PayFort is a startup based in the United Arab Emirates that provides payment solutions to customers across the Middle East through FORT, its payments gateway. This platform enables organizations—small and medium-sized businesses as well as startups, government bodies, and large enterprises—to accept online payments via debit and credit cards. With the payment gateway integrated into their websites, companies can offer secure, easy payment facilities to customers across 80 countries. PayFort counts Etihad Airways, Ferrari World, and Souq.com among its customers. 

Since the company’s inception in 2013, PayFort has been driven by a singular goal: to simplify payments for its customers. And just as the firm helps customers concentrate on their core businesses rather than running their own payments systems, PayFort wanted an alternative to building and maintaining its own data centers. Its priority was developing secure, reliable services—not infrastructure management. “We needed an automated environment that would allow us to focus on creating an excellent application for our customers,” says PayFort’s IT director, Maha Abu Touq.

Compliance with Payment Card Industry Data Security Standard (PCI DSS) and International Organization for Standards (ISO) 27001 are central to PayFort’s payment services. As Abu Touq says, “We need to be trusted by the organizations that use our product, so that means ticking the boxes for compliance. But we didn’t want to spend the time and money doing this ourselves.” 

PayFort looked at a number of cloud providers and found that Amazon Web Services (AWS) was the best qualified, according to Abu Touq. AWS’s compliance credentials were key. “PCI DSS compliance was a crucial differentiator,” says Abu Touq. “The other services we considered didn’t offer PCI certification to the level we needed. As the first cloud provider to achieve the newest version of PCI DSS compliance—version 3.1—AWS delivers something its competitors don’t.”

The company chose to run FORT entirely on AWS technologies. It uses various sizes of Amazon Elastic Compute Cloud (Amazon EC2) instances—from t2 to m4—depending on compute requirements, with Elastic Load Balancing instances automatically distributing load between instances. Sensitive financial data is stored in Amazon Simple Storage Service (Amazon S3) across multiple Availability Zones, and resources are provisioned within a secure Amazon Virtual Private Cloud (Amazon VPC). PayFort operates in the US East (N. Virginia) and US West (Oregon) AWS Regions.

PayFort runs its Oracle database on Amazon Relational Database Service (Amazon RDS), which Abu Touq points to as, “another differentiator of AWS over other providers.” While it runs an in-house encryption service, PayFort is keen to move the service to AWS CloudHSM. “We think it’s a better use of our time internally to focus on the business, and using the AWS CloudHSM encryption service will allow us to do just that,” says Abu Touq.

Abu Touq says PayFort receives “robust support for any issues we face in day-to-day operations,” thanks to business-level AWS Support. “Our experience with AWS Support has been very good. Just recently, the tech team at AWS helped us when our Amazon RDS database was out of sync. It was all handled incredibly quickly and efficiently. The AWS Support team sent us multiple recommendations, and we implemented the one that suited us best, and solved the issue.” 

Credit card fraud can have a devastating impact on companies regardless of their size, potentially costing millions of dollars in revenue. This is why they choose specialists like PayFort to provide reliable and secure online payment platforms. Abu Touq emphasizes the significance that AWS’s PCI DSS compliance plays in this. “Security is the cornerstone of our business. Ensuring our environment has the highest level of PCI DSS compliance using AWS is crucial to maintaining our customers’ trust,” she says.

In addition to the assurance this gives clients, PayFort appreciates the ease and speed with which compliance credentials can be verified. “It would take a lot of internal resources to prove compliance if we didn’t use AWS technologies,” continues Abu Touq. “We would need at least five staff to maintain a PCI-compliant physical infrastructure, but on AWS we achieved this with just one system engineer. All the certification and reports that we require are at our fingertips. And if our auditors need any more information, all we need to do is ask our AWS account manager.”

On the overall cost of its payment gateway on AWS, Abu Touq says, “We calculated that running our product on AWS compared with an on-premises setup is 32 percent more cost-effective for us. The time and money required to operate physical resources can now be put to better use within the business, ensuring we continue to deliver excellent services to customers. We benefit from the automation that AWS technologies provide. With tools like Amazon RDS, Amazon S3, and Elastic Load Balancing we can create a true DevOps environment and get new features to market fast. Being able to do this helps us make our payment gateway an attractive proposition to customers across the Middle East.”

“For us,” the IT director concludes, “AWS is the cloud, and the cloud is the choice of the smart business of today.” 

To learn more about how AWS can help run your payments services in the cloud, visit our website and web app details page