Elevating the Security of One of the Biggest Independent Merchant Services CRM

Industry: FIS
Service: DevOps-as-a-Service
Duration: Ongoing for 4+ years

About Project
The client is a leading independent Merchant Services CRM, a part of the global payment enablement platform. It strengthens businesses in USA, UK, and Europe, covering 140M+ monthly transactions for more than 400,000 active merchants. Working in a strict FIS field, the company is bound to provide customers with highly secure and robust solution.


active merchants


secure transactions


payment volume

Client's Goals
Improve security
Speed-up problem investigation
Automate incident response
Client's Challenges

Strict Requirements

Managing day-to-day financial transactions for thousands of active merchants, the client operates under the strict requirements of the FIS industry. Ensuring system reliability, operational resilience, and user confidentiality isn't merely a preference but a necessity.

Limited Team Capacity

With a small team in charge of the whole infrastructure, the client had absolutely no chance to treat all the issues and unpredictable situations out there with enough attention. Finding a way to optimize the workflow while staying on budget became crucial.

Security Compliance

The client wanted to gain a few industry-mandatory security compliances to give users even stronger quality guarantees. Getting them required the team and the product to make some changes. Here's where the client also needed help.

We keep deepening the expertise to meet your highest expectations and build even more innovative software
OpsWorks Co. Solution

Threat Detection System

Creating another layer of validation for potential security risks, our team adopted the Amazon GuardDuty threat detection system, complemented by its latest EKS Audit Log Monitoring and EKS Runtime Monitoring features. With a tool that uses machine learning, anomaly spotting, and integrated threat intelligence to identify and prioritize potential risks, our team can now proactively manage data flow and address critical threats faster.

Automated Threat Response

With GuardDuty onboard, OpsWorks specialists gained a chance to automate 24/7 system monitoring. Taking it one step further, our team set up an automated incident response. The moment the system identifies malicious activities, it promptly adjusts security parameters and enforces access controls, making it possible to stop and prevent threats without team involvement.

Security Compliance Gaining

System and approach improvement helped the company to gain 4 security compliances, including SOC2, PCI DSS, HIPAA, and Google Certified Developer. By embracing industry-standard regulations, the client transformed security into a competitive advantage.

Results and Benefits
Reduced reaction to security threats from 24h to 2h
4 security compliances gaining
Technology Stack