Image Credit: Jacky Xu

Less is More: Securing Payment Application with Serverless Architecture

Macquarie DEFT

Going back 30 years ago, Macquarie Business Banking division created a payment solution called DEFT to solve the pain points of our clients around cash handling. Since then, it has evolved into a modern digital payment system that operates 24x7 to provide an easier and safer way to collect and reconcile payments from their customers.

Traditional architecture: lots of servers to manage

Historically we designed the frontend architecture in a traditional way where we operated more than 60 instances of Amazon Elastic Compute Cloud (aka. EC2s) to run web servers across multiple availability zones within one single AWS region. The web servers serve the single page applications to the users and run code to generate dynamic content to the web response.

Moving to serverless architecture

While achieving the same goal, recently we decided to change our design to a more simplified architecture which removed the 60 groups of EC2 instances and replaced them with just a few AWS services: AWS CloudFront, AWS WAF, AWS Lambda@Edge and Amazon S3.

Lambda@Edge: brings serverless closer to users

You might already be familiar with the AWS Lambda which runs your code in the AWS cloud without provisioning or managing servers. In 2017, AWS announced a Lambda extension service named Lambda@Edge.

Security is always the top priority

Security is our key consideration when designing the architecture. As the system captures user payments data, we adopted the best practices from PCI DDS Compliance, and our system is compliant with PCI DSS Level 1 which is the highest security standard in the card payment industry. It’s important to note that these AWS services used in the new architecture are both PCI and SOC2 compliant, this enabled shared responsibilities and simplified compliance for us.

To sum this all up

We’re leveraging serverless architecture to gain the powerful advantage of improving costs and efficiency. Our infrastructure running costs are significantly reduced by removing many always-on EC2 servers, and we saved a large amount of time and effort from patching and maintaining them. Scalability and availability are now done for us using managed services like Lambda@Edge, CloudFront and S3 which reduced pressures from the team. At the same time, PCI compliance is simplified. These are all big wins for us.

Macquarie Engineering Blog

Sharing insights, innovative ideas and ways of working from Macquarie’s technology team.

Macquarie Engineering Blog

Written by

Sharing insights, innovative ideas and ways of working from Macquarie’s technology team.

Macquarie Engineering Blog

Sharing insights, innovative ideas and ways of working from Macquarie’s technology team.