One of Qualicom’s clients has a fraud case management system that allows their customers to submit applications for credit cards, loans, line of credit accounts, and so on, and check for potential fraud. Applications can be submitted online or via batch jobs and are then checked against a data consortium that shares known fraud data anonymously with its clients.
While the business model remains sound, the technology platform had become dated. It was difficult to maintain, challenging to scale in response to continued growth, and lacked the flexibility to conform to constantly changing security policies. To help resolve these issues, the client decided to migrate the system to a new cloud platform.
A significant challenge was how to manage the continually changing landscape of security threats. This was an especially high priority given the nature of the content—personally identifiable information (PII) from some of the largest Canadian corporations. The stringent security requirements included least privilege, data encryption, retention policy, and security monitoring.
The complexity of the system required that it be divided into a number of components. The data consortium was developed by the client’s head office in the US. The fraud analysis UI was provided by a third-party vendor product. Qualicom partnered with the client’s Canadian team to design and implement the integration of the data consortium, the third-party UI, and a variety of existing data transfer channels.
What we did
- The online module was deployed to AWS ECS, which helped manage the instances and start a new one in the event of failure. Auto-scaling provided the flexibility to adapt dynamically to increases or decreases in work load.
- The batch module was executed only as needed, with the environment scaling to the size of the batch, minimizing cost.
How it helped
- Providing data encryption for data at rest and in S3 data storage was made possible with only a few lines of code using the KMS programming library.
- Separating the environment-specific and infrastructure configurations from the code base promoted consistency between the environments.
- Tracking and managing these configurations using GitHub and deploying to the cloud using the Terraform script and a Jenkins pipeline streamlined the process so that the build process was fast and reliable.
- The security team was able to monitor and analyze cloud system logs, including CloudWatch and CloudTrail, using AWS Kinesis.