A Tailored PSP Solution Development Case Study: Discovery Stage
26 March, 2024 7 min read
- PSP white-label deployment stages
- Stage 1.ย Discovery phase
- Frequently asked questions
Table of contents:
This article marks the beginning of a series delving into a specific case from Boxopay’s practice of developing a custom PSP solution using our white-label payment gateway. Here, we kick off the narrative of how we delivered a turnkey Payment Service Provider (PSP) solution for a client servicing online stores in their region.
Our approach differs from other companies, which typically provide white-label gateways through the SaaS model, where the payment gateway is hosted on the vendorโs servers. While we could have opted for the SaaS model, in this particular case, we proposed a tailored payment service provider solution that involves deploying an on-premises payment software platform tailored to the specific needs of our client. In this case, our team conducted all engineering, R&D, and project management tasks independently, without requiring any technical or organizational resources from the client.
Building the ัustom PSP infrastructure took us just over 6 months. This journey involved a comprehensive approach, including selecting a cloud provider, foundational preparation and establishment of PCI DSS infrastructure, deploying and configuring the application with client branding, undergoing PCI DSS audit and certification, integrating with the acquirer, and onboarding the first merchant up to the first real transaction.
Throughout the implementation of this tailored PSP solution, a team of three specialists was consistently involved: an IT project manager, a DevOps specialist, and a system administrator. Additionally, a separate team was allocated to develop the connector with an acquirer for this custom PSP project.
PSP white-label deployment stages
The process included five distinct stages, each playing a crucial role in the creation and integration of the acquiring infrastructure.
- The discovery phase for PSP solution served as the foundation, in which we meticulously identified theย client needs and drafted a detailed work plan and schedule of tasks and requirements for their implementation.
- During the PSP infrastructure setup phase, we embarked on deploying a robust multi-product infrastructure, ensuring it met the strict PCI DSS Level 1 standards. Our quest led us to search for a provider capable of constructing a PCI DSS-compliant infrastructure, weighing options between cloud solutions and dedicated servers. Among the solutions we explored, we also considered the offerings of various cloud providers for a turnkey PCI DSS-compliant infrastructure. This stage resulted in creating and configuring essential servers, establishing connectivity between them, and installing the necessary system software.
- Deployment of PSP software and PCI DSS certification phase. The project entailed establishing two infrastructures: one for testing and one for production, with limited administrative access to the console server. Initially, we initiated deployment by establishing a DNS server and a local repository for component updates. We then proceeded with configuring the Docker repository and setting up the application control server, followed by deploying the database management system.Additionally, we configured application servers 1 and 2 and balanced traffic between them. For security measures, we installed antivirus software, set up log storage, configured HIDS/HIPS, and established system and application monitoring.
The final stages involved deploying the document management system, stress testing, conducting a PCI DSS audit, and completing certification. With the successful certification, we proceeded to the projectโs final phases. - The branding and integration with acquirers phase centered on seamless integration of our personalized PSP software with local acquirers via the eCom scheme. During the preparatory stage of integration, we reached out to the acquirerโs technical specialists to obtain integration documentation and testing plans. With this information, we set up testing channels, verified connections, and proceeded with developing and testing the functionality.
We also customized the software with the clientโs branding during this stage. And to ensure a successful start we conducted training sessions for the clientโs team and assisted in the smooth launch of the first merchant. - The pilot transaction. The final stage ensures that the tailored payment system is efficient and ready to โgo liveโ and process live transactions with real cards through the first merchant who has completed the onboarding process. After conducting technical and product training for the clientโs staff, we smoothly transitioned the infrastructure to their control.
Through this series of articles, we aim to provide a comprehensive overview of our journey, offering valuable thoughts and best practices for those seeking to establish a trustworthy payment infrastructure.
Stage 1.ย Discovery phase
Letโs start by delving into the beginning of our project journey, where weโll explore the initial Discovery phase and discuss the valuable insights weโve gained along the way. The Discovery phase for payment service providers marks a crucial starting point, where our teamโs core focus was to collect and analyze vital information, laying the groundwork for the entire project. During this step, we made sure that all stakeholders were aligned in terms of goals and expectations.
Our approach involved more than just providing a pre-packaged system with a fixed set of features. Instead, we offered a solution-building service. During the Discovery stage, our primary focus was to determine the specific business challenges we were facing. Following thorough research, we outlined our goal: to develop an e-commerce Payment Service Provider (PSP) capable of routing transactions between two acquirers, supporting Apple Pay and Google Pay, enabling OCT, and seamlessly integrating with merchants via a server-to-server scheme.
At the heart of the Discovery phase lies the detailed project implementation plan, carefully crafted by the team. This plan serves as a guiding blueprint for all further actions, including collaboration with third-party contractors.
During this phase, we unearthed a crucial detail: the local regulations in our clientโs jurisdiction mandate that the server infrastructure for custom PSP and similar tailored payment solutions must reside within the countryโs territory. We incorporated this requirement into our project implementation plan. This requirement narrowed down our options to just two virtual server providers that met the necessary specifications and operated within the country.
Eventually, the client selected one of these providers, finalized an agreement with them,ย and granted us the necessary access. However, we discovered that the chosen provider had some limitations. As a result, we adjusted our plan to include the installation and configuration of third-party applications such as a mail server, balancer, and DBMS, as these were not provided by the chosen provider.
In this phase, we also shortlisted the banks the client intends to collaborate with. It became evident that we would need to undergo the integration process with each bank based on their respective documentation and successfully complete integration tests.
In response to the clientโs safety concerns, we performed a thorough risk assessment, identifying potential threats and opportunities that could influence the projectโs success.
Overall, the discovery phase in custom PSP development is critical as it helped us to establish the projectโs foundation and sets the direction for further phases. Stay tuned for upcoming articles detailing the further stages of the project.
Frequently asked questions
How can Boxopayโs tailored PSP solution benefit my business?
Boxopayโs tailored PSP solution is designed specifically to meet the needs of your business. By providing an on-premises, custom-built platform, it gives you full control over the payment infrastructure, allowing for greater flexibility, customization, and security compared to standard SaaS models. This ensures you can offer unique payment services to your merchants, align with local regulations, and scale your operations without depending on external vendors for critical infrastructure.
What features are included in Boxopay’s custom PSP solution?
Boxopay’s custom PSP solution includes PCI DSS-compliant infrastructure setup, branding customization, integration with local acquirers, support for Apple Pay and Google Pay, OCT (Original Credit Transactions), and a server-to-server integration scheme for seamless merchant onboarding. It also involves continuous monitoring, stress testing, and a rigorous certification process to ensure operational reliability.
How long does it take to implement Boxopayโs PSP solution?
The complete implementation of Boxopay’s tailored PSP solution typically takes around six months. This includes the discovery phase, infrastructure setup, software deployment, PCI DSS certification, acquirer integration, and the first live transaction. The timeline may vary based on your specific requirements and external dependencies like local regulations or third-party service providers.
Want to know more about prices and services at each stage?
Check out our turnkey PSP setup package – the easiest way to start your business