Escape From PCI Land

•Download as PPTX, PDF•

3 likes•78,907 views

This document discusses moving a growth product engineering service out of PCI compliance. It describes orchestrating user data from backend services through a middle tier API service for user signup flows. The new system architecture uses client-side encryption with a public key to keep sensitive data like payment information encrypted. Moving to this new architecture took longer than initially estimated due to unexpected issues like integrating a JavaScript dependency, tuning a third party encryption library, and adjusting various system parameters.

Engineering

Growth Product Engineering Charter
Drive Signup
– Middle tier service
– Flow control, user state management, pre-signup
session management via restful APIs
– Orchestrate data from backend services
• payments, subscriber, account, billing etc.

Edge
Service
M1
Payment
s AppMn
Browser
/Device
Company Infrastructure
Billing
App
Browser
/Device
Browser
/Device
Sensitive data
Sensitive data
Billing
AppBilling
App
Payment
s AppPayment
s App
Sensitive data
Sensitive data
Mn
Mn
M1
GP
Services
Edge
Service
Edge
Service
In
Scope
Only Middle Tier App in PCI Scope
In
Scope

Browser/
Device
2 2
3
Out of
scope
In Scope
Encryption
key
Public
Key
Distro
1
3
Out of band interaction with CDN
Interaction with Netflix
Plaintext
Ciphertext
System Architecture
Client side encryption using public key

Surprises happen
Actual Effort >> Initial Estimation
Effort
Estimated
Actual

Why did moving out of PCI take so long
• Javascript as a new dependency
• Third party client encryption library
• Retry logic fine tuning
Client side changes
• TTLs and timeout values needed adjustment
• Flow modified
• Error handling
• Logging
System tuning
Differential impact of fraud

What's hot

APAC Confluent Consumer Data Right the Lowdown and the Lessons

confluent

apidays LIVE Australia 2020 - Building an Enterprise Eventing Platform by Gna...

apidays

Webinar (https://www.redhat.com/en/events/webinar/hybrid-cloud-financial-services-series): Balancing immediate business requirements with the ability to provide a consistent enterprise infrastructure can be a challenge for financial services firms. Hybrid cloud infrastructure allows institutions to migrate their existing infrastructure and deploy unified business applications by coordinating tasks running in different environments. This approach provides continuous flexibility, scale, and interoperability. This webinar will cover: - How to apply cloud-native payment architecture solutions to your existing environments. - Best practices for delivering a modernized banking payment architecture for your customers. - A practical review of how payment services can be modernized using hybrid cloud. [ Internal slides link: https://docs.google.com/presentation/d/194oClAU97EaGufMd8pnacqhbEV146EK2DVzoF_S3ZA0/edit?usp=sharing ]

How to use hybrid cloud to migrate and deploy unified business applications i...

Eric D. Schabell

Intelligent Network Analyst

KConaulty

(Bernd Ruecker, Camunda) Kafka Summit SF 2018 A company’s business processes typically span more than one microservice. In an e-commerce company, for example, a customer order might involve microservices for payments, inventory, shipping and more. Implementing long-running, asynchronous and complex collaboration of distributed microservices is challenging. How can we ensure visibility of cross-microservice flows and provide status and error monitoring? How do we guarantee that overall flows always complete, even if single services fail? Or, how do we at least recognize stuck flows so that we can fix them? In this talk, I’ll demonstrate an approach based on real-life projects using the open source workflow engine zeebe.io to orchestrate microservices. Zeebe can connect to Kafka to coordinate workflows that span many microservices, providing end-to-end process visibility without violating the principles of loose coupling and service independence. Once an orchestration flow starts, Zeebe ensures that it is eventually carried out, retrying steps upon failure. In a Kafka architecture, Zeebe can easily produce events (or commands) and subscribe to events that will be correlated to workflows. Along the way, Zeebe facilitates monitoring and visibility into the progress and status of orchestration flows. Internally, Zeebe works as a distributed, event-driven and event-sourced system, making it not only very fast but horizontally scalable and fault tolerant—and able to handle the throughput required to operate alongside Kafka in a microservices architecture. Expect not only slides but also fun little live-hacking sessions and real-life stories.

The Big Picture: Monitoring and Orchestration of Your Microservices Landscape...

confluent

This talk will be about the reasons behind the new stream processing model, how it compare to the old batch model, what are their pros and cons, and a list of existing technologies implementing stream processing with their most prominent characteristics. It will contain details of one possible use-case of data streaming that is not possible with batches: display in (near) real-time all trains in Switzerland and their position on a map, beginning with an overview of all the requirements and the design. Finally, using an OpenData endpoint and the Hazelcast platform,showing a working demo implementation of it.

JUG Tirana - Introduction to data streaming

Nicolas Fränkel

Kafka Vienna Meetup 020719

Patrik Kleindl

Risk Management in Retail with Stream Processing

confluent

Government Track Welcome Address

HostedbyConfluent

Stream Processing as helped to turn many monolithic database-centric applications into fast, scalable, and flexible real time applications. However, there are still entire classes of applications that are built against databases, because today's streaming processing model is not yet rich enough to support these applications. We present what we believe is still missing in today's stream processing models, and how we envision to evolve stream processing for the next wave of application to be able to move to a stream processing architecture.

Flink Forward Berlin 2018: Stephan Ewen - Keynote: "Unlocking the next wave o...

Flink Forward

Infrastructure Management Services - Success Stories | Happiest Minds

Happiest Minds Technologies

From Sensors to Insights: How IoT is Transforming Fundamental Industries

Kyle Seaman

For a product or service to be cost effective, it must be considered to be good value, where the benefits are worth at least what is paid for them. But how do we measure this, to prove the case? Given that value can be intangible, it can be hard to quantify and may have little relationship to cost. Added to this, the open source nature of Apache Kafka means that many companies skip the requirement to build a business case for it, until it has become mission critical and demands financial and human resources. In this presentation, Lyndon Hedderly, Team Lead of Business Value Consulting at Confluent, will cover how Confluent works with customers to measure the business value of data streaming.

Building Value - Understanding the TCO and ROI of Apache Kafka & Confluent

confluent

Apache Kafka is used as the primary message bus for propagating events and logs across Uber. In particular, it pairs with Apache Pinot, a real-time distributed OLAP datastore, to deliver real-time insights seconds after the messages produced to Kafka. One challenge we faced was to update existing data in Pinot with the changelog in Kafka, and deliver an accurate view in the real-time analytical results. For example, the financial dashboard can report gross booking with the corrected Ride fares. And restaurant owners can analyze the UberEats orders with their latest delivery status. Implementing upserts in an immutable real-time OLAP store like Pinot is nontrivial. We need to make architectural changes in how data is distributed via Kafka amongst the server nodes, how it's indexed and queried in a distributed fashion. In this talk I will discuss how we leveraged Kafka's partition-by-key feature to this end and how we added this ability in Pinot without any performance degradation.

Real-time Analytics with Upsert Using Apache Kafka and Apache Pinot | Yupeng ...

HostedbyConfluent

Watch this talk here: https://www.confluent.io/online-talks/building-event-driven-applications-apache-kafka-and-confluent-platform Apache Kafka® has become the de facto technology for real-time event streaming. Confluent Platform, developed by the creators of Apache Kafka, is an event-streaming platform that enables the ingest and processing of massive amounts of data in real time. In this session, we will cover the easiest ways to start developing event-driven applications with Apache Kafka using Confluent Platform. We will also demo a contextual event-driven application built using our ecosystem of connectors, REST proxy, and a variety of native clients. View now to learn: -How to create Apache Kafka topics in minutes and process event streams in real time -Check the health of an Apache Kafka broker using Confluent Control Center -The latest enhancements to Confluent Platform that make it easier to run Apache Kafka at scale -How to use KSQL, streaming SQL for Apache Kafka, to process event streams in real time using simple SQL queries

Building Event-Driven Applications with Apache Kafka & Confluent Platform

confluent

DEVNET-1129 WAN Automation Engine - Develop Traffic Aware Applications Using ...

Cisco DevNet

Stream me to the Cloud (and back) with Confluent & MongoDB

confluent

Kubernetes became the de-facto standard for running cloud-native applications. And many users turn to it also to run stateful applications such as Apache Kafka. You can use different tools to deploy Kafka on Kubernetes - write your own YAML files, use Helm Charts, or go for one of the available operators. But there is one thing all of these have in common. You still need very good knowledge of Kubernetes to make sure your Kafka cluster works properly in all situations. This talk will cover different Kubernetes features such as resources, affinity, tolerations, pod disruption budgets, topology spread constraints and more. And it will explain why they are important for Apache Kafka and how to use them. If you are interested in running Kafka on Kubernetes and do not know all of these, this is a talk for you.

Building a Codeless Log Pipeline w/ Confluent Sink Connector | Pollyanna Vale...

HostedbyConfluent

Designed and Implemented a Sign Tracking System For a Large Realtor From The ...

Endeavour Software Technologies

Kafka Summit SF 2017 - Real time Streaming Platform

confluent

What's hot (20)

APAC Confluent Consumer Data Right the Lowdown and the Lessons

apidays LIVE Australia 2020 - Building an Enterprise Eventing Platform by Gna...

How to use hybrid cloud to migrate and deploy unified business applications i...

Intelligent Network Analyst

The Big Picture: Monitoring and Orchestration of Your Microservices Landscape...

JUG Tirana - Introduction to data streaming

Kafka Vienna Meetup 020719

Risk Management in Retail with Stream Processing

Government Track Welcome Address

Flink Forward Berlin 2018: Stephan Ewen - Keynote: "Unlocking the next wave o...

Infrastructure Management Services - Success Stories | Happiest Minds

From Sensors to Insights: How IoT is Transforming Fundamental Industries

Building Value - Understanding the TCO and ROI of Apache Kafka & Confluent

Real-time Analytics with Upsert Using Apache Kafka and Apache Pinot | Yupeng ...

Building Event-Driven Applications with Apache Kafka & Confluent Platform

DEVNET-1129 WAN Automation Engine - Develop Traffic Aware Applications Using ...

Stream me to the Cloud (and back) with Confluent & MongoDB

Building a Codeless Log Pipeline w/ Confluent Sink Connector | Pollyanna Vale...

Designed and Implemented a Sign Tracking System For a Large Realtor From The ...

Kafka Summit SF 2017 - Real time Streaming Platform

Similar to Escape From PCI Land

Dave Coxe, CEO, Criterion Systems Ken Klingenstein, Director, Middleware and Security, Internet2 NSTIC pilots presentations continue; we begin with a presentation of the Attribute Exchange Network being deployed across a number of commercial participants by ID/Dataweb, and then we provide an overview of the framework Internet2 is building for “scalable privacy” and multi-factor authentication.

CIS13: More NSTIC Pilots: Scalable Privacy and Multi-factor Authentication an...

CloudIDSummit

Effective capacity management at the heart of green IT

Metron

iTel Switch is a single Softswitch platform for global Retail, Wholesale, Calling card & Call shop business. Being a highly customizable and scalable VoIP Softswitch with integrated billing, it serves as an ideal platform for all the VoIP service providers who want to provide a wide range of VoIP services. iTel VoIP Softswitch has been designed to meet the highest needs of carriers. This VoIP Softswitch also ensures most reliable and cost effective solution that can help VoIP service providers grow as a giant global carrier in VoIP industry. Multilevel reseller support, easy end user interface, integrated billing, intelligent routing and class 4 & 5 Softswitch features are some of the many unique competencies of iTel Switch. For more details visit: https://www.revesoft.com/products/itel-voip-softswitch

iTel switch | Softswitch platform for global Retail, Wholesale, Calling card ...

REVE Systems

Monitoring and observabilty at Bolt

MoovingON

PSD2 & Open Banking

senakafdo

Building upon existing infrastructure for Mobile Applications with WSO2

Anthony Carlson

Telenity Solutions Brief

Mustafa Kuğu

Resume_Suman_Dutta

Suman Dutta

Taw opening session

Michel Burger

IT Operations Management with OpManager

ManageEngine, Zoho Corporation

The Rise of Data in Motion powered by Event Streaming - Use Cases and Architecture for IBM Cloud Pak with Confluent Platform. Including screenshots of the live demo (integration between IBM and Kafka via Confluent Platform and Kafka Connect connectors). Learn about the integration capabilities of IBM Cloud Pak for Integration, now with the industry’s leading event streaming platform from Confluent Platform powered by Apache Kafka.

IBM Cloud Pak for Integration with Confluent Platform powered by Apache Kafka

Kai Wähner

If you are a financial institution in Europe, you would be in one of three places when it comes to PSD2: ready to take PSD2 by the horns, making some progress with compliance but still trying to understand the big picture, or unsure of where to start. The good news is that it doesn’t matter where you’re at. WSO2 Open Banking offers a solution that addresses all compliance requirements. It doesn’t stop there. It can open up your business to broader revenue generation opportunities through PSD2 in the context of digital transformation. Join Seshika Fernando, head of financial solutions at WSO2 as she explores The role of PSD2 in redefining banking as we know it. The core capabilities of WSO2 Open Banking including the WSO2 API Management platform that enables opening APIs in a secure and controlled manner. How WSO2 Open Banking can support your technology infrastructure for capabilities beyond banking. A demonstration of the solution - https://wso2.com/solutions/financial/open-banking/

WSO2 Open Banking: Digital Transformation Through PSD2

WSO2

D3SF17- Improving Our China Clients Performance

Imperva Incapsula

CIC _ 2.0 ver 1.06-AI

Ahmed Ismail

The appeal of SaaS has many ISVs interested in the power and value of delivering their solutions in a SaaS model. However, moving a single-tenant application to a multi-tenant environment can be daunting. In this session, we'll look at the obstacles that many ISVs face as they consider the move to a SaaS delivery model. We'll explore a wide range of transformation patterns that cover everything from lift-and-shift of your monolith to an incremental cutover to multi-tenant aware microservices, data, and infrastructure. Along the way, we'll highlight the challenges and technical considerations that shape your solution and allow you to better align your transformed solution with SaaS best practices. This includes looking at all the new architectural elements you'll need to add to your environment to support SaaS (onboarding, identity, billing, metering, analytics, and so on).

Migrating Single-Tenant Applications to Multi-Tenant SaaS (ARC326-R1) - AWS r...

Amazon Web Services

An experience is a personal and emotional event we remember. Every experience is established based upon pre-determined expectations we conceive and create in our minds. It’s personal, and therefore, remains a moving and evolving target in every scenario. When our experience concludes and the moment has passed, the outcome remains in our memory. Think about what makes you happy when connecting with your own device and then think about what makes you really upset when things are hard, complicated, and slow. If the user has a bad experience in anyone of these areas (simple, fast, and smart), they are likely to leave, share their negative experience, and potentially never return. Users might forget facts or details about their computing environment but they find it difficult to forgot the feeling behind a bad network experience. When something goes wrong with the network or an application, do you always get the blame? So what can Ultra Low, consistent latency deliver? Low latency is a requirement for intensive, time critical applications. Latency is measure on a port-to-port basis, that once a frame is received on a ingress port how long does it take the frame to go through the internal switching infrastructure and leave an ingress port. The Summit X670 Top of Rack switch supports latency of around 800-900usec while the Black Diamond chassis, BDX8, can switch frames in a little as 3usec. We’re big believers in the value of disaggregation – of breaking down traditional data center technologies into their core components so we can build new systems that are more flexible, more scalable, and more efficient. This approach has guided Facebook from the beginning, as we’ve grown and expanded our infrastructure to connect more than 1.28 billion people around the world. Flatter networks. Traditional data center networks have a minimum of three tiers: top of rack (ToR), aggregation and core. Often, there is more than one aggregation tier, meaning the data center could have three or more network tiers. When network traffic is primarily best effort, this is sufficient. But as more mission-critical, real-time traffic flows into the data center, it becomes critical that organizations move to two-tier networks. An increase in east-west traffic flows. Legacy data center networks are designed for traffic to flow from the edge of the network into the core and then back to the edge in a north-south direction. Today, however, factors such as workforce mobility, Hadoop, big data and other applications are driving east-west traffic flows from server to server. Virtualization of other IT assets. Historically, compute resources such as processor, memory and storage were resident in the server itself. Over time, more and more of these resources are being put into “pools” that can be accessed on demand. In this case, the data center network becomes a “fabric” that acts as the backplane for the virtualized data center.

13.) analytics (user experience)

Jeff Green

How many way to sale f5 for enterprise

Bach Phan

GramIT Service Offerings

Krishna Muppavarapu

Para trabajar en un ecosistema digitalmente transformado, los directores de sistemas de información y otros líderes empresariales tienen que navegar en un entorno de amenazas a la seguridad en constante cambio. Las soluciones de Next Gen Security (NGS) son soluciones de seguridad optimizadas para trabajar mejor con la escala masiva y cobertura expansiva de la Tercera Plataforma. Aunque 7 de cada 10 empresas afirman estar en el proceso de implementar una solución más de seguridad de nueva generación, 3 de esos 7 no tendrá éxito por la falta de competencia interna, por lo que el tema de seguridad es cada día más crítico”. Akamai ofrece un rendimiento a escala con la solución de distribución en la nube más grande y confiable del mundo. Sus recursos se escalan de forma que sus clientes no tengan que hacerlo. Akamai tiene una visibilidad sin igual de las propiedades más atacadas en la web y obtiene inteligencia ante amenazas continuamente a partir de inspecciones avanzadas tanto del tráfico bueno como del malo.

Desafíos de la Ciberseguridad en un ecosistema digitalmente transformado

Cristian Garcia G.

NTGapps DTB Platform.pdf

Mustafa Kuğu

Similar to Escape From PCI Land (20)

CIS13: More NSTIC Pilots: Scalable Privacy and Multi-factor Authentication an...

Effective capacity management at the heart of green IT

iTel switch | Softswitch platform for global Retail, Wholesale, Calling card ...

Monitoring and observabilty at Bolt

PSD2 & Open Banking

Building upon existing infrastructure for Mobile Applications with WSO2

Telenity Solutions Brief

Resume_Suman_Dutta

Taw opening session

IT Operations Management with OpManager

IBM Cloud Pak for Integration with Confluent Platform powered by Apache Kafka

WSO2 Open Banking: Digital Transformation Through PSD2

D3SF17- Improving Our China Clients Performance

CIC _ 2.0 ver 1.06-AI

Migrating Single-Tenant Applications to Multi-Tenant SaaS (ARC326-R1) - AWS r...

13.) analytics (user experience)

How many way to sale f5 for enterprise

GramIT Service Offerings

Desafíos de la Ciberseguridad en un ecosistema digitalmente transformado

NTGapps DTB Platform.pdf

Recently uploaded

Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...

drmkjayanthikannan

1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf

AldoGarca30

Verification of thevenin's theorem for BEEE Lab (1).pptx

chumtiyababu

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

ssuser89054b

Rule 1 − Check for the blocks connected in series and simplify. Rule 2 − Check for the blocks connected in parallel and simplify. Rule 3 − Check for the blocks connected in feedback loop and simplify. Rule 4 − If there is difficulty with take-off point while simplifying, shift it towards right. Rule 5 − If there is difficulty with summing point while simplifying, shift it towards left. Rule 6 − Repeat the above steps till you get the simplified form, i.e., single block.

Block diagram reduction techniques in control systems.ppt

NANDHAKUMARA10

kiln thermal load.pptx kiln tgermal load

hamedmustafa094

Design For Accessibility: Getting it right from the start

Quintin Balsdon

Motoring and generation Armature circuit equation for motoring and generation, Types of field excitations - separately excited, shunt and series. Open circuit characteristic of separately excited DC generator, back EMF with armature reaction, voltage build-up in a shunt generator, critical field resistance and critical speed. V-I characteristics and torque-speed characteristics of separately excited shunt and series motors. Speed control through armature voltage. Losses, load testing and back-to-back testing of DC machines

DC MACHINE-Motoring and generation, Armature circuit equation

BhangaleSonal

Built environment is known for its capacity, capability, role, relevance and importance to change the quality of life of the occupants and communities. Presentation focuses on options which need to be leveraged to make buildings sustainable, cost-effective, energy efficient, resource efficient, qualitative over its entire life-cycle through designing, construction, operation. It calls for making buildings green and sustainable.

COST-EFFETIVE and Energy Efficient BUILDINGS ptx

JIT KUMAR GUPTA

Thermal Engineering-R & A / C - unit - V

DineshKumar4165

A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptx

maisarahman1

Introduction to Serverless with AWS Lambda

Omar Fathy

In the dynamic landscape of energy storage, choosing the right battery pack is a critical decision that significantly impacts performance, efficiency, and overall product design. This webinar aims to unravel the complexities surrounding standard and custom battery packs (primarily lithium), providing you with a comprehensive understanding to make informed decisions. We'll embark on a journey to explore the fundamental distinctions between standard off-the-shelf battery packs and their bespoke counterparts tailored to specific applications. We will delve into the nuance of what is defined as a standard battery pack along with its benefits, limitations, and how it caters to broad market needs. Simultaneously, we will dissect the world of custom battery packs, diving into the advantages they offer in terms of precise energy requirements, form factors, and unique design considerations. Whether you are a product designer, engineer, or industry professional, this webinar is designed to equip you with the knowledge necessary to navigate the intricate terrain of battery pack selection. Join us for this webinar as we navigate through the intricacies of standard and custom battery packs, empowering you to make strategic decisions that align with your project goal. For more information on our battery pack solutions, visit https://www.epectec.com/batteries/.

Standard vs Custom Battery Packs - Decoding the Power Play

Epec Engineered Technologies

Moment Distribution Method For Btech Civil

VinayVitekari

Online Food Ordering System is proposed for simplifies the food ordering process. ThisSystem shows an user interface and update the menu with all available options so that it eases thecustomer work. Customer can choose more than one item to make an order and can view Orderdetails before logging off. The order confirmation is sent to the customer. The order is placed inthe queue and updated in the Database and returned in real time. This system assists the staff togo through the orders in real time and process it efficiently. Online food order system is mainlydesigned primarily function for use in the food delivery industry. This system will allowhotels and restaurants to increase online food ordering such type of business. The customerscan be selected food menu items just few minutes. In the modern food industries allows toquickly and easily delivery on customer place. Restaurant employees then use these ordersthrough an easy to delivery on customer place easy find out navigate graphical interface forefficient processing .

Online food ordering system project report.pdf

Kamal Acharya

data_management_and _data_science_cheat_sheet.pdf

JiananWang21

Wadi Rum luxhotel lodge Analysis case study.pptx

NadaHaitham1

Generative AI or GenAI technology based PPT

bhaskargani46

GEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLE

selvakumar948

GAS POWER CYCLES Cycles: Otto, Diesel, Dual, Brayton - Calculation of mean effective pressure - Air standard efficiency - Comparison of cycles INTERNAL COMBUSTION ENGINES Classification - Components and their function - valve timing diagram and port timing diagram - actual and theoretical p-v diagram of two stroke and four stroke engines – carburettor - diesel pump and injector system - battery and magneto ignition system - principles of combustion and detonation in CI engines - lubrication and cooling systems - performance parameters and calculations.

Thermal Engineering Unit - I & II . ppt

DineshKumar4165

Recently uploaded (20)

Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...

1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf

Verification of thevenin's theorem for BEEE Lab (1).pptx

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Block diagram reduction techniques in control systems.ppt

kiln thermal load.pptx kiln tgermal load

Design For Accessibility: Getting it right from the start

DC MACHINE-Motoring and generation, Armature circuit equation

COST-EFFETIVE and Energy Efficient BUILDINGS ptx

Thermal Engineering-R & A / C - unit - V

A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptx

Introduction to Serverless with AWS Lambda

Standard vs Custom Battery Packs - Decoding the Power Play

Moment Distribution Method For Btech Civil

Online food ordering system project report.pdf

data_management_and _data_science_cheat_sheet.pdf

Wadi Rum luxhotel lodge Analysis case study.pptx

Generative AI or GenAI technology based PPT

GEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLE

Thermal Engineering Unit - I & II . ppt

Escape From PCI Land

1. Escape From PCI Land Rahul Dani Growth Product Engineering

2. The PCI RedemptionPCI

3. Growth Product Engineering Charter Drive Signup – Middle tier service – Flow control, user state management, pre-signup session management via restful APIs – Orchestrate data from backend services • payments, subscriber, account, billing etc.

4. Edge Service M1 Payment s AppMn Browser /Device Company Infrastructure Billing App Browser /Device Browser /Device Sensitive data Sensitive data Billing AppBilling App Payment s AppPayment s App Sensitive data Sensitive data Mn Mn M1 GP Services Edge Service Edge Service In Scope Only Middle Tier App in PCI Scope In Scope

5. Edge Service M1 Payment s AppMn Browser /Device Company Infrastructure Billing App Browser /Device Browser /Device Sensitive data Sensitive data Billing AppBilling App Payment s AppPayment s App Sensitive data Sensitive data Mn Mn M1 GP Services Edge Service Edge Service In Scope GP Services No Longer in Scope In Scope

6. Browser/ Device 2 2 3 Out of scope In Scope Encryption key Public Key Distro 1 3 Out of band interaction with CDN Interaction with Netflix Plaintext Ciphertext System Architecture Client side encryption using public key

7. Surprises happen Actual Effort >> Initial Estimation Effort Estimated Actual

8. Why did moving out of PCI take so long • Javascript as a new dependency • Third party client encryption library • Retry logic fine tuning Client side changes • TTLs and timeout values needed adjustment • Flow modified • Error handling • Logging System tuning Differential impact of fraud

9. Questions ?

Editor's Notes

Billing/Payments has to be in scope. GPE had to be in scope because we were talking to clients directly.
Billing/Payments has to be in scope. GPE had to be in scope because we were talking to clients directly.
Overflow slide

Escape From PCI Land

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Escape From PCI Land

Similar to Escape From PCI Land (20)

Recently uploaded

Recently uploaded (20)

Escape From PCI Land

Editor's Notes