Paylance is an online crypto exchange where users can buy and sell USD Tether (USDT) and Bitcoin (BTC). From employee payrolls, supplier payouts, merchant disbursements to agent commissions and other organizational financial transactions, Paylance makes accepting and disbursing funds effortless across the globe by using crypto as a remittance tool.
Millions of dollars run through the Paylance platform, so the company requires a very rigid cybersecurity program. In fact, they run regular external Vulnerability and Penetration Testing (VAPT). However, with the increasing threats of malicious hacks in the crypto and fintech industry, Paylance sought to bolster their cybersecurity program even more.
In September 2019, Paylance launched its Bug Bounty Program (BBP) in the Secuna DISCOVER platform — BBP is a program that incentivizes cybersecurity professionals to test assets and report security vulnerabilities through the Secuna DISCOVER platform, by offering USD$ or Bitcoin bounties for each validated security vulnerability report.
Paylance set a reward from USD$50 up to USD$200 for every valid bug discovered. Within sixty (60) days of running the BBP, around 100 Secuna-vetted security researchers conducted testing, which resulted in more than 25 security vulnerability reports. With Paylance subscribed to the Secuna MANAGED service, Secuna’s Infosec Team further filtered the reports down to 4 valid vulnerabilities that Paylance was able to address quickly.
Paylance has since awarded bounties in a total of USD$200, and the 4 Indian and Filipino security researchers who found low severity vulnerabilities were paid USD$50 each. Thanks to these cybersecurity professionals, the crypto exchange saved thousands, or even millions of dollars that might have been lost to hackers with malicious intent.
Paylance deems the Bug Bounty Program a success so far, and the company regards the Bug Bounty Program as “an essential must-have tool in the cybersecurity arsenal of any company in the Philippines or abroad.”
Secuna is a trusted cybersecurity testing platform that provides organizations a robust and secure platform that enables them to collaborate with the top security researchers from around the world to find and address security vulnerabilities.