Secure Custom Payment Gateway Solution for an E-commerce Platform
A payment gateway solution to provide ultimate security for money transfers
Our client is a regional e-commerce platform that focuses on selling and renting luxury cars. Data protection and client privacy are top priorities, so they need to make sure that all payments made on their platform are as safe as possible. The third-party turnkey payment gateway services didn’t completely satisfy the needs of our client, so they partnered with us to create a custom solution.
- Project manager
- Business analyst
- Two backend engineers
- One frontend engineer
- One QA engineer
We were responsible for
- Backend development
- Frontend development
Time: March 2022 - October 2022
Type: Web development
AWS (AWS Lambda, AWS RDS, AWS IAM, AWS API Gateway, AWS S3, AWS Cognito)
How payment gateway works
Why build a payment gateway?
Include only the features you need and don’t pay for functionality you don’t use.
Make sure all payment information stays within your organization so no third party can access it.
Payment Gateway as a Product
You may decide to provide others with the possibility to use your product as a SaaS solution by bringing it to the market.
We implemented several ways of authorization including SMS security code, one-time passwords, and two-factor authentication.
Since the platform functions in multiple countries, we made sure the payment gateway supports more than one currency (including USD, EUR, JPY, AUD, GBP, and AED).
Chargeback and disputes
If something goes wrong with the payment, the service has a simple dispute system co customers will always know what is going on with their money.
Machine learning algorithms help our clients detect fraudulent activity and track shady processes on the platform.
The payment gateway solution is compliant with GDPR and PCI DSS.
We implemented a simple yet attractive user interface so the system will be easy to navigate and manage.
Challenges and Solutions
Problem: During development, there was a problem with connecting to the database when using applications locally and using their deployed versions on AWS. One more problem was with executing requests to external services.
Solution: We configured an Amazon Virtual Private Cloud (VPC) service which is a service that allows you to run AWS resources in a logically isolated virtual network. This allows you to fully control your virtual network environment, including choosing your own IP address range, creating subnets, and configuring routing tables and network gateways. So we configured the network to allow query execution access to third-party services, as well as access to the database from the AWS virtual network and the developer network during local development.
Card verification via Stripe
Problem: Besides a user’s card authorization, it’s necessary to implement additional verification in case the user loses the card and/or it falls into the hands of frauds.
Solution: We made 3D Secure the default way to authorize cards. 3D Secure is a two-factor authentication protocol that is used to ensure the security of online card purchases. It allows the merchant and the issuing bank to confirm that the payment is made by the cardholder and not by a fraudster.
A working solution for money transactions
200 transactions per month