Cloud technology in payments

12 Aug 2019

  • Digital transformation is the integration of digital technology into all areas of a business, resulting in fundamental changes to how businesses operate and how they deliver value to customers;

  • Companies are looking to cloud technology as a way of delivering flexible and on-demand access to the resources underpinning these new digital business offerings;

  • In 2018, Westpac spent 1.4 billion investing in its business including $800 million on system upgrades, digital transformation and innovation. It is the only bank in Australia to have implemented private cloud resources internally and externally.

 

Point of View

 

There is an increasing need for organisations to keep up with evolving customer demands; real time, cross channel, fast and frictionless. To meet these needs, digital transformation is a means to simplify and streamline internal processes and accelerate the delivery of new service offerings. Digital transformation is the “integration of digital technology into all areas of a business resulting in fundamental changes to how businesses operate and how they deliver value to customers.” Global spending on technologies and services to enable digital transformation will reach almost $2 trillion in 2022, approximately 10% of organisation revenue. 

 

As part of digital transformation programs, organisations are incorporating cloud technology as a way to achieve flexible and on-demand access to critical services. Cloud computing is “the delivery of computing services – including servers, storage, databases, networking and software over the internet.” This technology relies on shared computing resources rather than having local servers or personal devices to handle applications. According to Google Cloud CEO, Diane Greene, "we're early in the cloud. About 10% of the workloads have moved to the cloud. It's really clear [cloud is] a major vehicle for digital transformation."

 

In the payments landscape, there is a drive to improve the customer payments experience combined with the need for more efficient and scalable payment processing. To help achieve these goals, payment organisations are steadily moving their payment systems to the cloud.

There are different types of cloud computing services that organisations can leverage to accomplish their business goals.

 

 

These include:

  • Infrastructure-as-a-service (laaS) – A third-party cloud provider hosts the infrastructure components that are traditionally present in an on-premise data centre, including servers, storage and networking hardware.

  • Platform-as-a-service (PaaS) – A third-party provider hosts the hardware and software applications and provides access to approved end users over the internet.

  • Software-as-a-service (SaaS) – A third-party provider hosts software applications and makes them available to end users over the internet.

 

The significance of cloud computing for the payment industry is growing steadily largely because organisations are recognising the benefits that can be gained by adopting this technology.

  • Lower costs - By using cloud infrastructure, organisations can cut down on physical IT infrastructure that can be expensive to purchase and maintain.

  • Control - Organisations will have complete visibility and control over data that is stored in the cloud and can choose which end users have what level of access to what data.

  • Improved scalability - Cloud-based systems require less capital expenditure to implement than physical systems and are scalable to meet the changing needs of the business. Payment data is managed and stored via a data centre, so capacity is not an issue. Merchants can pay for what they need today and purchase more as their business grows.

Traditionally, Financial Institutions (FIs) have relied predominantly on hardware solutions. Card accepting devices like EFTPOS terminals have traditionally been built with stringent hardware security. Back-end payment processing has occurred through on-premise networks and servers. As part of digital transformation programs, FIs have the option to shift their payment systems, including networks and servers to the cloud. To date, FIs typically select a hybrid cloud environment, which is a combination of on-premises, public and private cloud solutions with data shared between them. Hybrid cloud infrastructure offers organisations a platform to access vast system and storage resources. They allow FIs to segment workloads over multiple networks and clouds (for example data on one and applications on another), and route traffic to partners and customers.

 

 

Implications

 

As FIs look to steadily shift their payment systems to the cloud, factors such as security of payment data and customer privacy need to be addressed.

 

In Australia, APRA updated its outsourcing regulations in July 2017. ARIs (APRA regulated institutions) are required “to perform due diligence and apply sound governance and risk management practices to their outsourcing of a material business activity including via their cloud services.”

 

Amazon Web Services (AWS) is one of the most comprehensive and broadly adopted cloud platforms. They have been delivering cloud services for over 12 years, servicing millions of customers. AWS offers over 165 services, with AWS Cloud spanning 69 Availability Zones within 22 geographic regions globally. Using AWS as a case study for vendor responses to APRA regulation, their User Guide states that cloud security is a shared responsibility. “AWS manages security of the cloud by ensuring that AWS infrastructure complies with global and regional regulatory requirements and best practices, but security in the cloud is the responsibility of the customer.” Additionally, AWS responds to three key considerations for cloud solutions as follows:

  • Compliance and industry certifications: AWS continuously audit their environment, with infrastructure and services being approved under several compliance standards and industry certifications across different regions.

  • Privacy: AWS also released a document “Using AWS in the Context of Australian Privacy Considerations” that addresses all privacy requirements for a cloud service provider.

  • Data protection: The AWS Asia Pacific (Sydney) Region is compliant with applicable national and global data protection laws. Customers have control over which AWS region is used to store and process data. This data will not be moved without the customer’s consent.

The payments industry is undergoing rapid change to keep pace with customer expectations. Organisations with the ability respond quickly to emerging technologies will be best positioned to deliver a superior customer experience. Cloud services is one component that can assist in enabling this outcome. For corporates, cloud technology is still at a relatively early stage of adoption. Many organisations are still considering which application to move and when, as well as how best to address the impacts from moving to cloud based services. Updated business processes are required to support data and applications being stored somewhere else other than a physical server.

 

 

The opinions and views expressed in this publication are those of the authors exclusively and do not purport to reflect the opinions, views or official policy position of AusPayNet or its members. This publication is also subject to the AusPayNet Terms of Use and Privacy Policy available on the AusPayNet website.

 

 

 

 

 

 

 

 

Please reload

Consumer
Centric
Technology and Innovation
Policy and 
Regulation
ARCHIVES
Please reload

Disclaimer

The opinions and views expressed in this publication are those of the authors exclusively and do not purport to reflect the opinions, views or official policy position of AusPayNet or its members. This publication is also subject to the AusPayNet Terms of Use and Privacy Policy available on the AusPayNet website.

 

Copyright © 2017 AusPayNet. All rights reserved.  

Read full Terms of Use

Privacy Statement