SlideShare a Scribd company logo

Escape From PCI Land

Download as PPTX, PDF
Rahul Dani, profile picture
Rahul Dani

This document discusses moving a growth product engineering service out of PCI compliance. It describes orchestrating user data from backend services through a middle tier API service for user signup flows. The new system architecture uses client-side encryption with a public key to keep sensitive data like payment information encrypted. Moving to this new architecture took longer than initially estimated due to unexpected issues like integrating a JavaScript dependency, tuning a third party encryption library, and adjusting various system parameters.

Engineering
Related topics:
Web Service Insights
1 of 9
Downloaded 28 times
1
2
3
4
5
6
7
8
9
Escape From PCI Land Rahul Dani Growth Product Engineering
The PCI RedemptionPCI
Growth Product Engineering Charter Drive Signup – Middle tier service – Flow control, user state management, pre-signup session management via restful APIs – Orchestrate data from backend services • payments, subscriber, account, billing etc.
Edge Service M1 Payment s AppMn Browser /Device Company Infrastructure Billing App Browser /Device Browser /Device Sensitive data Sensitive data Billing AppBilling App Payment s AppPayment s App Sensitive data Sensitive data Mn Mn M1 GP Services Edge Service Edge Service In Scope Only Middle Tier App in PCI Scope In Scope
Edge Service M1 Payment s AppMn Browser /Device Company Infrastructure Billing App Browser /Device Browser /Device Sensitive data Sensitive data Billing AppBilling App Payment s AppPayment s App Sensitive data Sensitive data Mn Mn M1 GP Services Edge Service Edge Service In Scope GP Services No Longer in Scope In Scope
Browser/ Device 2 2 3 Out of scope In Scope Encryption key Public Key Distro 1 3 Out of band interaction with CDN Interaction with Netflix Plaintext Ciphertext System Architecture Client side encryption using public key
Surprises happen Actual Effort >> Initial Estimation Effort Estimated Actual
Why did moving out of PCI take so long • Javascript as a new dependency • Third party client encryption library • Retry logic fine tuning Client side changes • TTLs and timeout values needed adjustment • Flow modified • Error handling • Logging System tuning Differential impact of fraud
Questions ?

More Related Content

PPTX
Netflix Billing System
NirmalSrini
 
PPT
Fanestra medical billing system
Devashish Pradhan
 
PDF
Real-Time Market Data Analytics Using Kafka Streams
confluent
 
PDF
HOP! Airlines Jets to Real Time
confluent
 
PDF
Closing Keynote: The Physics of Streaming | Tim Berglund, Confluent | Kafka S...
HostedbyConfluent
 
PPTX
Concept to reality: An advanced agile integration blueprint
Eric D. Schabell
 
PDF
Kafka & InfluxDB: BFFs for Enterprise Data Applications | Russ Savage, Influx...
HostedbyConfluent
 
PDF
Big Data LDN 2018: STREAM PROCESSING TAKES ON EVERYTHING
Matt Stubbs
 
Netflix Billing System
NirmalSrini
 
Fanestra medical billing system
Devashish Pradhan
 
Real-Time Market Data Analytics Using Kafka Streams
confluent
 
HOP! Airlines Jets to Real Time
confluent
 
Closing Keynote: The Physics of Streaming | Tim Berglund, Confluent | Kafka S...
HostedbyConfluent
 
Concept to reality: An advanced agile integration blueprint
Eric D. Schabell
 
Kafka & InfluxDB: BFFs for Enterprise Data Applications | Russ Savage, Influx...
HostedbyConfluent
 
Big Data LDN 2018: STREAM PROCESSING TAKES ON EVERYTHING
Matt Stubbs
 

What's hot (20)

PDF
APAC Confluent Consumer Data Right the Lowdown and the Lessons
confluent
 
PDF
apidays LIVE Australia 2020 - Building an Enterprise Eventing Platform by Gna...
apidays
 
PDF
How to use hybrid cloud to migrate and deploy unified business applications i...
Eric D. Schabell
 
PDF
Intelligent Network Analyst
KConaulty
 
PDF
The Big Picture: Monitoring and Orchestration of Your Microservices Landscape...
confluent
 
PPTX
JUG Tirana - Introduction to data streaming
Nicolas Fränkel
 
PDF
Kafka Vienna Meetup 020719
Patrik Kleindl
 
PDF
Risk Management in Retail with Stream Processing
confluent
 
PDF
Government Track Welcome Address
HostedbyConfluent
 
PDF
Flink Forward Berlin 2018: Stephan Ewen - Keynote: "Unlocking the next wave o...
Flink Forward
 
PDF
Infrastructure Management Services - Success Stories | Happiest Minds
Happiest Minds Technologies
 
PDF
From Sensors to Insights: How IoT is Transforming Fundamental Industries
Kyle Seaman
 
PPTX
Building Value - Understanding the TCO and ROI of Apache Kafka & Confluent
confluent
 
PDF
Real-time Analytics with Upsert Using Apache Kafka and Apache Pinot | Yupeng ...
HostedbyConfluent
 
PDF
Building Event-Driven Applications with Apache Kafka & Confluent Platform
confluent
 
PDF
DEVNET-1129 WAN Automation Engine - Develop Traffic Aware Applications Using ...
Cisco DevNet
 
PPTX
Stream me to the Cloud (and back) with Confluent & MongoDB
confluent
 
PPTX
Building a Codeless Log Pipeline w/ Confluent Sink Connector | Pollyanna Vale...
HostedbyConfluent
 
PDF
Designed and Implemented a Sign Tracking System For a Large Realtor From The ...
Endeavour Software Technologies
 
PDF
Kafka Summit SF 2017 - Real time Streaming Platform
confluent
 
APAC Confluent Consumer Data Right the Lowdown and the Lessons
confluent
 
apidays LIVE Australia 2020 - Building an Enterprise Eventing Platform by Gna...
apidays
 
How to use hybrid cloud to migrate and deploy unified business applications i...
Eric D. Schabell
 
Intelligent Network Analyst
KConaulty
 
The Big Picture: Monitoring and Orchestration of Your Microservices Landscape...
confluent
 
JUG Tirana - Introduction to data streaming
Nicolas Fränkel
 
Kafka Vienna Meetup 020719
Patrik Kleindl
 
Risk Management in Retail with Stream Processing
confluent
 
Government Track Welcome Address
HostedbyConfluent
 
Flink Forward Berlin 2018: Stephan Ewen - Keynote: "Unlocking the next wave o...
Flink Forward
 
Infrastructure Management Services - Success Stories | Happiest Minds
Happiest Minds Technologies
 
From Sensors to Insights: How IoT is Transforming Fundamental Industries
Kyle Seaman
 
Building Value - Understanding the TCO and ROI of Apache Kafka & Confluent
confluent
 
Real-time Analytics with Upsert Using Apache Kafka and Apache Pinot | Yupeng ...
HostedbyConfluent
 
Building Event-Driven Applications with Apache Kafka & Confluent Platform
confluent
 
DEVNET-1129 WAN Automation Engine - Develop Traffic Aware Applications Using ...
Cisco DevNet
 
Stream me to the Cloud (and back) with Confluent & MongoDB
confluent
 
Building a Codeless Log Pipeline w/ Confluent Sink Connector | Pollyanna Vale...
HostedbyConfluent
 
Designed and Implemented a Sign Tracking System For a Large Realtor From The ...
Endeavour Software Technologies
 
Kafka Summit SF 2017 - Real time Streaming Platform
confluent
 
Ad

Similar to Escape From PCI Land (20)

PDF
CIS13: More NSTIC Pilots: Scalable Privacy and Multi-factor Authentication an...
CloudIDSummit
 
PPT
Effective capacity management at the heart of green IT
Metron
 
PPTX
iTel switch | Softswitch platform for global Retail, Wholesale, Calling card ...
REVE Systems
 
PDF
Monitoring and observabilty at Bolt
MoovingON
 
PDF
PSD2 & Open Banking
senakafdo
 
PPTX
Building upon existing infrastructure for Mobile Applications with WSO2
Anthony Carlson
 
PPTX
Telenity Solutions Brief
Mustafa Kuğu
 
DOCX
Resume_Suman_Dutta
Suman Dutta
 
PPTX
Taw opening session
Michel Burger
 
PPTX
IT Operations Management with OpManager
ManageEngine, Zoho Corporation
 
PDF
IBM Cloud Pak for Integration with Confluent Platform powered by Apache Kafka
Kai Wähner
 
PDF
WSO2 Open Banking: Digital Transformation Through PSD2
WSO2
 
PPTX
D3SF17- Improving Our China Clients Performance
Imperva Incapsula
 
PDF
CIC _ 2.0 ver 1.06-AI
Ahmed Ismail
 
PPTX
13.) analytics (user experience)
Jeff Green
 
PPTX
How many way to sale f5 for enterprise
Bach Phan
 
PPTX
Confluent_Banking_Usecases_Examples.pptx
Jon Snow
 
PDF
GramIT Service Offerings
Krishna Muppavarapu
 
PPTX
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformado
Cristian Garcia G.
 
PDF
NTGapps DTB Platform.pdf
Mustafa Kuğu
 
CIS13: More NSTIC Pilots: Scalable Privacy and Multi-factor Authentication an...
CloudIDSummit
 
Effective capacity management at the heart of green IT
Metron
 
iTel switch | Softswitch platform for global Retail, Wholesale, Calling card ...
REVE Systems
 
Monitoring and observabilty at Bolt
MoovingON
 
PSD2 & Open Banking
senakafdo
 
Building upon existing infrastructure for Mobile Applications with WSO2
Anthony Carlson
 
Telenity Solutions Brief
Mustafa Kuğu
 
Resume_Suman_Dutta
Suman Dutta
 
Taw opening session
Michel Burger
 
IT Operations Management with OpManager
ManageEngine, Zoho Corporation
 
IBM Cloud Pak for Integration with Confluent Platform powered by Apache Kafka
Kai Wähner
 
WSO2 Open Banking: Digital Transformation Through PSD2
WSO2
 
D3SF17- Improving Our China Clients Performance
Imperva Incapsula
 
CIC _ 2.0 ver 1.06-AI
Ahmed Ismail
 
13.) analytics (user experience)
Jeff Green
 
How many way to sale f5 for enterprise
Bach Phan
 
Confluent_Banking_Usecases_Examples.pptx
Jon Snow
 
GramIT Service Offerings
Krishna Muppavarapu
 
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformado
Cristian Garcia G.
 
NTGapps DTB Platform.pdf
Mustafa Kuğu
 
Ad

Recently uploaded (20)

PPTX
Infosys Presentation by1.Riyan Bagwan 2.Samadhan Naiknavare 3.Gaurav Shinde 4...
bapushinde7218
 
PPT
Project quality management in manufacturing
BarMusaTetik
 
PDF
Embodied AI: Ushering in the Next Era of Intelligent Systems
Yu Huang
 
PPTX
MCN 401 KTU-2019-PPE KITS-MODULE 2.pptx
VinayB68
 
PPTX
M Tech Sem 1 Civil Engineering Environmental Sciences.pptx
ShriNRPrasad
 
PDF
composite construction of structures.pdf
AinieButt1
 
PPTX
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
PPTX
Engineering Ethics, Safety and Environment [Autosaved] (1).pptx
MehrabTaseenTalukder
 
PDF
PRIZ Academy - 9 Windows Thinking Where to Invest Today to Win Tomorrow.pdf
PRIZ Guru
 
PPTX
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
PDF
Structs to JSON How Go Powers REST APIs.pdf
Emily Achieng
 
PPTX
web development for engineering and engineering
keshriji700
 
PDF
BMEC211 - INTRODUCTION TO MECHATRONICS-1.pdf
ryankakungu
 
PPTX
Sustainable Sites - Green Building Construction
mhdumerali
 
PPTX
Strings in CPP - Strings in C++ are sequences of characters used to store and...
sangeethamtech26
 
PPTX
Lesson 3_Tessellation.pptx finite Mathematics
quakeplayz54
 
PPTX
Construction Project Organization Group 2.pptx
vj5agdales
 
PPTX
additive manufacturing of ss316l using mig welding
premcdr7799
 
PPTX
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
PPTX
UNIT 4 Total Quality Management .pptx
gokuld13012005
 
Infosys Presentation by1.Riyan Bagwan 2.Samadhan Naiknavare 3.Gaurav Shinde 4...
bapushinde7218
 
Project quality management in manufacturing
BarMusaTetik
 
Embodied AI: Ushering in the Next Era of Intelligent Systems
Yu Huang
 
MCN 401 KTU-2019-PPE KITS-MODULE 2.pptx
VinayB68
 
M Tech Sem 1 Civil Engineering Environmental Sciences.pptx
ShriNRPrasad
 
composite construction of structures.pdf
AinieButt1
 
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
Engineering Ethics, Safety and Environment [Autosaved] (1).pptx
MehrabTaseenTalukder
 
PRIZ Academy - 9 Windows Thinking Where to Invest Today to Win Tomorrow.pdf
PRIZ Guru
 
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
Structs to JSON How Go Powers REST APIs.pdf
Emily Achieng
 
web development for engineering and engineering
keshriji700
 
BMEC211 - INTRODUCTION TO MECHATRONICS-1.pdf
ryankakungu
 
Sustainable Sites - Green Building Construction
mhdumerali
 
Strings in CPP - Strings in C++ are sequences of characters used to store and...
sangeethamtech26
 
Lesson 3_Tessellation.pptx finite Mathematics
quakeplayz54
 
Construction Project Organization Group 2.pptx
vj5agdales
 
additive manufacturing of ss316l using mig welding
premcdr7799
 
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
UNIT 4 Total Quality Management .pptx
gokuld13012005
 

Escape From PCI Land

Editor's Notes

  • #5: Billing/Payments has to be in scope. GPE had to be in scope because we were talking to clients directly.
  • #6: Billing/Payments has to be in scope. GPE had to be in scope because we were talking to clients directly.
  • #7: Overflow slide