Secure Custom Payment Gateway Solution for an E-commerce Platform

A payment gateway solution to provide ultimate security for money transfers

Project Idea

Our client is a regional e-commerce platform that focuses on selling and renting luxury cars. Data protection and client privacy are top priorities, so they need to make sure that all payments made on their platform are as safe as possible. The third-party turnkey payment gateway services didn’t completely satisfy the needs of our client, so they partnered with us to create a custom solution.

Team

  • Project manager
  • Business analyst
  • Two backend engineers
  • One frontend engineer
  • One QA engineer

We were responsible for

  • Backend development
  • Frontend development
  • Integrations

Time: 7+ months

Platform: Web

Industry: Fintech

Type: Web development

Technology stack

Backend

  • Express.js (NodeJS)

  • Serverless

  • AWS (AWS Lambda, AWS RDS, AWS IAM, AWS API Gateway, AWS S3, AWS Cognito)

  • Sequelize

Payment service

  • Stripe

Frontend

  • React

  • Redux Toolkit

  • Redux Saga

  • Material Tailwind

How payment gateway works

Why build a payment gateway?

Customization

Include only the features you need and don’t pay for functionality you don’t use.

Security

Make sure all payment information stays within your organization so no third party can access it.

Payment Gateway as a Product

You may decide to provide others with the possibility to use your product as a SaaS solution by bringing it to the market.

Key features

Secure authorization

We implemented several ways of authorization including SMS security code, one-time passwords, and two-factor authentication.

Multi-currency support

Since the platform functions in multiple countries, we made sure the payment gateway supports more than one currency (including USD, EUR, JPY, AUD, GBP, and AED).

Chargeback and disputes

If something goes wrong with the payment, the service has a simple dispute system co customers will always know what is going on with their money.

YWS > Works > Payment Gateway > Key features > First ImageYWS > Works > Payment Gateway > Key features > Second Image

Fraud detection

Machine learning algorithms help our clients detect fraudulent activity and track shady processes on the platform.

Legal compliance

The payment gateway solution is compliant with GDPR and PCI DSS.

User interface

We implemented a simple yet attractive user interface so the system will be easy to navigate and manage.

YWS > Works > Payment Gateway > Key features (Part 2) > Image

Challenges and Solutions

Database connection

Problem: During development, there was a problem with connecting to the database when using applications locally and using their deployed versions on AWS. One more problem was with executing requests to external services.

Solution: We configured an Amazon Virtual Private Cloud (VPC) service which is a service that allows you to run AWS resources in a logically isolated virtual network. This allows you to fully control your virtual network environment, including choosing your own IP address range, creating subnets, and configuring routing tables and network gateways. So we configured the network to allow query execution access to third-party services, as well as access to the database from the AWS virtual network and the developer network during local development.

Card verification via Stripe

Problem: Besides a user’s card authorization, it’s necessary to implement additional verification in case the user loses the card and/or it falls into the hands of frauds.

Solution: We made 3D Secure the default way to authorize cards. 3D Secure is a two-factor authentication protocol that is used to ensure the security of online card purchases. It allows the merchant and the issuing bank to confirm that the payment is made by the cardholder and not by a fraudster.

Results

A working solution for money transactions

Customizable features

200 transactions per month