There are many providers – and applications – of cloud computing, and much has been said about them in the media. But not all cloud providers satisfy payments industry requirements, leaving a short list that typically comprises mainly PSPs and PED manufacturers.
The answer to the original question “should you move your payments infrastructure to the cloud?” is almost certainly NO if “move” is taken to mean relocate all of your existing in-house-developed applications. The operational and maintenance costs of such bespoke applications isn’t addressed by moving from your data center to someone else’s. For example, legacy code still needs to be updated to comply with changes in message protocols, especially those changes mandated by the card schemes.
So how about the more general question “should you outsource your payments processing?” and as I alluded to in part 2 of this series, how can you avoid being shoe-horned into a one-size-fits-all solution? Setting aside IaaS, there are essentially two models: shared (multi-tenant) environments and dedicated environments.
On-boarding is very quick in shared environments, and typically is automated. If you’re an independent merchant, that is ideal. But if you’re a tier 1 retailer, you will have a lot of unique requirements around acceptance of various payment types, and require integration with other systems in your organization. For this reason, you should select a hosting partner that will commence a project to agree to the requirements and then build the environment accordingly. Not only the initial set up, but future changes can be planned according to your timetable, with no dependencies or impact on other customers of the hosting provider.
But does a dedicated hosted environment like the one described above offer any benefits over running a payments system in-house, especially if both options involve licensing, configuring and operating a payments switch developed by a software vendor? We offer customers the choice of both, but an advantage of the dedicated hosted environment is that the staff responsible for operating the system are experts in both the payments industry and the applications they are responsible for operating.
In our forthcoming white paper, we describe retailers’ attitudes toward outsourcing(reminder to please register to receive your copy). Outsourcing to a PCI-compliant hosting provider eliminates many of the retailer’s systems from PCI scope; however the card reader cannot be moved to the cloud because it is a physical device, so it remains in scope. Fortunately, P2PE can be combined with outsourcing to address security concerns around the card reader.
You should consider outsourcing your payments processing to a company that is entirely focused on payments, can accommodate all of your requirements, offers you a choice in selecting which acquirers, comms provider and PED suppliers you are going to work with, and is able to support you in your future growth.
Thanks for reading this far; part 4 will be the last in this blog series and will tackle the question “does new technology help or hinder?”. It will be released together with the white paper.
My name is Michael Kyritsis, I’ve worked in the payments industry for 17 years, and I’m employed by ACI as lead solution consultant. Throughout my career I’ve been determined to see how EFT software is used by real customers, and I am continually discovering that each customer has unique requirements – there’s no one-size-fits all solution. Similarly each customer has unique perspectives to contribute to a collective “industry view”. Distilling this industry view, and seeing how it compares to our solution’s capabilities is both reassuring and challenging. I’ve concluded that in the ACI retailer solution we have the expertise and products to build a solution perfectly tailored to the requirements of the largest and most demanding global retailers.