SlideShare a Scribd company logo

Rackspace Unlocked 2014 - Cyber-Duck's PCI Compliance Case Study

Sylvain Reiter
Sylvain Reiter
Technology
1 of 16
Download to read offline
BUILDING A PAYMENT PORTAL IN THE CLOUD 12 May 2014 A case study from Cyber-Duck Ltd
 Presentation at Rackspace Unlocked
Hi. I am Sylvain Reiter Co-Founder and Development Director @sylvainreiter
PCI Compliance in the Cloud Case Study from dlc Project methodology Technological decisions Results
PCI Compliance… Introduced in 2004 as a global body, today PCI DSS 3.0 Enforces data security and fraud prevention Affects all business processing payments (merchants & service providers) 4 levels of compliance
… in the Cloud Still early days Rapid technological changes Best suited for demanding systems Flexibility of use ready for production applications logicworks.net
BUILDING A PAYMENT PORTAL
Requirements Gathering Make sure you involve ALL stakeholders Document expected outcomes for all flows Take an agile approach to the timeline Define business and technical requirements early
User Experience Phase Make informed decisions via historical data analysis Mock up user journeys on ALL devices Iterate the prototype with real users’ feedback Carefully optimise the copywriting and ‘Call to Actions’
Technical implementation (1/3) Select a proven and secure framework We picked the PHP 5.4 Laravel framework Take an API-driven approach to ensure modularity and easy exchange with external systems We used industry standard REST-ful API and XML/JSON
Technical implementation (2/3) Ensure you have robust and accurate data We validate every customer record with the back-office system Store user details as per the Data Protection Act We only store the users’ details during the checkout process
Technical implementation (3/3) Delegate PCI to the experts We use SagePay’s iFrame technology, shifting responsibilities Add rigorous rules to the payment gateway’s settings We enforce 3D secure validation and recommend manual due diligence if addresses mismatch
Hosting platform features Do not compromise on flexible and secure partners We use Rackspace’s High Performance Clouds Delegate the technical support to the experts Rackspace’s Monitoring tools and Fanatical Support gives us and our client 24/7 piece of mind
Hosting platform security PCI compliancy requires quarterly vulnerability scans Security Metrics handle scans and reports on issues Private Clouds and Firewalls are protecting the data Database server is not accessible from the outside world, IPTables firewall restricts access to API endpoint.
THE RESULTS
4 months post launch… 100% uptime on the platform over 10,000 transactions (228% increase from pre-launch) 40h of agent time per month saved (calls & admin time) Great customer feedback, 44% via mobile Ongoing improvements and new feature developments
THANKS FOR YOUR TIME!

Recommended

Isms3
Isms3Isms3
Isms3aaditya
 
Isms4
Isms4Isms4
Isms4aaditya
 
SIEM Vendor Neutrality
SIEM Vendor NeutralitySIEM Vendor Neutrality
SIEM Vendor NeutralityVandana Verma
 
Matrix People Mobility Solution
Matrix People Mobility SolutionMatrix People Mobility Solution
Matrix People Mobility SolutionMatrix COSEC
 
Firewall Rule Recertification - An Application-Centric Approach
Firewall Rule Recertification - An Application-Centric ApproachFirewall Rule Recertification - An Application-Centric Approach
Firewall Rule Recertification - An Application-Centric ApproachAlgoSec
 
Introduction to Access Control Webinar February 2014
Introduction to Access Control Webinar February 2014Introduction to Access Control Webinar February 2014
Introduction to Access Control Webinar February 2014Michael Miller
 
Aureon SafeGuard Solution
Aureon SafeGuard SolutionAureon SafeGuard Solution
Aureon SafeGuard SolutionMike Wallen
 
Atris SIEM Service Datasheet NoBleed - HIPAA
Atris SIEM Service Datasheet NoBleed - HIPAAAtris SIEM Service Datasheet NoBleed - HIPAA
Atris SIEM Service Datasheet NoBleed - HIPAAKristopher Mann
 

Recommended

Isms3
Isms3Isms3
Isms3aaditya
 
Isms4
Isms4Isms4
Isms4aaditya
 
SIEM Vendor Neutrality
SIEM Vendor NeutralitySIEM Vendor Neutrality
SIEM Vendor NeutralityVandana Verma
 
Matrix People Mobility Solution
Matrix People Mobility SolutionMatrix People Mobility Solution
Matrix People Mobility SolutionMatrix COSEC
 
Firewall Rule Recertification - An Application-Centric Approach
Firewall Rule Recertification - An Application-Centric ApproachFirewall Rule Recertification - An Application-Centric Approach
Firewall Rule Recertification - An Application-Centric ApproachAlgoSec
 
Introduction to Access Control Webinar February 2014
Introduction to Access Control Webinar February 2014Introduction to Access Control Webinar February 2014
Introduction to Access Control Webinar February 2014Michael Miller
 
Aureon SafeGuard Solution
Aureon SafeGuard SolutionAureon SafeGuard Solution
Aureon SafeGuard SolutionMike Wallen
 
Atris SIEM Service Datasheet NoBleed - HIPAA
Atris SIEM Service Datasheet NoBleed - HIPAAAtris SIEM Service Datasheet NoBleed - HIPAA
Atris SIEM Service Datasheet NoBleed - HIPAAKristopher Mann
 
90 days
90 days90 days
90 daysJoakim Reinert Knutsen
 
Data Quality Solution
Data Quality SolutionData Quality Solution
Data Quality SolutionMichael Küsters
 
Iesiqs General Presentation Sj Srev1
Iesiqs General Presentation Sj Srev1Iesiqs General Presentation Sj Srev1
Iesiqs General Presentation Sj Srev1SimonJShort
 
SecureAware® - Automated Risk and Compliance Solution
SecureAware® - Automated Risk and Compliance SolutionSecureAware® - Automated Risk and Compliance Solution
SecureAware® - Automated Risk and Compliance SolutionGBBLUME
 
Managed It Services
Managed It ServicesManaged It Services
Managed It Servicessanaq951
 
Spur Infrastructure Performance With Proactive IT Monitoring
Spur Infrastructure Performance With Proactive IT MonitoringSpur Infrastructure Performance With Proactive IT Monitoring
Spur Infrastructure Performance With Proactive IT MonitoringCA Technologies
 
RSA 2014: Firewall Change Management: Automate, Secure & Comply
RSA 2014: Firewall Change Management: Automate, Secure & Comply RSA 2014: Firewall Change Management: Automate, Secure & Comply
RSA 2014: Firewall Change Management: Automate, Secure & Comply Skybox Security
 
Flexible Contact Center, 2013 Air Transport IT Summit
Flexible Contact Center, 2013 Air Transport IT SummitFlexible Contact Center, 2013 Air Transport IT Summit
Flexible Contact Center, 2013 Air Transport IT SummitOrange Business Services
 
Ies Iqs Linked In
Ies Iqs Linked InIes Iqs Linked In
Ies Iqs Linked InShaun_Beldon
 
Senseity
SenseitySenseity
SenseityCloudWare Expert
 
Differentiators of the TAINA Platform
Differentiators of the TAINA PlatformDifferentiators of the TAINA Platform
Differentiators of the TAINA Platformtainatech
 
Reporting Studio - CodeStore Technologies
Reporting Studio - CodeStore TechnologiesReporting Studio - CodeStore Technologies
Reporting Studio - CodeStore TechnologiesCodeStore Technologies Pvt Ltd
 
InfraStitch Software Presentation
InfraStitch Software PresentationInfraStitch Software Presentation
InfraStitch Software PresentationSwapan Deb
 
In pursuit of architectural agility: experimenting with microservices
In pursuit of architectural agility: experimenting with microservicesIn pursuit of architectural agility: experimenting with microservices
In pursuit of architectural agility: experimenting with microservicesAlberto Simioni
 
Cloud computing risk assesment report
Cloud computing risk assesment reportCloud computing risk assesment report
Cloud computing risk assesment reportAhmad El Tawil
 
Patterns for Monetizing the IoT
Patterns for Monetizing the IoTPatterns for Monetizing the IoT
Patterns for Monetizing the IoTFlexera
 
Intelligent digital mesh leading the top 10 strategic technology trends for 2018
Intelligent digital mesh leading the top 10 strategic technology trends for 2018Intelligent digital mesh leading the top 10 strategic technology trends for 2018
Intelligent digital mesh leading the top 10 strategic technology trends for 2018GAVS Technologies
 
Tufin overview brochure 2013
Tufin overview brochure 2013Tufin overview brochure 2013
Tufin overview brochure 2013Errol Jayawardene
 
Beyond
BeyondBeyond
BeyondJoakim Reinert Knutsen
 
EGREG Presentation
EGREG PresentationEGREG Presentation
EGREG PresentationFadi Hajjar
 
Ecommerce and digital workshop / Unlocked: the Hybrid Cloud 12 May 2014
Ecommerce and digital workshop / Unlocked: the Hybrid Cloud 12 May 2014Ecommerce and digital workshop / Unlocked: the Hybrid Cloud 12 May 2014
Ecommerce and digital workshop / Unlocked: the Hybrid Cloud 12 May 2014Rackspace Academy
 
Building and Operating Clouds
Building and Operating CloudsBuilding and Operating Clouds
Building and Operating CloudsBMC Software
 

More Related Content

What's hot

Iesiqs General Presentation Sj Srev1
Iesiqs General Presentation Sj Srev1Iesiqs General Presentation Sj Srev1
Iesiqs General Presentation Sj Srev1SimonJShort
 
SecureAware® - Automated Risk and Compliance Solution
SecureAware® - Automated Risk and Compliance SolutionSecureAware® - Automated Risk and Compliance Solution
SecureAware® - Automated Risk and Compliance SolutionGBBLUME
 
Managed It Services
Managed It ServicesManaged It Services
Managed It Servicessanaq951
 
Spur Infrastructure Performance With Proactive IT Monitoring
Spur Infrastructure Performance With Proactive IT MonitoringSpur Infrastructure Performance With Proactive IT Monitoring
Spur Infrastructure Performance With Proactive IT MonitoringCA Technologies
 
RSA 2014: Firewall Change Management: Automate, Secure & Comply
RSA 2014: Firewall Change Management: Automate, Secure & Comply RSA 2014: Firewall Change Management: Automate, Secure & Comply
RSA 2014: Firewall Change Management: Automate, Secure & Comply Skybox Security
 
Flexible Contact Center, 2013 Air Transport IT Summit
Flexible Contact Center, 2013 Air Transport IT SummitFlexible Contact Center, 2013 Air Transport IT Summit
Flexible Contact Center, 2013 Air Transport IT SummitOrange Business Services
 
Differentiators of the TAINA Platform
Differentiators of the TAINA PlatformDifferentiators of the TAINA Platform
Differentiators of the TAINA Platformtainatech
 
InfraStitch Software Presentation
InfraStitch Software PresentationInfraStitch Software Presentation
InfraStitch Software PresentationSwapan Deb
 
In pursuit of architectural agility: experimenting with microservices
In pursuit of architectural agility: experimenting with microservicesIn pursuit of architectural agility: experimenting with microservices
In pursuit of architectural agility: experimenting with microservicesAlberto Simioni
 
Cloud computing risk assesment report
Cloud computing risk assesment reportCloud computing risk assesment report
Cloud computing risk assesment reportAhmad El Tawil
 
Patterns for Monetizing the IoT
Patterns for Monetizing the IoTPatterns for Monetizing the IoT
Patterns for Monetizing the IoTFlexera
 
Intelligent digital mesh leading the top 10 strategic technology trends for 2018
Intelligent digital mesh leading the top 10 strategic technology trends for 2018Intelligent digital mesh leading the top 10 strategic technology trends for 2018
Intelligent digital mesh leading the top 10 strategic technology trends for 2018GAVS Technologies
 
Tufin overview brochure 2013
Tufin overview brochure 2013Tufin overview brochure 2013
Tufin overview brochure 2013Errol Jayawardene
 
EGREG Presentation
EGREG PresentationEGREG Presentation
EGREG PresentationFadi Hajjar
 

What's hot (20)

90 days
90 days90 days
90 days
 
Data Quality Solution
Data Quality SolutionData Quality Solution
Data Quality Solution
 
Iesiqs General Presentation Sj Srev1
Iesiqs General Presentation Sj Srev1Iesiqs General Presentation Sj Srev1
Iesiqs General Presentation Sj Srev1
 
SecureAware® - Automated Risk and Compliance Solution
SecureAware® - Automated Risk and Compliance SolutionSecureAware® - Automated Risk and Compliance Solution
SecureAware® - Automated Risk and Compliance Solution
 
Managed It Services
Managed It ServicesManaged It Services
Managed It Services
 
Spur Infrastructure Performance With Proactive IT Monitoring
Spur Infrastructure Performance With Proactive IT MonitoringSpur Infrastructure Performance With Proactive IT Monitoring
Spur Infrastructure Performance With Proactive IT Monitoring
 
RSA 2014: Firewall Change Management: Automate, Secure & Comply
RSA 2014: Firewall Change Management: Automate, Secure & Comply RSA 2014: Firewall Change Management: Automate, Secure & Comply
RSA 2014: Firewall Change Management: Automate, Secure & Comply
 
Flexible Contact Center, 2013 Air Transport IT Summit
Flexible Contact Center, 2013 Air Transport IT SummitFlexible Contact Center, 2013 Air Transport IT Summit
Flexible Contact Center, 2013 Air Transport IT Summit
 
Ies Iqs Linked In
Ies Iqs Linked InIes Iqs Linked In
Ies Iqs Linked In
 
Senseity
SenseitySenseity
Senseity
 
Differentiators of the TAINA Platform
Differentiators of the TAINA PlatformDifferentiators of the TAINA Platform
Differentiators of the TAINA Platform
 
Reporting Studio - CodeStore Technologies
Reporting Studio - CodeStore TechnologiesReporting Studio - CodeStore Technologies
Reporting Studio - CodeStore Technologies
 
InfraStitch Software Presentation
InfraStitch Software PresentationInfraStitch Software Presentation
InfraStitch Software Presentation
 
In pursuit of architectural agility: experimenting with microservices
In pursuit of architectural agility: experimenting with microservicesIn pursuit of architectural agility: experimenting with microservices
In pursuit of architectural agility: experimenting with microservices
 
Cloud computing risk assesment report
Cloud computing risk assesment reportCloud computing risk assesment report
Cloud computing risk assesment report
 
Patterns for Monetizing the IoT
Patterns for Monetizing the IoTPatterns for Monetizing the IoT
Patterns for Monetizing the IoT
 
Intelligent digital mesh leading the top 10 strategic technology trends for 2018
Intelligent digital mesh leading the top 10 strategic technology trends for 2018Intelligent digital mesh leading the top 10 strategic technology trends for 2018
Intelligent digital mesh leading the top 10 strategic technology trends for 2018
 
Tufin overview brochure 2013
Tufin overview brochure 2013Tufin overview brochure 2013
Tufin overview brochure 2013
 
Beyond
BeyondBeyond
Beyond
 
EGREG Presentation
EGREG PresentationEGREG Presentation
EGREG Presentation
 

Similar to Rackspace Unlocked 2014 - Cyber-Duck's PCI Compliance Case Study

Ecommerce and digital workshop / Unlocked: the Hybrid Cloud 12 May 2014
Ecommerce and digital workshop / Unlocked: the Hybrid Cloud 12 May 2014Ecommerce and digital workshop / Unlocked: the Hybrid Cloud 12 May 2014
Ecommerce and digital workshop / Unlocked: the Hybrid Cloud 12 May 2014Rackspace Academy
 
Building and Operating Clouds
Building and Operating CloudsBuilding and Operating Clouds
Building and Operating CloudsBMC Software
 
Presentation tritan erp service
Presentation tritan erp servicePresentation tritan erp service
Presentation tritan erp serviceTritan solution
 
5 Reasons DevOps Toolchain Needs Time-Series Based Monitoring
5 Reasons DevOps Toolchain Needs Time-Series Based Monitoring5 Reasons DevOps Toolchain Needs Time-Series Based Monitoring
5 Reasons DevOps Toolchain Needs Time-Series Based MonitoringDevOps.com
 
Auditing in the Cloud
Auditing in the CloudAuditing in the Cloud
Auditing in the Cloudtcarrucan
 
De Overall Presentation3
De Overall Presentation3De Overall Presentation3
De Overall Presentation3patriciamarro
 
Ibm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_finalIbm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_finalMauricio Godoy
 
Transform Your Cloud Validation Strategy from Cloudy to Clear
Transform Your Cloud Validation Strategy from Cloudy to ClearTransform Your Cloud Validation Strategy from Cloudy to Clear
Transform Your Cloud Validation Strategy from Cloudy to ClearTechWell
 
AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudCryptzone
 
Digital Transformation - Cisco's Journey
Digital Transformation - Cisco's JourneyDigital Transformation - Cisco's Journey
Digital Transformation - Cisco's JourneyCisco Canada
 
Internet of Things Microservices
Internet of Things MicroservicesInternet of Things Microservices
Internet of Things MicroservicesCapgemini
 
MongoDB IoT City Tour EINDHOVEN: IoT in Healthcare: by, Microsoft & Barco
MongoDB IoT City Tour EINDHOVEN: IoT in Healthcare: by, Microsoft & BarcoMongoDB IoT City Tour EINDHOVEN: IoT in Healthcare: by, Microsoft & Barco
MongoDB IoT City Tour EINDHOVEN: IoT in Healthcare: by, Microsoft & BarcoMongoDB
 
Security as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO PerspectiveSecurity as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO PerspectiveApigee | Google Cloud
 
Hardening the cloud : Assuring agile security in high-growth environments
Hardening the cloud : Assuring agile security in high-growth environmentsHardening the cloud : Assuring agile security in high-growth environments
Hardening the cloud : Assuring agile security in high-growth environmentsPriyanka Aash
 
Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsSecurity Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsTechcello
 
Deploying Cloud Use Cases
Deploying Cloud Use CasesDeploying Cloud Use Cases
Deploying Cloud Use CasesJason Singh
 
2011 09 19 Radiss Tech Services
2011 09 19 Radiss Tech Services2011 09 19 Radiss Tech Services
2011 09 19 Radiss Tech Servicesssphelps
 
2011 09 19 Radiss Tech Services
2011 09 19 Radiss Tech Services2011 09 19 Radiss Tech Services
2011 09 19 Radiss Tech ServicesSEdwardPhelps
 
2011 09 19 Radiss Tech Services
2011 09 19 Radiss Tech Services2011 09 19 Radiss Tech Services
2011 09 19 Radiss Tech Servicesssphelps
 
PCI DSS Business as Usual (BAU)
PCI DSS Business as Usual (BAU)PCI DSS Business as Usual (BAU)
PCI DSS Business as Usual (BAU)Kimberly Simon MBA
 

Similar to Rackspace Unlocked 2014 - Cyber-Duck's PCI Compliance Case Study (20)

Ecommerce and digital workshop / Unlocked: the Hybrid Cloud 12 May 2014
Ecommerce and digital workshop / Unlocked: the Hybrid Cloud 12 May 2014Ecommerce and digital workshop / Unlocked: the Hybrid Cloud 12 May 2014
Ecommerce and digital workshop / Unlocked: the Hybrid Cloud 12 May 2014
 
Building and Operating Clouds
Building and Operating CloudsBuilding and Operating Clouds
Building and Operating Clouds
 
Presentation tritan erp service
Presentation tritan erp servicePresentation tritan erp service
Presentation tritan erp service
 
5 Reasons DevOps Toolchain Needs Time-Series Based Monitoring
5 Reasons DevOps Toolchain Needs Time-Series Based Monitoring5 Reasons DevOps Toolchain Needs Time-Series Based Monitoring
5 Reasons DevOps Toolchain Needs Time-Series Based Monitoring
 
Auditing in the Cloud
Auditing in the CloudAuditing in the Cloud
Auditing in the Cloud
 
De Overall Presentation3
De Overall Presentation3De Overall Presentation3
De Overall Presentation3
 
Ibm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_finalIbm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_final
 
Transform Your Cloud Validation Strategy from Cloudy to Clear
Transform Your Cloud Validation Strategy from Cloudy to ClearTransform Your Cloud Validation Strategy from Cloudy to Clear
Transform Your Cloud Validation Strategy from Cloudy to Clear
 
AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the Cloud
 
Digital Transformation - Cisco's Journey
Digital Transformation - Cisco's JourneyDigital Transformation - Cisco's Journey
Digital Transformation - Cisco's Journey
 
Internet of Things Microservices
Internet of Things MicroservicesInternet of Things Microservices
Internet of Things Microservices
 
MongoDB IoT City Tour EINDHOVEN: IoT in Healthcare: by, Microsoft & Barco
MongoDB IoT City Tour EINDHOVEN: IoT in Healthcare: by, Microsoft & BarcoMongoDB IoT City Tour EINDHOVEN: IoT in Healthcare: by, Microsoft & Barco
MongoDB IoT City Tour EINDHOVEN: IoT in Healthcare: by, Microsoft & Barco
 
Security as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO PerspectiveSecurity as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO Perspective
 
Hardening the cloud : Assuring agile security in high-growth environments
Hardening the cloud : Assuring agile security in high-growth environmentsHardening the cloud : Assuring agile security in high-growth environments
Hardening the cloud : Assuring agile security in high-growth environments
 
Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsSecurity Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS Applications
 
Deploying Cloud Use Cases
Deploying Cloud Use CasesDeploying Cloud Use Cases
Deploying Cloud Use Cases
 
2011 09 19 Radiss Tech Services
2011 09 19 Radiss Tech Services2011 09 19 Radiss Tech Services
2011 09 19 Radiss Tech Services
 
2011 09 19 Radiss Tech Services
2011 09 19 Radiss Tech Services2011 09 19 Radiss Tech Services
2011 09 19 Radiss Tech Services
 
2011 09 19 Radiss Tech Services
2011 09 19 Radiss Tech Services2011 09 19 Radiss Tech Services
2011 09 19 Radiss Tech Services
 
PCI DSS Business as Usual (BAU)
PCI DSS Business as Usual (BAU)PCI DSS Business as Usual (BAU)
PCI DSS Business as Usual (BAU)
 

More from Sylvain Reiter

Laracon India 2024 - 10 lessons from 10+ years of Laravel Product Development
Laracon India 2024 - 10 lessons from 10+ years of Laravel Product DevelopmentLaracon India 2024 - 10 lessons from 10+ years of Laravel Product Development
Laracon India 2024 - 10 lessons from 10+ years of Laravel Product DevelopmentSylvain Reiter
 
Geekle eCommerce Tech Summit - December 2021
Geekle eCommerce Tech Summit - December 2021Geekle eCommerce Tech Summit - December 2021
Geekle eCommerce Tech Summit - December 2021Sylvain Reiter
 
How to sell SilverStripe in the enterprise and public sector markets - Stripe...
How to sell SilverStripe in the enterprise and public sector markets - Stripe...How to sell SilverStripe in the enterprise and public sector markets - Stripe...
How to sell SilverStripe in the enterprise and public sector markets - Stripe...Sylvain Reiter
 
DrupalConNA2021 - Accessibility throughout your project lifecycle - A case st...
DrupalConNA2021 - Accessibility throughout your project lifecycle - A case st...DrupalConNA2021 - Accessibility throughout your project lifecycle - A case st...
DrupalConNA2021 - Accessibility throughout your project lifecycle - A case st...Sylvain Reiter
 
The CTO's Magic Triangle: Tech, Process, People (@LondonCTOs - June 2015)
The CTO's Magic Triangle: Tech, Process, People (@LondonCTOs - June 2015)The CTO's Magic Triangle: Tech, Process, People (@LondonCTOs - June 2015)
The CTO's Magic Triangle: Tech, Process, People (@LondonCTOs - June 2015)Sylvain Reiter
 
"Using SEO" presentation from Sylvain Reiter @ Business Media Insights 2014 i...
"Using SEO" presentation from Sylvain Reiter @ Business Media Insights 2014 i..."Using SEO" presentation from Sylvain Reiter @ Business Media Insights 2014 i...
"Using SEO" presentation from Sylvain Reiter @ Business Media Insights 2014 i...Sylvain Reiter
 

More from Sylvain Reiter (6)

Laracon India 2024 - 10 lessons from 10+ years of Laravel Product Development
Laracon India 2024 - 10 lessons from 10+ years of Laravel Product DevelopmentLaracon India 2024 - 10 lessons from 10+ years of Laravel Product Development
Laracon India 2024 - 10 lessons from 10+ years of Laravel Product Development
 
Geekle eCommerce Tech Summit - December 2021
Geekle eCommerce Tech Summit - December 2021Geekle eCommerce Tech Summit - December 2021
Geekle eCommerce Tech Summit - December 2021
 
How to sell SilverStripe in the enterprise and public sector markets - Stripe...
How to sell SilverStripe in the enterprise and public sector markets - Stripe...How to sell SilverStripe in the enterprise and public sector markets - Stripe...
How to sell SilverStripe in the enterprise and public sector markets - Stripe...
 
DrupalConNA2021 - Accessibility throughout your project lifecycle - A case st...
DrupalConNA2021 - Accessibility throughout your project lifecycle - A case st...DrupalConNA2021 - Accessibility throughout your project lifecycle - A case st...
DrupalConNA2021 - Accessibility throughout your project lifecycle - A case st...
 
The CTO's Magic Triangle: Tech, Process, People (@LondonCTOs - June 2015)
The CTO's Magic Triangle: Tech, Process, People (@LondonCTOs - June 2015)The CTO's Magic Triangle: Tech, Process, People (@LondonCTOs - June 2015)
The CTO's Magic Triangle: Tech, Process, People (@LondonCTOs - June 2015)
 
"Using SEO" presentation from Sylvain Reiter @ Business Media Insights 2014 i...
"Using SEO" presentation from Sylvain Reiter @ Business Media Insights 2014 i..."Using SEO" presentation from Sylvain Reiter @ Business Media Insights 2014 i...
"Using SEO" presentation from Sylvain Reiter @ Business Media Insights 2014 i...
 

Recently uploaded

What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 

Recently uploaded (20)

What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 

Rackspace Unlocked 2014 - Cyber-Duck's PCI Compliance Case Study

  • 1. BUILDING A PAYMENT PORTAL IN THE CLOUD 12 May 2014 A case study from Cyber-Duck Ltd
 Presentation at Rackspace Unlocked
  • 2. Hi. I am Sylvain Reiter Co-Founder and Development Director @sylvainreiter
  • 3. PCI Compliance in the Cloud Case Study from dlc Project methodology Technological decisions Results
  • 4. PCI Compliance… Introduced in 2004 as a global body, today PCI DSS 3.0 Enforces data security and fraud prevention Affects all business processing payments (merchants & service providers) 4 levels of compliance
  • 5. … in the Cloud Still early days Rapid technological changes Best suited for demanding systems Flexibility of use ready for production applications logicworks.net
  • 7. Requirements Gathering Make sure you involve ALL stakeholders Document expected outcomes for all flows Take an agile approach to the timeline Define business and technical requirements early
  • 8. User Experience Phase Make informed decisions via historical data analysis Mock up user journeys on ALL devices Iterate the prototype with real users’ feedback Carefully optimise the copywriting and ‘Call to Actions’
  • 9. Technical implementation (1/3) Select a proven and secure framework We picked the PHP 5.4 Laravel framework Take an API-driven approach to ensure modularity and easy exchange with external systems We used industry standard REST-ful API and XML/JSON
  • 10. Technical implementation (2/3) Ensure you have robust and accurate data We validate every customer record with the back-office system Store user details as per the Data Protection Act We only store the users’ details during the checkout process
  • 11. Technical implementation (3/3) Delegate PCI to the experts We use SagePay’s iFrame technology, shifting responsibilities Add rigorous rules to the payment gateway’s settings We enforce 3D secure validation and recommend manual due diligence if addresses mismatch
  • 12. Hosting platform features Do not compromise on flexible and secure partners We use Rackspace’s High Performance Clouds Delegate the technical support to the experts Rackspace’s Monitoring tools and Fanatical Support gives us and our client 24/7 piece of mind
  • 13. Hosting platform security PCI compliancy requires quarterly vulnerability scans Security Metrics handle scans and reports on issues Private Clouds and Firewalls are protecting the data Database server is not accessible from the outside world, IPTables firewall restricts access to API endpoint.
  • 15. 4 months post launch… 100% uptime on the platform over 10,000 transactions (228% increase from pre-launch) 40h of agent time per month saved (calls & admin time) Great customer feedback, 44% via mobile Ongoing improvements and new feature developments