Version 1's AWS Expertise Accelerates Optimus Cards' Growth
Optimus Cards Group is the leader in providing white label debit card programs. Optimus Cards addresses a longstanding problem that credit unions face: the provision of their own debit cards to consumers.
Optimus Cards, a young and rapidly growing business engaged Version 1 as a Next-Gen AWS Managed Service partner. Very quickly thereafter, an opportunity arose for Optimus Cards to become one of the few organisations in Europe approved as Mastercard ‘Principal Members’. This would mean that Optimus Cards customers could become an affiliate member of Mastercard and issue cards in their own right under the Optimus Cards Bin.
Reacting Rapidly to Business Opportunities
Debit cards rely on a complex ecosystem of transaction processors, funding agreements, settlement structures, gateways and more. Each of those functions requires a high-level of security, stability, authorization, and authentication. To help credit unions across the UK and Ireland to overcome these challenges, Optimus Cards looks after these complex ecosystems, providing white label debit card programmes.
The Payment Card Industry Data Security Standard is an information security standard for organisations that handle branded credit cards from the major card schemes. The PCI Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council. A programme of activities was required to comply with the requirements of this partnership.
To achieve PCI compliance and facilitate the technical requirements of becoming a Mastercard member, Optimus Cards initiated a new project with Version 1 as an advisor and delivery partner to support its business in this programme of activities.
Facilitating the Exchange of Cross-Geographical and Cross-Cloud Information
Integrating services with Mastercard would require a method for Optimus Cards to communicate information from its on-premise servers in Birmingham to the Public Cloud (AWS), through to the Orange Cloud and back to the Mastercard on-premise servers in Amsterdam.
Version 1 implemented a Transit VPC between Optimus AWS to Mastercard in Orange Cloud using AWS Direct Connect and Cisco CSRs purchased from the AWS marketplace.
A transit VPC is a common strategy for connecting multiple, geographically disperse VPCs and remote networks in order to create a global network transit center. A transit VPC simplifies network management and minimises the number of connections required to connect multiple VPCs and remote networks.
AWS Direct Connect makes it easy to establish a dedicated network connection from the customer’s premises to AWS. Using AWS Direct Connect, the customer can establish private connectivity between AWS and their datacentre, office, or colocation environment, which in many cases can reduce network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections.
Implementation of Two-Factor Authentication
Institutions must have strong two-factor customer authentication in place for PCI compliance.
Version 1 implemented a solution that put in place two-factor authentication for users to access the Optimus Cards UAT and production domains hosted by AWS.
All users (from Optimus Cards, Version 1 and 3rd parties) must log in to the system using two-factor authentication which consists of a unique QR code.
Security Software, Anti-Virus and Threat Detection
Version 1 launched Qualys Scanners using AWS Marketplace AMIs for Optimus Cards to scan for any possible security and compliance issues. Qualys would deliver accurate scan reports to Optimus Cards to find and fix PCI compliance issues.
Following this successful implementation by Version 1, Optimus Cards made the decision to also integrate this solution into its ongoing threat detection activities to ensure the highest possible levels of security.
Version 1 also created a FIM (File Integrity Monitoring) server using open source OSSEC to address any anomalies/changes in the environment. The FIM server monitors all servers in the environment and now reports directly to Optimus Cards.
A Sophos Antivirus server protection console was also created for the customer. Agents were installed across the board. Alert Logic Threat Manager was deployed and configured to detect any malicious threats i.e. OpenVAS scans, SQL injections, etc.
Real Differences, Delivered
Version 1 Successfully Supported Optimus Cards in:
– Achieving PCI Compliance
– Accelerating IT requirements to integrate as a Mastercard ‘Principal Member’
– Delivering a programme of activities with no downtime and minimal business disruption
– Responding to opportunities rapidly to enable the business to continue to grow rapidly
Continuous Service Improvement
Following on from a successful programme of activities to support Optimus Cards in its growth objectives, Version 1 kicked off Phase 2 of the project in Q4 of 2019 which included migrating AWS VPN classics to new Cisco instances. Version 1 consultants work tirelessly to drive Customer Success and therefore suggest and implement improvements for customers on an ongoing basis across all projects. Migrating the AWS VPN classics was a CSI (Continuous Service Improvement) suggested by Version 1 as this would allow all VPNs to be centralised in a HA cluster that network engineers would have OS level access to. It was also implemented as a cost saving measure as each AWS classic VPN that had an independent cost was replaced by VPNs on the new CSRs which would be included in the instance running cost the customer was already responsible for from Phase 1 of the project. This migration was highly successful and Version 1 continues to support the customer through an AWS Next-Gen Managed Service.