Around the Clock
Payments Require
Around the Clock
Cloud Solution

Splitit is a global payment solution enabling shoppers to pay for purchases with an existing debit or credit card by splitting the cost into interest-free monthly payments.  Splitit works by requesting authorization from the shopper’s card company, reserving the total purchase amount from the shopper’s available line of credit. Then, each month, according to the shopper’s payment plan, the installment amount is collected and Splitit requests authorization for the remaining balance.

The Challenge
Always Online, Always Reliable, Always Auditable

Splitit was looking to upgrade their former application, which was built as a monolithic, traditional application. This which means that any version upgrade effected all services provided via the application and deployment processes took significant amounts of time to complete and test. In addition, the payment card industry has a set of unique and severe data security standards, the PCI DSS.  Splitit was looking for a SaaS provider who would design and build a robust solution that would both shorten significantly upgrade time and maintain compatibility with the standards of this industry.

The Solution
AWS-based Tenant Isolation at the Application Layer

CommIT provided the global solution, from design to build and deployment, by utilizing a model that is truly a multi-tenant SaaS model. There was no need to create a separate database or schema per tenant, as the data that is received is similar in each transaction, such as credit card number, sum of purchase, bank details of each party, etc. Therefore, the application works with only one database, and provides the isolation per tenant at the application layer, as per the requirements.

Whether via a Standard Web API, a live button embedded code, or a plug-in with leading e-commerce platforms, merchants and shoppers can now connect to Splitit’s services in a matter of minutes. To provide the scalability, flexibility and robustness requirements, we utilized AKS (Amazon Kubernetes Service) and Amazon RDS. Security provisions, including secrets, credentials, public and private keys, were established in KMS (key management services), Systems Manager secure Parameter store, AWS secrets Service and security audits with centralized security information event management system.

In addition, the CI/CD pipeline that was created, which incorporates within it the tenant isolation, allows for updates to be continually deployed with no significant effect on the application’s operation. The shift was from a switch and cut-over update, which sometimes meant a total ceasing of operations for the production environment, to a rolling update, which allows for the provisioning of additional resources and easily executable rollback to previous versions, within mere minutes.

For Splitit the upgrade means that instead of managing the application’s infrastructure and resources, they could now focus on the service they want to provide the market and on expanding their market share.

Financial Services Requirements
& Additional Advantages

The financial services industry requires setting up dedicated environments per tenant. Each environment means higher costs per tenancy, but the ability to truly manage each one securely and independently, by implementing measures such as tenant anonymization and centralized credentials for administration purposes, is crucial. The security provisions for each tenant’s environment – secrets, credentials and public and private keys – were established securely via AWS managed services, such as key management services (KMS), the systems manager secure parameter store, AWS secrets service and security audits, with a centralized security information event management system.

Another advantage of this model is the speed and ease of CI/CD automation. In the past, any new application version would entail significant end-customer downtime and could take many hours, or even days. Also, cloning environments – which are crucial for User Acceptance Tests (UAT) – was practically impossible and clones were often not truly reliable.

To ensure that no data is lost in case of catastrophes – natural or man-made – CommIT designed and built a Disaster Recovery as a Service (DRaaS) plan for Sapiens. From the moment the incident occurs – and the decision is made to recover data, applications and services in the DR environment (whether per tenant or the whole application) – automation scripts ensure that the impact on the business is minimal. CommIT’s scheme relies heavily on AWS resources: the DR database is activated on RDS, Amazon Route 53 updates the DNS records, and the application uploads itself from the latest Amazon Machine Images (AMIs) stored on Amazon S3.

The choice of AWS as the platform for this SaaS Solution was due to its versatility, strength and maturity. The tools and features unique to the AWS Cloud contributed to the success of this business-oriented project.

monitoring and support icon

Monitoring and Deployment

The comprehensive managed services solution proposed by Commit covered a large array of services: Network Operations Center (NOC), Security Operations Center (SOC), DevOps and backup and recovery. This extensive suite is hosted on AWS and utilizes its cutting-edge services. By monitoring the tenants’ performance and security status, problems are identified early and handled quickly, often before they have any real impact on the tenant users. Both AWS CloudWatch and 3rd party Datadog tool implemented for this monitoring.