Lead Infrastructure at WL Payments

5 Key Steps to facilitate the security of a payment platform 

WL Payments, a trusted white-label global payment platform, allows merchants to run and manage a platform without the complexity of building the infrastructure themselves. Besides providing many conversion-boosting solutions, one critical feature of our payment gateway is its security. Due to the high interest in providing a secure payment process, we recently interviewed Lovepreet Singh, the Infrastructure Lead, to discuss the challenges of maintaining and securing a payment platform’s infrastructure.

1.  What are the elements that allow a payment platform to have a reliable infrastructure?

Lovepreet Singh: First of all, a payment gateway platform consists of multiple cloud environments that store all sensitive data securely. The Infrastructure team ensures WL Payments’ application deploys to these environments safely. Secondly, it is fundamental to guarantee that all systems are secure at multiple levels: server and application sides. For this reason, we offer a three-layer security set up that improves our security posture on all fronts. Finally, the Payment Card Industry Data Security Standard (PCI DSS) guidance comes into play. Our payment gateway supports PCI level 1 security. This eliminates the PCI requirements for the merchants who are using our hosted payment solution. 

2.  To what extent is a platform’s infrastructure sensible to new features and developments?

Lovepreet Singh: Companies are continuously looking for new payment features in the fast-changing payment space to improve their customers’ shopping experience. While providing an enhanced checkout experience, companies must stay updated on the latest security vulnerabilities and new ways to eliminate them. When applying infrastructure improvements or developing new features, a secure payment gateway must ensure that the systems stay reliable and flexible. The main crux here is to guarantee that the infrastructure’s maintainability and reliability are not compromised, and the new features do not break the compliance in any way. Additionally, to improve productivity and reduce friction between development and operations, certain DevOps practices are in place. The Infrastructure team and I are responsible for making sure these are working to our benefit. The management of the complete CI/CD pipeline allows us to push features in a highly efficient manner.

3.  How can one ensure payment data is protected at all times, whether in transit or at rest?

Lovepreet Singh: We have End-to-End encryption (E2EE) implemented. E2EE is a system of communication that encrypts the card data while in transit or at rest. In this way, customers’ sensitive data is encrypted securely in all stages from the moment they share it with us. 

4.  Data security vs. Frictionless payments: how can one find the balance to satisfy customers’ needs?

Lovepreet Singh: Security always means restrictions one way or the other. On one side, customers expect strong data protection when making online payments. On the other side, merchants want to offer a convenient check-out process with only a few steps required to complete the payment. The great news is that today the advancements in payment technology enable us to enhance security while also reducing friction. One recent example is 3DS 2.0, which offers support for frictionless payments while not compromising data security. In particular, we have recently updated the technology from 3DS 2.0 to 3DS 2.2 to comply with SCA’s new regulatory requirement. 3DS 2.2 updates some specifications to allow merchants to have higher chances of qualifying as eligible for SCA exemptions, offering a frictionless payment experience.

5.  What role do monitoring and support play in the security of payments?

Lovepreet Singh: Both, monitoring and support are relevant in keeping payments safe. With the proper monitoring tools in place, attacks and other problems can be reported much faster. For instance, our monitoring systems often notify us about technical issues that our clients and partners are facing before their systems do. Additionally, technical support can play a substantial advantage when informing the clients and partners about the problem on time. By anticipating any system’s malfunction, they can start working on a solution immediately and avoid potential losses. In many cases, reporting a problem to clients the next day or after a weekend means that potential sales will be missed, which is something you want to prevent as a true payment partner. That is also why we like our motto: “We grow when our Customers grow!”. Our Infrastructure team is also playing a significant role in the client’s success.

Overall, although eCommerce is becoming more popular today, the process behind securing online transactions is not as simple as it may seem. PCI DSS Compliance, E2E encryption, and 3DS technology are only a few examples of the requirements needed to build a safe environment. Payment gateway platforms, such as WL Payments, act as a third-party that can take the burden away while giving merchants the latest security features and the time to focus on different business areas.