Secure credit card store

Scenario: Credit card information is stored in a 3rd party gateway service to meet pci-dss compliance requirements. Besides cost at scale, it was limiting the user experience to present the card information in innovative ways.

The Ask: An inhouse secure store that can

1. integrate easily with existing apps and services

2. scale to support millions of customers with API operations at p99 less than 100ms

3. flexible to secure data beyond cards

4. support PCI DSS compliant and non-compliant clients

Solution: The solution is built using lightweight secure libraries and keys are managed in AWS KMS

1. Single-use tokens are provided to retrieve PANs for short duration

2. Provides masked/truncated data for PANs to display in apps

3. Multi-tenant store to isolate PANs by any combination of client or group

4. Expired PANs are deleted on a scheduled maintenance cycle

5. Audit trail of every API call with latency and customer id

6. Communication

between servers is via grpc and protobuf is the in-memory data format

The data is secured with the following design principles

1. Card data is isolated from the token and key handling system. Separate databases are deployed

2. Keys are rotated by lifetime and number of cards encrypted, so any exposure of a single key limits the number of cards affected

3. Keys and unencrypted data are never stored on a disk

4. Card data and keys when needed are held in memory in encrypted form for short durations

5. Sensitive info is never written to logs

A design view of the system

The solution delivered card retrieval at a p99 of 50ms and card additions at p99 of 100ms, delivered from 2 cores and 2GB RAM in a cluster mode of load balancer and distributed cache, under a sustained load of 100rps for 10 mins.