Payment card industry

I have not posted anything for a long time because I moved to chennai and started working for the payment card industry. Now I am working on a merchant acquiring system. This type of industry has strict SLA’s and a high level of security governed by PCIDSS and many other specifications.

These are the main architectural constraints of this project

1. Job scheduling and lodging of settlement and other files according to various timezones.

2. A fully multi-lingual website.

3. Auditing of logs, security & code reviews. Automatic notification of potential security breaches.

4. 24×7 operation with local and Disaster recovery.

5. Straight through processing of merchant card transactions.

6. PKI infrastructure

and many other aspects.

The material available on the software technical approaches to handle all these aspects is either vast or scarce. Sometimes expensive software is required like SiteMinder SSO solution or Data lifecycle management or File archival for longer periods.

I am turning to what people like Michael Nygard write.

I hope to blog more about

1. memcached

2. Multi-lingual web sites

3. Time zone handling and job scheduling

4. File transfer using various protocols like SFTP, FTPS etc.

Budget constraints mean that some tools that seem to be very useful like Splunk for log management or a full Identity LifeCycle Management tool like SiteMinder are not within our reach. Hope we can find alternate Open-source solutions.