PCI Product Integration with Partner System for Leading Payment Service Provider
Our client is a leader in payment processing services. The company is a multi-solutions corporation that process all types of payments, including alternative payment solutions for e-commerce merchants, debit and credit card processing services, wallets, prepaid cards and vouchers, direct debit payments, off-line payments support, and more. A sizeable part of their portfolio is a B2B segment. They offer turn-key solutions, integrating payments processing modules into enterprise systems throughout various industries.
One of our clients major customers (merchant) was developing a new webservice layer for their platform. This new layer had already been connected to various competitor’s payment partners. Although our client had one point of integration with its customer’s platform, its technology team were too slow to implement some of the payment processor risk management product and features. This resulted in instances of authorization issues and transactions being declined. Our client was at risk of losing its position of preferred partner with this customer.
The project required the development of a solution that integrated our client’s modules with the software from the client partner’s side.
To design the system properly during the discovery phase, SoftServe conducted a series of workshops that included the following activities:
- An audit of the client’s system, focusing on architecture and security issues
- A feasibility study of the integration of the two systems
- Mapping out the best way to integrate the systems (architecture vision and systems functional requirements issues)
- Identifying limitations and best approaches testing recommendations.
The solution introduced by SoftServe is a connector integrating the client’s processing system UI and their partner’s input data system. When the merchant initiates a transaction, it calls the SoftServe component and transmits all the data about purchase/transaction. The component transforms the transaction information to make it compatible with client’s secure risk management feature. Then the component calls the client’s security feature API to submit the data from the merchant. Thus, the transaction can be securely validated by the payment processor and completed.
The solution is fully hosted and supported by SoftServe, giving the client additional operational flexibility and internal resources for other projects.
For the solution, it was crucial to satisfy several main parameters (quality attributes), such as reliability, security, and availability. Security is mainly supported via SSL (HTTPS), the payment processor’s product internally checks and verifies the components for PCI standard compliance. Availability represents, by default, a clustered environment with load balancer. Reliability is reached through guaranteed message delivery, messages processing, and proper error handling.
SoftServe’s solution successfully passed the PCI DSS audit, required for developing a solution that process cardholder data.
Implementing the solution supported the client’s new enterprise partnership. The main challenge of the project was the risk of developing a solution to integrate with an unfinished third-party component. Nevertheless, the project was successfully delivered on time and on budget. Benefits of cooperation included:
- Deep analysis of the solution’s architectural structure
- Validation of the feasibility of the integration request
- A fully developed solution integrating the client’s payment system with the partner’s services system
- Proof of concept implementation to decrease risks and costs before full scope system development
- Hosting the solution and fully integrated processes after implementation
- Taking the load from the in-house team creating extra capacity for other initiatives
- Allowing the company IT department to focus on things other than the maintenance of supportive products
The solution developed by SoftServe also enables our client’s system to send void messages concerning payment processing from any stage of the payment authentication process — an additional market advantage.