10 December 2016


Retired Member

2,018Posts 6,640,440Views 2,336Comments

Are your payment systems safe and secure? Product selection

28 January 2014  |  3605 views  |  0

In my earlier post around security we hovered around payment security aspects and the importance of security standards like PCI DSS to your payment systems. We can now look into the specific challenge of product selection, if you are a CIO/CTO looking to upgrade or implement a new solution to meet your business needs then security and associated certification should be a critical parameter during your product evaluation and selection process.

So how does one go about making a decision on product selection while ensuring the integrity of your payment ecosystem? 

Assuming you have already made your build or buy decision and chosen to buy and are now discovering the right product, what happens now? 

Off the shelf products that are already security certified (for e.g PA DSS) is a good way to start your discovery process. Let’s say you are looking for a card management or mobile payment system that would work in real time to authorize and process transactions; or even a reconciliation system that would take end of day feeds and process reports, they are all bound to hook into various parts of your existing payment ecosystem.So how does one go about the process?

While I cannot unravel all the parameters I would like to touch upon a couple of critical ones.

“Product fitment” - Ideally the product selected should fit all of the mandatory business requirements of your target system, i.e minimum gap to bridge before go to market else you risk spending time and money bridging between the product and your business requirements resulting in auditing and re-certification of end product. The key is to ensure that you follow specific security accreditation guidelines, e.g. if you are looking to have a PA-DSS certified product then you need to ensure that as part of your evaluation the delta customization that you would make on the solution does not change the core of the product, and that whatever change you build on the core can be swiftly certified.

Another important point to note is “Architecture” of the target system. Over the last decade a lot of ground work has been done in putting together loosely coupled frameworks that help modularize the product construction and solution building, providing quick to market capabilities to the business. This essentially means that the core of these new age systems tend to have a lean foot print providing for interfaces and handlers to be put together using SDKs (all getting a bit technical now!). Simply put, you need to review the architecture of the selected system and how it stacks up against certification guidelines that you are aiming for.

The solution is in performing a thorough due diligence during vendor and product selection, it is no longer just about technology and cost but about creating a “secure payment ecosystem”. This calls for putting together organization specific diligence frameworks & product selection process that takes into account measures of security & regulatory requirements. This should help avoid unnecessary heart breaks and not mention cost escalations.


Comments: (0)

Comment on this story (membership required)

Latest posts from Retired

An industry matured: highlights from Mobey Day 2016

18 October 2016  |  958 views  |  0 comments | recomends Recommends 0 TagsRetail bankingInnovation

Reorganising for the Age of Collaboration

27 September 2016  |  2545 views  |  0 comments | recomends Recommends 0

Fintech innovation in the B2B space has only just begun

12 September 2016  |  13675 views  |  1 comments | recomends Recommends 0 TagsPaymentsInnovation

Protecting Data with DLP

23 August 2016  |  5357 views  |  0 comments | recomends Recommends 0 TagsSecurityBrexit

How to end what ails online commerce

22 August 2016  |  4788 views  |  1 comments | recomends Recommends 0 TagsPaymentsTransaction banking

Retired's profile

job title
member since 2014
Summary profile See full profile »

Retired's expertise

What Retired reads
Retired writes about

Who's commenting on Retired's posts

Alex Aleksandrovski
Ketharaman Swaminathan
João Bohner
Steven Hatton
Graham Seel
Nikhil Thadani
Gerard Hergenroeder
Konstantin Rabin
Dharmesh Mistry
Matt Schofield
Anna Robert
Ian Davis