Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Escape From PCI Land
Rahul Dani
Growth Product Engineering
The PCI RedemptionPCI
Growth Product Engineering Charter
Drive Signup
– Middle tier service
– Flow control, user state management, pre-signup
se...
Edge
Service
M1
Payment
s AppMn
Browser
/Device
Company Infrastructure
Billing
App
Browser
/Device
Browser
/Device
Sensiti...
Edge
Service
M1
Payment
s AppMn
Browser
/Device
Company Infrastructure
Billing
App
Browser
/Device
Browser
/Device
Sensiti...
Browser/
Device
2 2
3
Out of
scope
In Scope
Encryption
key
Public
Key
Distro
1
3
Out of band interaction with CDN
Interact...
Surprises happen
Actual Effort >> Initial Estimation
Effort
Estimated
Actual
Why did moving out of PCI take so long
• Javascript as a new dependency
• Third party client encryption library
• Retry lo...
Questions ?
Upcoming SlideShare
Loading in …5
×

Escape From PCI Land

77,236 views

Published on

The presentation covers our experience in transitioning a middle tier application out of PCI scope.

Published in: Engineering
  • Be the first to comment

Escape From PCI Land

  1. 1. Escape From PCI Land Rahul Dani Growth Product Engineering
  2. 2. The PCI RedemptionPCI
  3. 3. Growth Product Engineering Charter Drive Signup – Middle tier service – Flow control, user state management, pre-signup session management via restful APIs – Orchestrate data from backend services • payments, subscriber, account, billing etc.
  4. 4. Edge Service M1 Payment s AppMn Browser /Device Company Infrastructure Billing App Browser /Device Browser /Device Sensitive data Sensitive data Billing AppBilling App Payment s AppPayment s App Sensitive data Sensitive data Mn Mn M1 GP Services Edge Service Edge Service In Scope Only Middle Tier App in PCI Scope In Scope
  5. 5. Edge Service M1 Payment s AppMn Browser /Device Company Infrastructure Billing App Browser /Device Browser /Device Sensitive data Sensitive data Billing AppBilling App Payment s AppPayment s App Sensitive data Sensitive data Mn Mn M1 GP Services Edge Service Edge Service In Scope GP Services No Longer in Scope In Scope
  6. 6. Browser/ Device 2 2 3 Out of scope In Scope Encryption key Public Key Distro 1 3 Out of band interaction with CDN Interaction with Netflix Plaintext Ciphertext System Architecture Client side encryption using public key
  7. 7. Surprises happen Actual Effort >> Initial Estimation Effort Estimated Actual
  8. 8. Why did moving out of PCI take so long • Javascript as a new dependency • Third party client encryption library • Retry logic fine tuning Client side changes • TTLs and timeout values needed adjustment • Flow modified • Error handling • Logging System tuning Differential impact of fraud
  9. 9. Questions ?

×