Billing & Payments Meetup II
• Mathieu ChauvinPayment Processing in the Cloud
• Sangeeta Handa & John BrandyBilling Workflows in the Cloud
• Shankar VedaramanPayment Analytics at Netflix
• Poorna Udupi & Rudra PeramSecurity for Billing & Payments
• Rahul DaniEscape from PCI Land
• > 57M members
• ~ 50 countries
• 12 currencies
• 9 payment types
• 15+ payment processors & verification services
• 2M transactions per day
• … and counting!
Payments Application
• Method Of Payment (MOP)
– Secure storage
– Management
• Connection to 3rd party
– Payment processors
– Verification services
• A lot of batch processing
• Agnostic interface to clients
Historical Payments Application
• Data center
• Difficulties integrating new payment types
• Sedimentary layers oflegacy code
Historical Payments Application
CloudProxy
Client Apps from DC
PaymentsApp
PaymentsORA DB
tun
nel
File/Batch Apps
File/Batch Apps
File/Batch Apps
3rd PartyProcessors
3rd PartyProcessors
3rd PartyProcessors
3rd PartyProcessors
Client Apps from AWS
Netflix ♥ Cloud
• 1997: Netflix founded
• 2007: Streaming
• 2010: Microservices -AWS adopted
• 2013: Ready for payments
(http://techblog.netflix.com/2010/12/four-reasons-we-choose-amazons-cloud-as.html)
Payments in the Cloud!
• Compliance
– AWS PCI compliance level 1
– Cassandra PCI compliant
• Division of labor
– Token service
– Secure key storage w/ cloudHSM
• Technical evaluation
– NoSQL vs. RDBMS
Cassandra
• Tunable consistency
• Multi-region support
• CAP theorem
– Consistency above all
– Local quorum reads & writes
• Data model
– Rethink and denormalize
Technologies & Framework
• Enterprise integration pattern framework
– Apache Camel
• Batch application
– Spring Batch
• Data migration
– Apache Storm
• Netflix OSS
• AWS
New Architecture Design
Cloud Payments
App
Tokenizer
Client Apps from AWS
3rd PartyProcessors
3rd PartyProcessors
3rd PartyProcessors
3rd PartyProcessors
region B
load balancers
region A
Multi-Region Availability
zone a zone b zone c zone a zone b zone c
load balancers
How Do We Go There?
• Decoupling
• Shadow write (roman riding)
• Staggered migration by country
(src: Nintendo)
Decoupling
CloudProxy
Client Apps from DC
PaymentApp
PaymentORA DB
tun
nel
Client Apps from AWS
Cloud Payment
AppTokenizer
+ Country Code
+ Country Code
+ Routing Logic
+ Routing Logic
Shadow Write
CloudProxy
Client Apps from DC
PaymentApp
PaymentORA DB
tun
nel
Client Apps from AWS
Cloud Payment
AppTokenizer
Staggered Migration
• Migration by country
• Sole requirement: All processors for the country have to be cloud-ready
Risks
• Troubleshooting
• Depth of existing business logic
– by country,
– by processors,
– by use cases
• Cloud compatibility of processors
(src: Nintendo)