Aiming for the One-click Buy

Several studies recommend eCommerce companies to store customer’s payment and shipping information on their servers. With this data, eCommerces can deliver a “one-click buy” user experience, or very close to it.

This approach has a relevant impact at a business level, achieving extremely high conversion rates from its existing customers. The one-click buy simplifies the complexity of online ordering, especially when you want to facilitate the completion of these transactions on mobile devices.

To legally implement the desired one-click buy, your e-Commerce must be PCI compliant.
At CAPSiDE we have already helped our clients to certificate their eCommerce sites.

PCI Compliance

Assessing alternatives to PCI Compliance

To certificate many of the security aspects required for the PCI Compliance, companies normally go for license-based tools with associated additional costs. When working on AWS environments, these tools are not the best solution, because they don’t allow customization, configuration or parameterisation of many aspects of the integration.

Within an Amazon Web Services Account scope, we cannot enclose which are the specific systems to be monitored for certification. So, any integration with third-party software has a high impact in all the services existing under the same AWS Account. The tools that are normally used as potential alternatives for PCI Compliance certification are trite for infrastructures designed with auto-scaling groups (ASG), as all instances creation and destruction are dynamic in order to adapt to the real demand of the infrastructure (for example, in sales periods).

Our SysArchitects engineers designed a solution, with an additional layer of intelligence, that fulfils all the required and relevant aspects, as timestamps and event traceability both at app and platform levels, for the PCI Compliance audit.

CAPSiDE’s solution

CAPSiDE designed and implemented some proofs of concept to determine the best solution for our client’s project. The use of AWS Config substituted other commonly used third-party tools, and our team developed event-triggered tasks to evaluate CloudWatch Events. However, these first PoCs were not sufficiently flexible approaches to substitute other widely used tools. So, after the viability evaluation of other different technologies, our team designed a brand new solution, including:

With this solution, they are able to get metrics and event traceability, and therefore they can audit for:

Contact us if you want to know more about this solution and how can we help your e-commerce to be PCI compliant.

TAGS: aws, cloudtrail, one-click buy, pci compliance

speech-bubble-13-icon Created with Sketch.
Comments
Bryanne Vega | January 4, 2017 10:24 pm

We’re a little confused with the PCI subject regarding it’s compliance in AWS Lambda & DynamoDB.

Are these services compliant?

Do you offer services to develop a gateway using these services and the above mentioned metrics & logs to achieve a server-less compliant service?

Let us know if we’re on track or our comment is not relevant to this post.

Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*
*