Take control of open source security—discover ActiveState’s new management platform!

CASE STUDY

Mercury Financial Harnessed the Power of ActiveState for Unrestricted Upgrades for Python 2 Beyond End of Life

Share

INDUSTRY

FinTech

CHALLENGES

  • Pass PCI audit
  • Securing Python 2 legacy code
  • Migrating legacy code from Python 2 to Python 3

RESULTS

  • A secure Python 2 interpreter backed by commercial support ensures a PCI audit pass
  • Security patches for Python 2 vulnerabilities as they’re discovered ensured customer data remains secure
  • By freeing up developer time and resources from focusing on maintaining and secure Python 2 code, the company can speed up their migration to Python 3

Mercury Financial is an innovative Texas-based FinTech company that’s been revolutionizing the credit card and consumer lending industries since its inception in 2013. With a focus on delivering a premium user experience to its ever-growing customer base, which currently stands at over 2 million and counting, Mercury Financial has fully embraced cloud computing. However, in order to protect its customer data in this cloud-native environment, the company needed a comprehensive suite of products, services, and threat intelligence. Previous partnerships with legacy security vendors failed to meet their requirements, leading Mercury Financial to seek out a modern solution.

The Challenge

The challenge faced by Mercury Financial was twofold. First, they needed to secure their Python 2.7 code, which was vital for their day-to-day operations and data processing, in order to be able to pass their PCI audit. Second, they needed to partner with an expert that could support them during the migration of their legacy Python code in order to ensure a smooth transition to the future.

The Approach

Mercury Financial has about 50,000 lines of Python code in Python 2 that is used to process credit card data and the data is received and sent from numerous third parties. With official support for Python 2 having ended on January 1, 2020, Mercury has been gauging the tradeoff between continuing to maintain and secure their legacy code themselves versus biting the bullet and migrating the code to Python 3. WIth the pressure of a PCI audit looming, the balance had finally tipped in favor of migration, but in the meantime they needed a partner that could provide them with Python 2 support, maintenance and security fixes.

The Solution: ActiveState a Trusted Provider

In the research process, Mercury Financial discovered that ActiveState is the only company that has forked and continues to maintain a secure version of the Python 2 interpreter. ActiveState’s commercial support offering perfectly aligned with Mercury Financial’s needs, and even offered them a way forward to a securely built version of Python 3, if required.

ActiveState provided Mercury with a version of Python 2.7, including an interpreter that has been patched to remove multiple critical vulnerabilities over the past three years. The ActiveState interpreter worked out-of-the-box with Mercury’s existing code, facilitating a seamless transition to a secure solution, thereby ensuring batch file processing, data warehousing, and various operational activities crucial to their business could continue without interruption. With maintenance and support provided by ActiveState, the company had the peace of mind they needed, knowing that their critical infrastructure and customer data were protected. This allowed them to focus on providing exceptional services to their customers and meeting industry compliance requirements.



“PCI audits require secure code and builds because of the customer data that the company stores. ActiveState’s Python 2.7 interpreter empowered us to secure Python 2.7 quickly and efficiently.”

– Michael Connolly, Director of Data Services & Engineering, Mercury Financial


 

Benefits & Results

With ActiveState now responsible for patching security and vulnerability holes in the Python 2 interpreter as they’re discovered, Mercury Financial can free up developer time and resources to focus on migration, which is expected to take only six months now. And with commercial support provided by ActiveState, Mercury Financial will be able to pass their yearly PCI audit with ease. The maintained version of Python 2.7 from ActiveState ensured that their code remained secure, patched, and supported, meeting the strict audit requirements and demonstrating their commitment to data security.

The ActiveState Difference

Mercury Financial’s search for a reliable Python 2 partner led them to ActiveState for a number of reasons. ActiveState’s unique position as the only provider to offer a patched and maintained version of the Python 2 interpreter made them stand out from the competition. And with more than 20 years of providing commercial support to companies big and small, Mercury knew they could count on ActiveState’s expertise to ensure a smooth transition to the new solution. With ActiveState, Mercury Financial found a partner that not only met their technical needs, but also aligned with their vision of software supply chain security to help ensure customer data remained secure.

Mercury Financial’s partnership with ActiveState has been instrumental in achieving their goals of securing their legacy Python 2 code and facilitating a smooth migration to Python 3. As they continue to embrace cutting-edge technologies and industry standards, Mercury Financial looks forward to exploring the exciting possibilities offered by ActiveState’s comprehensive platform.

Financial Services organizations often struggle to navigate the complexity of balancing security with software development schedules and implementation while (in this case) ensuring they can pass the  audits demanded of their regulated industry. Mercury Financial has successfully navigated these complexities by partnering with ActiveState. Security & development are now able to walk hand-in-hand with ActiveState’s tools and expertise supporting their journey.

Still Running Python 2 Past EOL? Get Python 2.7 from ActiveState

Extended support offers our exclusive Python 2.7.18.x builds which include security patches addressing vulnerabilities identified in the core Python 2 release.

Why Download Python From ActiveState?

ActiveState has been programmers’ trusted provider of Windows, Linux, and macOS Python distributions for more than 20 years. We offer the latest versions of a number of open source programming languages, including Python, Perl, and Tcl.

We specialize in stable, secure, and easy-to-deploy Python environments. Our universal package manager, the State Tool, allows you to build your runtime from source code, reducing your exposure to vulnerabilities. We also provide advanced dependency management, reducing the need for bug fixes.

With ActiveState, you can install Python and the State Tool directly in the command line, or you can use a Windows installer for Python 3.8 or 2.7. We allow sign-up with GitHub and provide numerous tutorials in our community forum.

Additional Resources

Scroll to Top