The customer is a leading Malaysian and ASEAN content and consumer company in the Digital, TV, Radio, and Commerce space. The OTT platform of the customer could provide access to their content at any time, anywhere and at multiple screens. The customer was looking to move to more secure and scalable infrastructure and mitigate costs related to PCI-DSS compliance. 

The Need for Scalable Infrastructure and Reducing Cost of PCI-DSS Compliance

Until 2017, the company’s team was using an on-premise payment gateway having various constraints like scalability, security, limited payment methods, etc. Precisely, below were a few major challenges faced by the business:

  • The constant risk of fraudulent attacks due to an application built on a legacy technology stack.

  • Frequent downtime affecting business outcomes.

  • With the increased demands and onboarding of new partners, the team realized the need of having a scalable infrastructure that was lacking in the on-premise system.

  • The on-premise system was lacking good user-experience impacting the growth of the business.

  • The PCI-DSS compliance scope was huge in the on-premise system, thus, adding the operational cost. 

To overcome the above challenges and citing the future growth in the payment’s domain, the company decided to move to a scalable and secure solution. Also, one of the primary requirements was to reduce the PCI-DSS compliance cost.

How Blazelcan Helped Customer Overcome these Challenges Using AWS Cloud

The company’s team was looking for a solution that could meet the aforesaid challenges within a year. Therefore, the company collaborated with Blazeclan to deliver a scalable and secured cloud-native solution in less than a year reducing the overall cost and improving the company’s ROI.

A few highlights from the new solutions provided are:

  • Agile Practices: This was a pioneer project to adopt best engineering practices like branching strategy, implementation of code quality gates, code reviews, code coverage, etc. It is also one of the only projects in the company with a higher agile maturity index and which has implemented the modern pod structure of the scrum. This ensured that the teams both onshore and offshore can seamlessly work contributing to more productivity. As a result, the average print velocity of the team has increased from 50 story points to about 70 story points per sprint.

  • Automation: On the on-premise system after and before every deployment, testing was done manually, hence, this resulted in additional time and human efforts. On the other hand, the on-cloud system automated 80% of its features ensuring zero human efforts and time. The automation scripts are part of the CI/CD pipeline. Additionally, all the success and failure alerts are made available in the slack channel for quick action.

  • Loosely-coupled Cloud Solution: The new on-cloud system, unlike the old on-premise system, is loosely-coupled, hence, implementation of features like merchant tokenization, card tokenization, etc. were made easy and quick. Also, APG has used services like S3 and Glacier to back up older data and purging non-relevant ones, to make the database more reliable and performant.

  • Moreover, the SFTPS3 was implemented in the new infrastructure to remove connectivity and availability issues reducing the manual interventions

  • Cost-effective Infrastructure: To save the cost in non-working hours, the company’s Payment Gateway has optimized servers in such a way that they automatically shut down and turned-on in working and non-working hours respectively. This is one of the best advantages that AWS offers as it makes it cost-effective when the infrastructure is not in use. 

  • As Lambda was not based on the event trigger mechanism earlier, the team implemented the SQS-based triggers because of which it was called only in case of an event, thus, resulting in drastic cost-reductions. 

  • Operational Excellence: With a view to reviewing every aspect of the application for quantitative project management, the operational reports are shared on a weekly basis to all the stakeholders. In this process for weekly reporting, we focus on Server Health Monitoring, Infrastructure Metrics, API Monitoring, Business Metrics & Defect Management System (Ticketing System). This initiative has facilitated the review to be done on a broader scale and to proactively take certain necessary measures for optimizing the overall cost of the system without compromising the performance.

In the case of APG, there are several suggestions made which helped in reducing the cost considerably. A few of them are:

  • Deletion of unused EC2 AMI’s 

  • Configure lifecycle policy on S3 buckets

  • Modify instance type of Elasticsearch

  • EC2 instance type migration

  • RDS DB type migration

  • Reservation of Elasticache, EC2, RDS, and Elasticsearch resources

The payment gateway solution provided to the company is highly secured and compliant with PCI-DSS. It is one of the few projects to qualify the company’s CCOE program. The solution allowed all the communication to happen over the API. Hence, with a microservices architecture, the new solution reduced the PCI-DSS scope enabling communication through a well-defined interface using lightweight APIs. 

The solution also ensured that all the credit card information is masked, and TLS encrypted when the information was in transit. It strengthened the ability of fraud detection and took timely actions to protect highly customer data.

  • Savings: The cloud-based infrastructure brought massive savings as it allowed servers to shut down in the non-working hours and the payments were made only for the actual usage, because of which, the team saved nearly $2460 annually. 

  • High Scalability: In the new solution provided, the customer was able to adjust its infrastructure to any alterations as per user demand. The new infrastructure brought auto-scaling as a major feature with no downtime. Additionally, the scalability allowed the business to onboard over 15 partners to date.

  • Speed: The company’s and Blazeclan’s team commenced an Agile-DevOps solution that resulted in a better user experience. With the help of this cloud-transformation, the users could now complete their transactions in a much simpler yet quicker manner.



Tech Stack

Amazon EC2

Amazon S3

Amazon Elasticache

AWS Redis

Amazon SQS

Amazon SNS

Glacier

Amazon Elasticsearch

Amazon ELB

AWS Lambda

Amazon SES

Amazon RDS

Amazon API Gateway

Amazon CloudWatch

Amazon VPC

AWS Athena

AWS IAM

Service Tags: , , , ,