17 September 2014

Damo S

Damodharan Sampathkumar - FSS - Financial Software and Systems

3 | posts 8,499 | views 1 | comments

Are your payment systems safe and secure? Product selection

28 January 2014  |  3267 views  |  0

In my earlier post around security we hovered around payment security aspects and the importance of security standards like PCI DSS to your payment systems. We can now look into the specific challenge of product selection, if you are a CIO/CTO looking to upgrade or implement a new solution to meet your business needs then security and associated certification should be a critical parameter during your product evaluation and selection process.

So how does one go about making a decision on product selection while ensuring the integrity of your payment ecosystem? 

Assuming you have already made your build or buy decision and chosen to buy and are now discovering the right product, what happens now? 

Off the shelf products that are already security certified (for e.g PA DSS) is a good way to start your discovery process. Let’s say you are looking for a card management or mobile payment system that would work in real time to authorize and process transactions; or even a reconciliation system that would take end of day feeds and process reports, they are all bound to hook into various parts of your existing payment ecosystem.So how does one go about the process?

While I cannot unravel all the parameters I would like to touch upon a couple of critical ones.

“Product fitment” - Ideally the product selected should fit all of the mandatory business requirements of your target system, i.e minimum gap to bridge before go to market else you risk spending time and money bridging between the product and your business requirements resulting in auditing and re-certification of end product. The key is to ensure that you follow specific security accreditation guidelines, e.g. if you are looking to have a PA-DSS certified product then you need to ensure that as part of your evaluation the delta customization that you would make on the solution does not change the core of the product, and that whatever change you build on the core can be swiftly certified.

Another important point to note is “Architecture” of the target system. Over the last decade a lot of ground work has been done in putting together loosely coupled frameworks that help modularize the product construction and solution building, providing quick to market capabilities to the business. This essentially means that the core of these new age systems tend to have a lean foot print providing for interfaces and handlers to be put together using SDKs (all getting a bit technical now!). Simply put, you need to review the architecture of the selected system and how it stacks up against certification guidelines that you are aiming for.

The solution is in performing a thorough due diligence during vendor and product selection, it is no longer just about technology and cost but about creating a “secure payment ecosystem”. This calls for putting together organization specific diligence frameworks & product selection process that takes into account measures of security & regulatory requirements. This should help avoid unnecessary heart breaks and not mention cost escalations.


Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from Damodharan

The Future of payments, Make it simple!!!

27 February 2014  |  1183 views  |  0  |  Recommends 0 TagsRetail bankingInnovationGroupPayments strategies 2015-2020-2030

Are your payment systems safe and secure? Product selection

28 January 2014  |  3267 views  |  0  |  Recommends 0 TagsSecurityPayments

Are your payment systems safe and secure?

09 January 2014  |  4050 views  |  0  |  Recommends 0 TagsSecurityPayments

Damodharan Sampathkumar

job title

AVP International Business

company name

FSS - Financial Software and Systems

member since




Summary profile See full profile »
Global Business Operations, Account Management, Business development, Sales support, Strategic pa...

Damodharan's expertise

What Damodharan reads
Damodharan writes about
Damodharan's blog archive
February 2014 (1)January 2014 (2)

Who is commenting on Damodharan's posts

Rasvan Stanescu