech efficiency and protect the company’s critical apps and highest-risk user groups while promoting on-demand, frictionless global access from anywhere.

“Traditional safety is based on trusting IP addresses or geographic locations, but as a payments processor we need to accurately identify and audit each individual in every one of our offices,” says Wang. “With Cloudflare, we can add layers of protection — even to potentially insecure applications — and ensure we never expose our internal tools on the public network while maintaining seamless availability for employees worldwide.”

Enhancing the international user experience and improving infrastructure and application performance

To ensure optimal performance even in areas with limited international connectivity, Pagsmile leverages Cloudflare performance services on the global network. These include static content delivery via the Cloudflare global network, and Workers, globally deployed modern cloud applications from the Cloudflare Developer Platform that improve performance and scalability by avoiding round trips to the company’s origin servers.

Pagsmile uses the Developer Platform’s edge-based R2 global object storage to further improve performance and reduce bandwidth costs in the connectivity cloud. Eliminating fees for data egress, R2 integrates seamlessly with Workers to accelerate dynamic content delivery.

Using Workers, Smart Placement intelligently executes code in the connectivity cloud either closer to the data or closer to the user, whichever provides the best performance.

“Bandwidth, especially CDN traffic in Latin America, is expensive,” says Wang. “Not only does Cloudflare bring us cost savings, it is a networking pioneer that brings us tangible performance and user experience gains without ever compromising safety.”

With their portable multi-cloud architecture, Workers and R2 also simplify Pagsmile’s new product and application deployment efforts, speeding Pagsmile’s development, testing, and time to market as a growing enterprise.

Accelerating compliance efforts with out-of-the-box Cloudflare solutions

As well as protecting and accelerating Pagsmile’s day-to-day operations, Cloudflare plays a key role in helping the company maintain regulatory security compliance by meeting several fundamental Payment Card Industry Data Security Standard (PCI DSS) and ISO 27001 requirements out of the box.

Cloudflare compliance features like one-click certified region setup are ISO 27001 certified, and Cloudflare became a certified Publicly Identifiable Information (PII) Controller and Processor in 2021, laying the groundwork to help expedite Pagsmile’s certification process.

“Almost every Cloudflare product addresses one or another of our security, performance, or compliance use cases,” says, Wang. “It’s almost impossible for other vendors to compare with the confidence and variety of solutions Cloudflare brings to the table.”

It is that broad functionality in the connectivity cloud that has fuelled the Pagsmile-Cloudflare partnership since 2017. Pagsmile plans to continue the collaboration into the future, relying on Cloudflare to provide even greater technical advancements and unparalleled customer service.

“I admire Cloudflare’s people and the culture of innovation it has created,” says Wang. “Its products are strong, flexible, and solve a more comprehensive list of challenges than any other vendor in the industry.”

Pagsmile
Related Case Studies
Key Results
  • Blocked complex layer 7 Challenge Collapsar (CC) attacks very effectively, safeguarding sensitive data and securing customer transactions
  • Improved scalability and performance across international markets, ensuring a consistent, high-quality user experience for all
  • Accelerated regulatory compliance efforts
  • Reduced operational costs and increased efficiency through automated detection and threat mitigation
  • Enabled secure, work-from-anywhere infrastructure for a growing global workforce

“Almost every Cloudflare product addresses one of our security, performance, or compliance use cases. It’s almost impossible for other vendors to compare with the confidence and variety of solutions Cloudflare brings to the table.”

Jack Wang
Director of Business, Pagsmile

“Cloudflare email security is so effective that once we turned it on, we stopped seeing threats overnight with no extra configuration — it intercepts thousands of problem emails every month.”

Jack Wang
Director of Business, Pagsmile