Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable
computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned
and released with minimal management effort or service provider interaction.
1. Familiarity on phases, challenges and ways to overcome the challenges
are very crucial during transforming the payment application from legacy
system to cloud environment.
Step on Cloud Payments
View Point
2. 2Maveric Systems
Introduction
Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable
computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned
and released with minimal management effort or service provider interaction. This paper covers the phases and
challenges faced by the payment service providers, it also covers on how to overcome the challenges while
transforming the payment application from legacy system to cloud environment.
Step on Cloud Payments
Phases in Transition to Cloud Payment
Cloud Assessment: Weighing the financial considerations of owning and operating a data centre or co-located
facilities versus employing a cloud-based infrastructure requires detailed and careful analysis. In this phase analysis
of availability and reliability of the applications to be performed, this is essential for payment system. Payment
Service provider to analyse the downtime data and carefully draft a backup plan.
Proof of Concept: Build a proof-of-concept that tests critical functionality of application in the cloud environment.
Start with a small database (or a dataset). For example, if the Fund transfer application is getting migrated from
legacy, then testing has to be performed by deploying miniature models of all the pieces of architecture (database,
application, load balancer) with minimal data in cloud environment.
Data Migration: When choosing the appropriate storage option for existing database there are several dimensions
like availability, query-ability and data retention which is very critical. Post migration if data like BIC codes are not
present in the system then it will not be possible for the user to initiate the transaction. Post data migration, a round
of testing should be performed with the migrated data in cloud environment to ensure the availability of data.
Application Migration: While moving the payment applications it is advisable to move in parts than moving all at
once. For example, when the collection module is getting migrated with several batch processing components (such
as direct debit etc.). The batch processing system can be migrated to the cloud first while the collection module to
stay in the traditional data centre. Validate application and data availability, connectivity from all endpoints to avoid
downtime which is very essential for payment system.
Leverage the Cloud: When application is on cloud model, right balance between value and risk to be assessed. As
more payment application’s move to cloud there will be reduction in hardware cost for the service provider. When
properly planned, carefully monitored and well managed over the long term, a sound cloud-sourcing strategy can
empower an enterprise to lay the foundation for next-generation business services built on efficient and flexible
infrastructure.
Optimization: In this phase, focus needs to be there for optimizing the applications after analysing the data on the
usage of the application by users. For example in fund transfer application a detailed analysis on volume of multi-
currency transactions to be performed before providing access to users.
Challenges
Cloud computing technology in payment domain could experience failures, end-to-end security, portability, etc.
These are some issues which are unique to Payment system
Computing Performance: Like any other form of computing on network, cloud computing face performance issue in
terms of response to process the request which will have a huge impact while processing payment transaction.
Analysis to be performed by service provider to verify data is stored in structured manner to improve the response
time and reduce the downtime
Cloud Reliability: Reliability refers to the probability that a system will offer failure-free service for a specified period
of time within the bounds of a specified environment. This issue is more acute as services are availed from the cloud
and are residing on provider’s premises. The reliability will have an impact in payment domain because if there are
regular outages then it will be difficult to process the payment within cut-off. The provider should have highly
scalable back up plans to avoid outages.
3. ABOUT MAVERIC
Started in 2000, Maveric Systems is a leading provider of IT Lifecycle Assurance with expertise across
requirements to release. With a strong focus on the Banking and Telecom sectors, Maveric has built a business on
the principles of deep domain expertise and innovation. Maveric’s client portfolio includes a wide array of
renowned banks, financial institutions, insurance companies, leading software product companies and telecom
companies.
Maveric Systems Limited (Corporate Office): “Lords Tower” Block 1, 2nd Floor, Plot No 1&2 NP, Jawaharlal Nehru
Road, Thiru Vi Ka Industrial Estate, Ekkatuthangal, Chennai 600032
India | Singapore | Saudi Arabia | UAE | UK | USA
Write to us at info@maveric-systems.com | www.maveric-systems.com
About the Author
Anoop is a Consultant working with Maveric Systems. In the past 12 years he has predominantly worked in
payments & investigation domain for banking clients like Citi and BNP.
He has over 4 years of experience in requirement gathering and analysis, user story building, use case modelling,
business process mapping and development of test scenarios.
Compliance: Payment Service providers availing the cloud services are accountable as per domestic jurisdiction and
regulation issues, actual location of data and support for forensics plays a critical role in compliance. Segmentation
helps to adhere compliance, segmentation (also referred to as isolation or zoning), which is using network control
technology to separate IT assets into logical partitions which hides internal network activity from external attackers.
Regular audit to be performed by payment service provider to ensure compliance is adhered as per standard.
Information Security: Confidentiality and integrity of data with availability of data is the main crux of information
security. Business critical information like account number, Customer Name should not be exposed. In case of cloud,
there is more complexity depending upon the way payment application is implemented. Service provider has to
ensure that interface used by them to access the cloud services is secured, updated with latest patch and well
protected.
Audit Issues in Cloud Computing: A cloud provider’s ability to provide specific audit event, log and report
information on per-user and application basis is essential. Furthermore, it is necessary to retain some data for a
sufficient time to meet the forensic analysis needs. Payment Service provider need to check whether the user id,
Transaction log is getting stamped for all the transactions. Audit logs are useful to assess the quality of the
transaction for analysis.
Conclusion
In-depth feasibility analysis to be performed before moving the application to cloud environment, there are
possibilities some application will not have the framework to work in cloud because of the legacy architecture. A
detailed migration plan to be charted by the payment service provider after performing the feasibility analysis.
Charting of back-up plan is essential while migrating the application from legacy system to cloud environment.
Moving application in phased manner is advisable in payment domain to avoid downtime.