Case Study: BAC Credomatic achieves PCI DSS compliance and safeguards against ransomware with ExtraHop RevealX

BAC Credomatic and RevealX Defend Against Ransomware

BAC Credomatic, the largest financial institution in Central America with 4.5 million clients and 22,000 employees across multiple countries, needed to standardize cybersecurity to meet PCI DSS requirements and defend against a 2022 surge in Conti and Hive ransomware. The bank faced a visibility gap—unharmonized servers, applications, and users created blind spots that weakened its security posture and compliance efforts.

BAC implemented ExtraHop RevealX network detection and response to gain AI/ML-driven, end-to-end visibility and centralized IOC dashboards by country. Integrations with third-party tools enabled automated detection and containment, dramatically reducing false-positive investigations (previously ~5,000/month), allowing teams to maintain legacy systems while meeting compliance, and achieving five months without breaches—strengthening trust and operational efficiency.

BAC Credomatic

Vinicio Chaves Alvarado

Cybersecurity Manager