Challenge

Keeping customers’ payment information secure is a fundamental business requirement. Unsurprisingly, the payment-card industry’s data security standards, PCI DSS, requires sellers taking payments over the telephone to implement significant measures to protect their consumers.

When a new secure method of taking telephone payments emerged that enabled customers to use their keypad to communicate card numbers during a call without exposing them to the seller’s agent, it was a game changer. Contact centres would no longer need to place payment-taking agents in secure, monitored areas away from other operations. Small merchants could take payments without exposing their customers to real or perceived risk. And card users could feel safe that they were not exposed to potential fraud. 

However there was one problem: it was only available as an on-premise installation requiring substantial time and cost to install. The challenge was how to replicate the solution as a SaaS service that would remove the barrier to adoption for large and small merchants alike. 

Approach

For maximum flexibility and scalability, the obvious answer was to build a multi-tenant service on AWS. However, this created a further technical challenge: how to secure a shared infrastructure to the level demanded by PCI-DSS for this kind of application.

Received wisdom was that security to the level required would inevitably restrict application flexibility and scalability — many questioned whether it was even possible on a multi-tenant public cloud. The team set out to prove the doubters wrong.

Working closely with a security architect and QSAs (qualified security assessors) from Amazon, the team developed a three-pronged approach to system security: 

• Perpetual image ‘hardening’: An infrastructure-build process was developed that ensured any instance brought into service was built from the virtual equivalent of bare metal to a prescribed, automated security-hardened specification;
• Security-centric continuous-delivery pipeline: A CD software-release process with security controls, measures and auditability intrinsic to it — in short a rigorous application of what is now referred to as “devsecops”;
• Comprehensive event monitoring: Using Splunk, the team was not only able to actively monitor and manage platform health, but was also able to monitor its estate to detect and prevent threats and optimize incident response.

Through a process of creative problem solving and by putting information security at the heart of the systems-and-operational design process, the team created a PCI-DSS-compliant application without compromising the intrinsic flexibility and scalability advantages of cloud. 

Furthermore, by harnessing AWS’s seamless geographic reach, the team was able to launch the service in any region in a matter of hours not days.