ebanx terms & conditions

Information Security Policy

September 15, 2023

EBANX acknowledges the responsibility of protecting all processed data and information, regardless of the fact that this information belongs to EBANX, partners or third parties. By protecting these data and information, we can guarantee our reputation as employers and trustable partners, allowing us to grow as a company and offering awesome services to promote the success of any client.

To prove our commitment with information security and data protection, EBANX implements the best security practices and controls on the market.

It is an employee's responsibility, no matter his or her rank in the company, to be familiarized and to fulfill our information security and data protection policies.

We commit ourselves to guarantee that our Information Security procedures are efficient, effective and continually improved, aiming to protect our data and information, thus avoiding any reputational, legal and financial damage.

As EBANX grew, the company acknowledged that its responsibilities and scope regarding PCI DSS also grew and became more complex. This demands that EBANX evolve making sure that the whole company is aware, engaged and organized in order to keep compliant with the PCI DSS standards, ISO 27001 standards and best security market practices.

This evolution goes through the strengthening of the current controls and processes and are followed by continuous improvement and consistent, repeatable and manageable processes that are part of the security routine allowing that all PCI DSS requirements are fulfilled or exceeded in our operation.

It is a top management and other leadership duty to guarantee that all necessary resources to fulfill these responsibilities are available and that its execution is efficient and effective. The C-Level shows unconditional support to the information security policies, procedures and actions related to the operation, keeping, control and processes improvement required by the ISO 27001 and PCI DSS certification and demands that all employees, partners and third parties do the same.


João Del Valle – CEO


Introduction and Objectives

The purpose of this Policy is to support the strategic vision of EBANX, to establish and maintain the Confidentiality, Integrity and Availability of information assets and technological resources owned or held by EBANX.

This Policy supports the approach to information security and information risk management, identifying and assessing information security threats, developing and implementing a combination of controls envolving people, processes and technologies to mitigate information security risks according to the risk level established by EBANX.

The objectives of this Policy are:

  • To comply with relevant regulations and legislation and reduce the damage caused by potential incidents;

  • To be in accordance with the organization’s business objectives and strategy;

  • Ensure that all ebankers, and all other parties acting on behalf of EBANX, are aware of their information security responsibilities;

  • Establish appropriate information security levels for EBANX to mitigate risks associated with the theft, loss, misuse, damage or abuse of information;

  • Protect information assets under EBANX’s control against compromise of their confidentiality, integrity and availability;

  • Set, establish and maintain security controls that are effective, sustainable and measurable.

EBANX will measure the fulfillment of all the objectives. The Information Security leadership is responsible for setting the method for measuring the achievement of the objectives – the measurement will be performed at least once a year and the Information Security leadership will analyze and evaluate the results and report them to EBANX top management as input material for management review.

This process is applicable to EBANX and other companies in its economic group, including EBANX Instituição de Pagamento LTDA. (EBANX IP).


Information Security Principles

To maintain the excellence of our services, one of our priorities is the commitment to security of information under our responsibility. This commitment is embedded in our Information Security Policy, which is based on the following principles:

  • Confidentiality - property that ensures that only authorized people or systems have access to certain information;

  • Integrity - property that ensures that only authorized people or systems perform the modification of certain information;

  • Availability - property that ensures that information is available to authorized persons;

  • Authenticity - the assurance that the information provided originates from the declared source, or that the author of the information is actually as stated;

  • Non-Repudiation - the guarantee that the person who signed or created the information will not deny doing so;

  • Information Security Management System (ISMS) - Methodology/concept based in the ISO/IEC 27001 standard, which aims to establish a continuous management and improvement information security process.

These principles aim to protect information from various types of threat, to ensure business continuity by preventing damages and maximizing return on investment and business opportunities.

For matters related to Information Security, please contact us at: infosec@ebanx.com