![Page 1: Rackspace Unlocked 2014 - Cyber-Duck's PCI Compliance Case Study](https://reader034.vdocuments.site/reader034/viewer/2022051411/54806932b37959932b8b5c0b/html5/thumbnails/1.jpg)
BUILDING A PAYMENT PORTAL IN THE CLOUD
12May 2014
A case study from Cyber-Duck Ltd Presentation at Rackspace Unlocked
![Page 2: Rackspace Unlocked 2014 - Cyber-Duck's PCI Compliance Case Study](https://reader034.vdocuments.site/reader034/viewer/2022051411/54806932b37959932b8b5c0b/html5/thumbnails/2.jpg)
Hi. I am Sylvain ReiterCo-Founder and Development Director@sylvainreiter
![Page 3: Rackspace Unlocked 2014 - Cyber-Duck's PCI Compliance Case Study](https://reader034.vdocuments.site/reader034/viewer/2022051411/54806932b37959932b8b5c0b/html5/thumbnails/3.jpg)
PCI Compliance in the Cloud
Case Study from dlc
Project methodology
Technological decisions
Results
![Page 4: Rackspace Unlocked 2014 - Cyber-Duck's PCI Compliance Case Study](https://reader034.vdocuments.site/reader034/viewer/2022051411/54806932b37959932b8b5c0b/html5/thumbnails/4.jpg)
PCI Compliance…
Introduced in 2004 as a global body, today PCI DSS 3.0
Enforces data security and fraud prevention
Affects all business processing payments (merchants & service providers)
4 levels of compliance
![Page 5: Rackspace Unlocked 2014 - Cyber-Duck's PCI Compliance Case Study](https://reader034.vdocuments.site/reader034/viewer/2022051411/54806932b37959932b8b5c0b/html5/thumbnails/5.jpg)
… in the Cloud
Still early days
Rapid technological changes
Best suited for demanding systems
Flexibility of use ready for production applications
logicworks.net
![Page 6: Rackspace Unlocked 2014 - Cyber-Duck's PCI Compliance Case Study](https://reader034.vdocuments.site/reader034/viewer/2022051411/54806932b37959932b8b5c0b/html5/thumbnails/6.jpg)
BUILDING A PAYMENT PORTAL
![Page 7: Rackspace Unlocked 2014 - Cyber-Duck's PCI Compliance Case Study](https://reader034.vdocuments.site/reader034/viewer/2022051411/54806932b37959932b8b5c0b/html5/thumbnails/7.jpg)
Requirements Gathering
Make sure you involve ALL stakeholders
Document expected outcomes for all flows
Take an agile approach to the timeline
Define business and technical requirements early
![Page 8: Rackspace Unlocked 2014 - Cyber-Duck's PCI Compliance Case Study](https://reader034.vdocuments.site/reader034/viewer/2022051411/54806932b37959932b8b5c0b/html5/thumbnails/8.jpg)
User Experience Phase
Make informed decisions via historical data analysis
Mock up user journeys on ALL devices
Iterate the prototype with real users’ feedback
Carefully optimise the copywriting and ‘Call to Actions’
![Page 9: Rackspace Unlocked 2014 - Cyber-Duck's PCI Compliance Case Study](https://reader034.vdocuments.site/reader034/viewer/2022051411/54806932b37959932b8b5c0b/html5/thumbnails/9.jpg)
Technical implementation (1/3)
Select a proven and secure framework
We picked the PHP 5.4 Laravel framework
Take an API-driven approach to ensure modularity and easy exchange with external systems
We used industry standard REST-ful API and XML/JSON
![Page 10: Rackspace Unlocked 2014 - Cyber-Duck's PCI Compliance Case Study](https://reader034.vdocuments.site/reader034/viewer/2022051411/54806932b37959932b8b5c0b/html5/thumbnails/10.jpg)
Technical implementation (2/3)
Ensure you have robust and accurate data
We validate every customer record with the back-office system
Store user details as per the Data Protection Act
We only store the users’ details during the checkout process
![Page 11: Rackspace Unlocked 2014 - Cyber-Duck's PCI Compliance Case Study](https://reader034.vdocuments.site/reader034/viewer/2022051411/54806932b37959932b8b5c0b/html5/thumbnails/11.jpg)
Technical implementation (3/3)
Delegate PCI to the experts
We use SagePay’s iFrame technology, shifting responsibilities
Add rigorous rules to the payment gateway’s settings
We enforce 3D secure validation and recommend manual due diligence if addresses mismatch
![Page 12: Rackspace Unlocked 2014 - Cyber-Duck's PCI Compliance Case Study](https://reader034.vdocuments.site/reader034/viewer/2022051411/54806932b37959932b8b5c0b/html5/thumbnails/12.jpg)
Hosting platform features
Do not compromise on flexible and secure partners
We use Rackspace’s High Performance Clouds
Delegate the technical support to the experts
Rackspace’s Monitoring tools and Fanatical Support gives us and our client 24/7 piece of mind
![Page 13: Rackspace Unlocked 2014 - Cyber-Duck's PCI Compliance Case Study](https://reader034.vdocuments.site/reader034/viewer/2022051411/54806932b37959932b8b5c0b/html5/thumbnails/13.jpg)
Hosting platform security
PCI compliancy requires quarterly vulnerability scans
Security Metrics handle scans and reports on issues
Private Clouds and Firewalls are protecting the data
Database server is not accessible from the outside world, IPTables firewall restricts access to API endpoint.
![Page 14: Rackspace Unlocked 2014 - Cyber-Duck's PCI Compliance Case Study](https://reader034.vdocuments.site/reader034/viewer/2022051411/54806932b37959932b8b5c0b/html5/thumbnails/14.jpg)
THE RESULTS
![Page 15: Rackspace Unlocked 2014 - Cyber-Duck's PCI Compliance Case Study](https://reader034.vdocuments.site/reader034/viewer/2022051411/54806932b37959932b8b5c0b/html5/thumbnails/15.jpg)
4 months post launch…
100% uptime on the platform
over 10,000 transactions (228% increase from pre-launch)
40h of agent time per month saved (calls & admin time)
Great customer feedback, 44% via mobile
Ongoing improvements and new feature developments
![Page 16: Rackspace Unlocked 2014 - Cyber-Duck's PCI Compliance Case Study](https://reader034.vdocuments.site/reader034/viewer/2022051411/54806932b37959932b8b5c0b/html5/thumbnails/16.jpg)
THANKS FOR YOUR TIME!