Journey of the First Cloud-Born Payment Infrastructure in Amazon for Payment Cards — Wallester

Amazon for Payment Cards — Wallester

Wallester has successfully created a cloud platform in partnership with Amazon.

The critical point at the initial stage of building a new financial system was choosing the optimal location for the IT infrastructure. The importance of this issue can hardly be overestimated since the financial platform must be scaled for many clients, considering the significant spread of geolocations. In addition, it was necessary to ensure the new platform’s physical and cyber security reliability.

What is the cloud?

Cloud computing provides on-demand IT resources over the internet with pay-as-you-go pricing. Instead of buying, owning, and maintaining physical data centers and servers, users can access technological services such as computing power, storage, and databases as needed. This is precisely how the Amazon Web Services (AWS) cloud provider works.

Why we chose cloud and Amazon as a partner over on-premise

Creating your own data center requires substantial financial investments, and its flexibility leaves much to be desired. It is complicated to build a multi-regional solution. The cloud makes it easy and cost-effective. The advantages of this solution are obvious:

  • Pay-as-you-go
  • Faster product creation
  • Cost efficient
  • Convenient for development, popular solution
  • Reliable platform
  • Multi-regional infrastructure
  • High level of compliance and security
  • AWS is the most flexible and reliable cloud infrastructure available today, meeting the demanding requirements of the military, international banks, and high-profile organizations. The solution has a wide range of cloud security tools — more than 300 valuable services and functions. AWS maintains 98 security standards and compliance certifications, and all 117 AWS services that store customer data allow encryption.
  • AWS participates in the voluntary Security, Trust & Assurance Registry (STAR) program of the Cloud Security Alliance (CSA) to document compliance with best CSA-published practices.

Our journey on AWS

The Wallester platform was created in the cloud from scratch.

How did you get the idea of working with AWS?

Members of our IT team have had positive experiences with Amazon. This platform fully met our needs since it has all the necessary services to build a BaaS (Banking as a Service) platform.

Tell us about getting started with AWS.

We registered on the site and got access to AWS. The first step was to use free EC2 machines (t2.micro). This is the server where we hosted our resources, RDS, for data storage. We also used the EKS service to orchestrate the app containers. We realized that our platform would grow rapidly and continually require more resources for secure and fast banking operations, so we built the possibility of autoscaling into our architecture based on the metrics of our applications.

We followed the best DevOps practices using the Infrastructure as a Code approach to automate and simplify the management and development of our IT infrastructure.

During our product development, the number of microservices increased, and new tasks appeared and needed to be implemented. For example, we connected the Amazon service SQS (Simple Queue Service) asynchronously to decouple our microservices more from each other and let them talk in an event-based communication. In addition to the above, we use many Amazon services to develop, maintain and support our platform.

The most interesting for us was the PCI-DSS certification, which requires painstaking preparation and many resources. One of the main problems that needed to be solved was the encryption of the Hardware Security Module, which is mandatory for use in the card world. KMS, a PCI-DSS Amazon service that allows you to work with HSM in Amazon data centers, helped us. Thanks to KMS, we were able to fulfill one of the main requirements for the security and storage of card data in our databases. Amazon’s KMS makes cryptography affordable because buying and maintaining your own HSM modules is very expensive.

Another critical issue was the security of the channels through which our services communicate. We follow the best practices in the cybersecurity world and use Mutual TLS for RPC and HTTP protocols. To implement this, we used Network Load Balancers, which allow millions of requests per second and TLS traffic to pass through.

We are glad that we have chosen Amazon as our partner, and currently, we use more than 30 different services to help us solve complex problems.

Security

Level 1 Payment Card Industry Data Security Standard (PCI DSS) is the primary certification required for issuing credit cards. Obtaining PCI DSS compliance is not easy – 12 requirements must be met before certification can be given to on-premises or cloud services. After an initial evaluation, Wallester chose Amazon Web Services (AWS) for certification.

A key benefit of using AWS is its seamless compliance support, which can save you significant time and resources. Wallester became one of the first financial service providers in the world to receive PCI DSS certification and enable payment transactions in the cloud, as well as the first cloud operator certified by the Estonian Financial Supervisory Authority (FSA).

Results

We built our cloud payment infrastructure through our partnership with Amazon. Today, we serve hundreds of companies across Europe, have created dozens of unique products in collaboration with our partners, and have processed millions of payments. We have accomplished this in compliance with the highest PCI-DSS Level 1 security certification requirements and Amazon’s 99.99% SLA support.

Please, improve your experience!

You’re using an unsupported web browser. As Wallester supports the latest versions, we highly recommend you use an up-to-date version of one of these browsers:

Chrome
Download
Firefox
Download
Safari
Download
Opera
Download
Edge
Download