Application Security

Subscribe to Application Security: eMailAlertsEmail Alerts
Get Application Security: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Related Topics: Intel Virtualization Journal, Intel SOA Journal, Infrastructure 2.0 Journal, Startup Journal, Venture Capital, CIO/CTO Update, Telecom Innovation

Blog Feed Post

ATOS API: A zero cash payment processing environment without boundaries

When ATOS, a big corporate conglomerate (EUR 8.8 billion and 77,100 employees in 52 countries), decided that they wanted to become the dominant Digital Service Provider (DSP) for payments, they had a clear mandate on what they wanted to do. They wanted to build a payment enterprise without boundaries. [Wordline is an ATOS subsidiary setup to handle the DSP program exclusively]. One of the magic bullets out of that mandate was:

“The growing trust of consumers to make payments for books, games and magazines over mobiles and tablets evolving into a total acceptance of cashless payments in traditional stores and retail outlets bringing the Zero Cash Society ever closer.”

This required them to rethink the way they processed payments. They are one of the largest payments processors in the world, but they were primarily focused on only big enterprises and name brand shops using their services. Onboarding every customer took a long time, and the integration costs were high. After watching the smaller companies such as Dwolla, Square and others trying to revolutionize the world they decided it is time for the giant to wake up.

The first decision was to embrace the smaller vendors. In order to do that, they can’t be a high touch, very time consuming, takes forever to integrate and very high cost per customer on-boarding environment. They wanted to build a platform that is low touch, completely API driven, fully self-serviced, and continuously integrating yet provides secure payment processing transactions. In addition, they were also faced with moving from the swipe retail payment systems to support ePayment and mobile payments. Essentially, they wanted to build a payment platform that catered not only to today’s needs but flexible enough to expand and scale for the future needs and demands. They wanted to offer this as a service to their customers.

Besides, they also wanted to add value with services to the payment platform such as hotel booking services, loyalty systems, review and ratings sites integration, and the most dreaded – social network integration. Obviously, all of these new features required them to integrate with best of the breed providers to offer a complete platform so that the customers don’t have to integrate themselves with multiple vendors. This would become a dream payment platform offered as a business service as opposed to just a technology service.

This posed an interesting problem. They just can’t discard their existing solution set in trying to revamp everything new. It would be prohibitively expensive and could take forever before they come out to the market and lag the market behind their competitors. That means they have to integrate with existing backend systems, integrate with third party provider APIs yet provide a flexible API set which can be exposed as both internal and external APIs. In the current model, integrating every time for every new customer means higher start-up costs for on-boarding, therefore only high paying customers would consider it. Instead, they wanted to provide a repeatable, self-discovering, smaller and faster infrastructure, faster enablement and customer on-boarding, but most importantly the workflows and processes should be repeatable without a need for major customization for every customer on-boarding.

By doing this, they wanted to create a payment platform that would be secure and continue to serve today’s customers without a glitch yet open the platform up for the newer set of customers: the one’s that demand, API based, self-service enabled, creative front end platforms that use them as a pay as you go service model.

This would open up their payment APIs to a much bigger market. This helps them to move away from their current engagement model of trying to find customers to integrate with their platform in a costly and time consuming manner. Instead they allow their customers to find them, use them, and revolutionize them. In other words, they figured out a way to disrupt the payment processing market. They moved from being a traditional vendor to a nimble, quick to the market and creative vendor by letting the customers build the innovation pieces themselves using ATOS flexible interfaces (APIs). (Though this is a vision and not a current capability, this solution capability is expected to be available very soon.)

To do this, they needed a partner who could take the journey with them not only to help them enable this process, but someone who can help build a hybrid enterprise model. You can listen to the video by Matthew Headford, Worldline CTO, here, where he talks about the needs and the comparison of Intel’s solution with the leading competitors in this space. The need includes API gateway, API portal (segmented internal and external users), and API security/protection combined with the current legacy integration, API orchestration layer, integration with existing security model, and integration with third party API providers but most importantly why those Intel.

When it comes to API enabling your business, there is no need to disrupt the existing eco-system and build everything from the ground up. You need someone who can help you with surfacing APIs from existing systems, get your value proposition quicker to market, build the components that are missing, secure them to be equal to your industry standards or higher, but, most importantly, fit everything with your current eco-system.

Feel free to check out more details at

- Andy Thurai (@AndyThurai)

The post ATOS API: A zero cash payment processing environment without boundaries appeared first on Application Security.

Read the original blog entry...

More Stories By Application Security

This blog references our expert posts on application and web services security.