A Tailored PSP Solution Development Case Study: Discovery Stage

Table of contents:

1. PSP white-label deployment stages
2. Stage 1.  Discovery phase
3. Frequently asked questions

This article marks the beginning of a series delving into a specific case from Boxopay’s practice of developing a custom PSP solution using our white-label payment gateway. Here, we kick off the narrative of how we delivered a turnkey Payment Service Provider (PSP) solution for a client servicing online stores in their region.

Our approach differs from other companies, which typically provide white-label gateways through the SaaS model, where the payment gateway is hosted on the vendor’s servers. While we could have opted for the SaaS model, in this particular case, we proposed a tailored payment service provider solution that involves deploying an on-premises payment software platform tailored to the specific needs of our client. In this case, our team conducted all engineering, R&D, and project management tasks independently, without requiring any technical or organizational resources from the client.

Building the сustom PSP infrastructure took us just over 6 months. This journey involved a comprehensive approach, including selecting a cloud provider, foundational preparation and establishment of PCI DSS infrastructure, deploying and configuring the application with client branding, undergoing PCI DSS audit and certification, integrating with the acquirer, and onboarding the first merchant up to the first real transaction.

Throughout the implementation of this tailored PSP solution, a team of three specialists was consistently involved: an IT project manager, a DevOps specialist, and a system administrator. Additionally, a separate team was allocated to develop the connector with an acquirer for this custom PSP project.

PSP white-label deployment stages

The process included five distinct stages, each playing a crucial role in the creation and integration of the acquiring infrastructure.

1. The discovery phase for PSP solution served as the foundation, in which we meticulously identified the  client needs and drafted a detailed work plan and schedule of tasks and requirements for their implementation.
2. During the PSP infrastructure setup phase, we embarked on deploying a robust multi-product infrastructure, ensuring it met the strict PCI DSS Level 1 standards. Our quest led us to search for a provider capable of constructing a PCI DSS-compliant infrastructure, weighing options between cloud solutions and dedicated servers. Among the solutions we explored, we also considered the offerings of various cloud providers for a turnkey PCI DSS-compliant infrastructure. This stage resulted in creating and configuring essential servers, establishing connectivity between them, and installing the necessary system software.
3. Deployment of PSP software and PCI DSS certification phase. The project entailed establishing two infrastructures: one for testing and one for production, with limited administrative access to the console server. Initially, we initiated deployment by establishing a DNS server and a local repository for component updates. We then proceeded with configuring the Docker repository and setting up the application control server, followed by deploying the database management system.Additionally, we configured application servers 1 and 2 and balanced traffic between them. For security measures, we installed antivirus software, set up log storage, configured HIDS/HIPS, and established system and application monitoring.
   The final stages involved deploying the document management system, stress testing, conducting a PCI DSS audit, and completing certification. With the successful certification, we proceeded to the project’s final phases.
4. The branding and integration with acquirers phase centered on seamless integration of our personalized PSP software with local acquirers via the eCom scheme. During the preparatory stage of integration, we reached out to the acquirer’s technical specialists to obtain integration documentation and testing plans. With this information, we set up testing channels, verified connections, and proceeded with developing and testing the functionality.
   We also customized the software with the client’s branding during this stage. And to ensure a successful start we conducted training sessions for the client’s team and assisted in the smooth launch of the first merchant.
5. The pilot transaction. The final stage ensures that the tailored payment system is efficient and ready to ‘go live’ and process live transactions with real cards through the first merchant who has completed the onboarding process. After conducting technical and product training for the client’s staff, we smoothly transitioned the infrastructure to their control.

Through this series of articles, we aim to provide a comprehensive overview of our journey, offering valuable thoughts and best practices for those seeking to establish a trustworthy payment infrastructure.

Stage 1.  Discovery phase

Let’s start by delving into the beginning of our project journey, where we’ll explore the initial Discovery phase and discuss the valuable insights we’ve gained along the way. The Discovery phase for payment service providers marks a crucial starting point, where our team’s core focus was to collect and analyze vital information, laying the groundwork for the entire project. During this step, we made sure that all stakeholders were aligned in terms of goals and expectations.

Our approach involved more than just providing a pre-packaged system with a fixed set of features. Instead, we offered a solution-building service. During the Discovery stage, our primary focus was to determine the specific business challenges we were facing. Following thorough research, we outlined our goal: to develop an e-commerce Payment Service Provider (PSP) capable of routing transactions between two acquirers, supporting Apple Pay and Google Pay, enabling OCT, and seamlessly integrating with merchants via a server-to-server scheme.

At the heart of the Discovery phase lies the detailed project implementation plan, carefully crafted by the team. This plan serves as a guiding blueprint for all further actions, including collaboration with third-party contractors.

During this phase, we unearthed a crucial detail: the local regulations in our client’s jurisdiction mandate that the server infrastructure for custom PSP and similar tailored payment solutions must reside within the country’s territory. We incorporated this requirement into our project implementation plan. This requirement narrowed down our options to just two virtual server providers that met the necessary specifications and operated within the country.

Eventually, the client selected one of these providers, finalized an agreement with them,  and granted us the necessary access. However, we discovered that the chosen provider had some limitations. As a result, we adjusted our plan to include the installation and configuration of third-party applications such as a mail server, balancer, and DBMS, as these were not provided by the chosen provider.

In this phase, we also shortlisted the banks the client intends to collaborate with. It became evident that we would need to undergo the integration process with each bank based on their respective documentation and successfully complete integration tests.

In response to the client’s safety concerns, we performed a thorough risk assessment, identifying potential threats and opportunities that could influence the project’s success.

Overall, the discovery phase in custom PSP development is critical as it helped us to establish the project’s foundation and sets the direction for further phases. Stay tuned for upcoming articles detailing the further stages of the project.

Frequently asked questions

How can Boxopay’s tailored PSP solution benefit my business?

Boxopay’s tailored PSP solution is designed specifically to meet the needs of your business. By providing an on-premises, custom-built platform, it gives you full control over the payment infrastructure, allowing for greater flexibility, customization, and security compared to standard SaaS models. This ensures you can offer unique payment services to your merchants, align with local regulations, and scale your operations without depending on external vendors for critical infrastructure.

What features are included in Boxopay’s custom PSP solution?

Boxopay’s custom PSP solution includes PCI DSS-compliant infrastructure setup, branding customization, integration with local acquirers, support for Apple Pay and Google Pay, OCT (Original Credit Transactions), and a server-to-server integration scheme for seamless merchant onboarding. It also involves continuous monitoring, stress testing, and a rigorous certification process to ensure operational reliability.

How long does it take to implement Boxopay’s PSP solution?

The complete implementation of Boxopay’s tailored PSP solution typically takes around six months. This includes the discovery phase, infrastructure setup, software deployment, PCI DSS certification, acquirer integration, and the first live transaction. The timeline may vary based on your specific requirements and external dependencies like local regulations or third-party service providers.