SoePay Turns Mobile Devices into Payment Terminals on AWS
SoePay is a Hong Kong–based payments solutions provider. By using AWS serverless architecture, SoePay launched SoePay SoftPOS, a secure, software-based contactless payment solution, in three months. The Fintech uses AWS Fargate and Amazon ECS to scale its infrastructure, AWS KMS to manage cryptographic keys, and Amazon Redshift to store data from merchants’ smart devices.
Our goal is to recruit 1,000 merchants over the next two years, and AWS enables us to scale our infrastructure easily to meet these growth targets.”
Director of Digital Payment, Spectra Technologies Holdings
Facilitates Contactless Payment Capabilities for Merchants
Small merchants are the lifeblood of Hong Kong’s retail industry, relying mostly on cash transactions. But when the pandemic hit in 2020, 62 percent of the city’s consumers said they favored contactless digital payments for in-store purchases, which are deemed more convenient and safe.
Hong Kong–based payment solutions provider and payment facilitator SoePay, a subsidiary of Spectra Technologies Holdings Co. Ltd., enables merchants to securely accept credit card and QR code payments on their mobile devices. In March 2021, the company launched SoePay SoftPOS, a software-based point-of-sale (POS) payment solution that can turn any NFC-enabled Android mobile device into a payment terminal.
With SoePay SoftPOS, consumers can tap their contactless credit cards on the merchant’s NFC-enabled mobile device for payment transactions. The solution also supports QR code payment such as WeChat Pay, Alipay, and Faster Payments System (FPS).
Develops SoePay SoftPOS in 3 Months on Serverless Architecture
When SoePay first started out in 2020, the Fintech contemplated running its infrastructure either on premises or on the cloud. It eventually decided on the Amazon Web Services (AWS) Cloud because of the range of solutions available, the cost savings, and, most importantly, AWS’s compliance with the Payment Card Industry Data Security Standard (PCI DSS).
“The AWS Cloud provided us with a comprehensive, secure, and cost-effective infrastructure compared to our options for hosting our solutions on premises,” says Ki Liu, solution architect at Spectra Technologies Holdings.
SoePay built SoftPOS and other payment solutions, such as its payment gateway, terminal management system, and merchant portal, using the AWS Fargate serverless compute engine on Amazon Elastic Container Service (Amazon ECS). This enabled the business to scale seamlessly while growing its operations and quickly launching new features, such as merchant reporting and statistics as well as POS inventory management. Scalability is a feature that’s particularly appreciated by SoePay’s lean team of 20 people focusing on product development.
“With AWS serverless and container services, we could launch SoePay SoftPOS in just three months. We didn’t have to spend a lot of time and resources managing our backend infrastructure. It took us one month to establish our backend and the remaining two months to develop our apps and merchant onboarding system,” says Damien Chow, director of Digital Payments at Spectra Technologies Holdings.
Meets Digital Payment Industry Security Standards in 6 Months
SoePay SoftPOS is Hong Kong’s first payment solution to be certified under PCI Contactless Payments on COTS (CPoC), a data security standard for contactless payment solutions through a commercial off-the-shelf (COTS) mobile device, without requiring any additional hardware.
“PCI DSS is a must-have for any payment solution provider. We received our certification in six months because AWS is already PCI DSS–certified. In an on-premises environment, this could take up to two years,” says Sum Lam, system architect at Spectra Technologies Holdings. SoePay is also accredited with ISO 27001, an international standard for information security management systems, and is on the Visa Global Registry of Service Providers.
The Fintech is using AWS Key Management Service (KMS) to control and manage cryptographic keys and control its use across difference AWS services and Amazon CloudWatch to monitor applications on the backend. It’s also using Amazon Virtual Private Cloud (Amazon VPC) to support the processing, storage, and transmission of credit card data. “We’re dealing with a lot of sensitive data, and we need to ensure data security and privacy so our customers can use our services confidently,” explains Damien.
Channels Resources to Innovation Versus Infrastructure Management
In addition to time savings, SoePay would have had to invest in additional resources to achieve PCI DSS compliance in an on-premises environment. This would have meant maintaining a highly secured data center and a large team to manage the physical infrastructure and hardware. “Based on our experience, it would have cost us millions of dollars to launch SoePay SoftPOS on premises,” says Damien.
SoePay only has to dedicate one resource to manage the AWS infrastructure. The Fintech is leveraging AWS Business Support for round-the-clock technical support and architectural guidance. “We can channel our resources to focus on product development and value-added features instead of infrastructure management. We’re currently exploring new payment solutions such as digital currency and e-wallets,” adds Damien.
Turns Mobile Devices into Payment Terminals in 1–2 Days
Time and cost savings are passed on to merchants as well. Many small merchants undergo a lengthy application and approval process of up to several months when they apply for a payment terminal from banks. But with SoePay SoftPOS, merchants don’t need to procure physical payment terminals or additional hardware. They can simply download the SoePay SoftPOS app from the Google Play Store, submit the required documents for approval via the app, and use their mobile devices to accept credit card payments in just one to two days. New features can also be delivered through app updates in the Google Play Store.
To attest the security of the SoftPOS app and mobile devices, SoePay collects gigabytes of data from its merchants’ mobile devices at fixed intervals in accordance with PCI CPoC, such as when the app starts or upon request by backend systems. This data is captured and stored in a data warehouse built using Amazon Redshift, which triggers an AWS Lambda function to monitor the health and integrity of the devices.
The collected data is then displayed on SoePay’s merchant portal, Merchant & Acquirer Revenue System, which helps merchants manage their smart devices and review sales revenue remotely. The real-time portal also includes an overview of transaction history, customer receipts, reports, and sales summaries.
Damien concludes, “We’re looking at integrating artificial intelligence and machine learning to process our transaction data and provide our customers with valuable insights. Our goal is to recruit 1,000 merchants over the next two years, and AWS enables us to scale our infrastructure easily to meet these growth targets.”
To learn more, visit aws.amazon.com/startups/Fintech.
SoePay, a subsidiary of Spectra Technologies Holdings, develops and promotes the latest payment technologies to merchants in Hong Kong. March 2021 saw the launch of SoePay SoftPOS, a software-based contactless payment solution that can turn any NFC-enabled Android mobile device into a payment terminal.
Benefits of AWS
- Develops software-based contactless payment solution in 3 months
- Obtains PCI DSS compliance in 6 months
- Reduces approval time for new merchant onboarding to 2 days
- Reduces infrastructure management
AWS Services Used
AWS Fargate is a serverless compute engine for containers that works with both Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service (EKS). Fargate makes it easy for you to focus on building your applications.
Amazon Elastic Container Service
Amazon Elastic Container Service (Amazon ECS) is a fully managed container orchestration service that helps you easily deploy, manage, and scale containerized applications.
No other data warehouse makes it as easy to gain new insights from all your data. With Redshift, you can query and combine exabytes of structured and semi-structured data across your data warehouse, operational database, and data lake using standard SQL.
AWS Lambda is a serverless compute service that lets you run code without provisioning or managing servers, creating workload-aware cluster scaling logic, maintaining event integrations, or managing runtimes. With Lambda, you can run code for virtually any type of application or backend service - all with zero administration.
Companies of all sizes across all industries are transforming their businesses every day using AWS. Contact our experts and start your own AWS Cloud journey today.