Omise Ensures Global Compliance by Going All-in on AWS
Localized Payment Product Portfolio
Cash may still be king in many Southeast Asian countries, but the payment landscape is rapidly changing. With a growing internet user base, digital forms of payments such as online transfers and eWallets are taking off in the region. A Bain & Company report predicts that 70 percent of consumers in Southeast Asia will have adopted digital means of payment by the end of 2020. Businesses should therefore be prepared to accept digital payments in multiple forms to maximize their revenues.
Omise, a leading FinTech in Southeast Asia, provides payment gateway services to merchants. Since launching in Thailand in 2013, the company has expanded to Japan and Singapore, and it plans to start operating in other countries in the region in 2021.
While Omise’s core products are its application programming interfaces (APIs) for processing debit and credit cards, the business also offers more than a dozen other products. These include mobile-based PayNow QR payments in Singapore, PromptPay in Thailand, and convenience-store payments in Japan. In its move to meet increasing demand for broader solutions supporting localized payment options, Omise recognized the need to take another look at its infrastructure to ensure compliance in different markets, launch new products quickly, and maintain high availability for its customers.
By using Amazon EKS, we don’t have to re-audit appliances each time we launch a product. We can use existing security certifications to get a product to market right away."
Chief Information Security Officer, Omise
Single Cloud Strategy Reduces Complexity
Until 2018, Omise had a multi-cloud strategy in place, successfully running workloads on Amazon Web Services (AWS) while experimenting with different cloud platforms to find the best fit for its technical requirements and development culture. That year, Omise decided to fully migrate to AWS because of the platform’s robust managed service offering and its integration with DevOps practices.
Reducing complexity was another motive for the migration. Since moving to the AWS Cloud, Omise’s compliance management process has become more straightforward. Omise is required to conduct annual audits for the government and banks in each country of operation, a process that is expedited with readily available documentation from the AWS Artifact repository.
“By choosing AWS as our single cloud provider, we can extend our cloud infrastructure to any country while adhering to the Payment Card Industry Data Security Standard (PCI DSS),” says Frederico Araujo, chief information security officer at Omise.
Containers Unlock DevOps Culture
Shortly after going all-in on AWS, Omise containerized its applications with Kubernetes by taking advantage of Amazon Elastic Kubernetes Service (Amazon EKS). Araujo says that this shift has unlocked an agile DevOps culture within his team and engineering departments. “All our developers have access to staging and production environments, so they can quickly deploy new applications as a microservice using Amazon EKS.”
Omise used to require a couple of months to launch a new product, but now engineers can take an idea from conception through testing to production in just three weeks. Time-to-market is particularly important in Japan, where Omise has many competitors that are domestic incumbents. Compared to a majority of its competitors, Omise has the advantage of modern technology with Kubernetes, which allows it to react quickly to changing market demands and provide real-time APIs.
Efficient Product Launches
Furthermore, because a containerized approach allows for isolated development with microservices, applications can be deployed outside the strict parameters of PCI DSS compliance, which applies to card transactions only. Araujo explains, “By using Amazon EKS, we don’t have to re-audit appliances each time we launch a product. We can use existing security certifications to get a product to market right away.”
Having a fixed IP address for Omise products also ensures new products can easily integrate with its banking partners’ systems. The company uses AWS Global Accelerator and a Network Address Translation (NAT) Gateway to provide banks with static customer-facing IPs for each of its products. “Banks have a lot of firewalls, and changes to their ‘white list’ of preapproved IP addresses can take anywhere from one to three months,” Araujo explains.
Clients Demand High Availability
Omise’s success as a FinTech is tied to its ability to guarantee high-availability systems. The enterprises it currently serves, such as Allianz and True Corporation, demand high availability even during peak processing times. Omise solutions offer 99.99 percent availability and are built to scale. By going all-in on AWS, the company has increased its maximum transaction volume tenfold, processing 10,000 transactions per minute during peak periods.
The use of Amazon Relational Database Service (Amazon RDS) is instrumental in maintaining Omise’s high-availability architecture. Multi-AZ database instances include cross-region replication, so even if a server goes down in Japan, servers in the AWS Asia Pacific (Singapore) Region can take over. “The best parts of Amazon RDS are the availability and automation. Managing databases is a hard job we can offload to AWS, while still maintaining the flexibility to customize and add database extensions,” says Araujo.
Visibility into Spending
Pricing is another reason Omise stays loyal to AWS. The company has started using AWS Savings Plans as a flexible alternative for its viable dynamic workloads. With its broad range of products, Omise requires different Amazon Elastic Compute Cloud (Amazon EC2) instance types to match each workload’s particular requirements. AWS Savings Plans give engineers the flexibility to use next-generation Amazon EC2 instances as soon as they are released, ensuring Omise’s technology stack is fully modernized.
“We are very confident we have a solid infrastructure with AWS and also very confident in the cost,” says Araujo. “We can better plan business expansion and have visibility into spending over the long term.”
To learn more, visit Containers on AWS.
Omise is a payments platform providing businesses with an end-to-end infrastructure to accept, process, and disburse payments online and offline. Omise operates in Thailand, Japan, and Singapore, and it is planning further regional expansion in coming years.
Benefits of AWS
- Maintains high availability with 99.99% uptime
- Launches new products in 3 weeks instead of 2 months
- Simplifies compliance and PCI DSS certification
- Secures workloads and ensures resilience across regions
- Controls costs while expanding
- Improves confidence with DevOps culture
AWS Services Used
Amazon Elastic Kubernetes Service (Amazon EKS) gives you the flexibility to start, run, and scale Kubernetes applications in the AWS cloud or on-premises.
AWS Global Accelerator
AWS Global Accelerator is a networking service that sends your user’s traffic through Amazon Web Service’s global network infrastructure, improving your internet user performance by up to 60%.
Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud.
AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS’ security and compliance reports and select online agreements.
Companies of all sizes across all industries are transforming their businesses every day using AWS. Contact our experts and start your own AWS Cloud journey today.