Building Pci Compliant Real Time Payment Processing with Asapcard Dap222

Title: AWS re:Inforce 2024 - Building PCI-compliant real-time payment processing with AsapCard (DAP222)

Insights:

  • Introduction to AsapCard: AsapCard is a Brazilian fintech startup focused on innovating financial and banking services, particularly for bank acquirers, issuers, and PSPs.
  • Cloud Deployment: The company has fully deployed its key components, the connector and the authorizer, in the cloud, eliminating the need for hardware security modules and mainframe-based processing.
  • Mission and Goals: AsapCard aims to provide better services, reduce operational costs, mitigate risks, and offer real-time data processing. They emphasize flexibility, ease of integration, and real-time control over traditional batch processing.
  • PCI DSS Compliance: Ensuring PCI DSS compliance is a critical aspect of AsapCard's operations. Key requirements include robust network security, cardholder data protection, encryption, least privileged access, and regular testing and monitoring.
  • AWS Partnership: AsapCard leverages AWS services to maintain PCI DSS compliance, including AWS Control Tower, AWS Organizations, AWS PrivateLink, AWS WAF, AWS Secrets Manager, AWS Cloud HSM, and AWS payment cryptography.
  • Security and Monitoring: Continuous monitoring and security are managed using AWS CloudTrail, Amazon CloudWatch, AWS WAF, AWS Shield Advanced, AWS Security Hub, Amazon GuardDuty, Amazon Macie, Amazon Inspector, and Amazon Detective.
  • Future Vision: The company aims to modernize card processing by decommissioning old systems, adopting microservices and event-driven architectures, and ensuring seamless migration between card processing systems without business disruption.

Quotes:

  • "We are going to innovate and be the next generation card processing company."
  • "Our goal is to provide more services and also to help our customers to have better services, lower the operational costs, and of course, mitigate risks."
  • "We need to work with real-time processing and forget everything that we had in the past for batching processing."
  • "We are leveraging all the services from AWS, Tower and AWS organizations to be the foundation for our accounts."
  • "We have a dedicated team that is taking care of all the continuous monitoring and ensure that we have everything in place, no data is being leaked, we don't have a security threat."
  • "AWS was a key partner for us to take care of all the PCI compliance and we leverage a lot of their services and certifications to stay PCI compliant."