Flight journal

A journey in ProcessOut's mission control

Introduction to PCI DSS

by Louis-Paul Dareau on

ProcessOut recently got certified for full PCI DSS (Payment Card Industry Data Security Standard) compliance. We went from zero to being compliant in just three months of an engineer’s time and got our final attestation a few weeks ago. I’m starting a series of posts about the process, from the basics we stumbled upon, to the techniques that saved us weeks of work. This is some general information to understand how the standard works, and who it applies to.

Dive in (8 minutes read) →

Zero-downtime Elasticsearch migrations

by Manuel Huez on

Back in January, I wrote a small paper on how we built a resilient Elasticsearch based search and analytics at ProcessOut. However, we left out a pretty important part: how we chose to plan our indexes migrations without impacting our users.

Dive in (2 minutes read) →

Automatons for integrity

by Guillaume Merindol on

Bugs are always messy. Though they become more of a problem when you’re dealing with anything of value. And what’s more valuable than money? Handling payments is really delicate, one anomaly can have quite the impact: from the simple “wrong amount” bug to the complex exploit. Running tests and in huge quantities is a must, but so is being intelligent about it. How do we do this? Automatons, also known as finite state machines. FSMs can be used to detect anomalies, and thus preserve the integrity of any state-driven system. Here, it’s less about using FSMs to solve your problem, but more about using them to check on you.

Dive in (5 minutes read) →

Resilient Elasticsearch based search and analytics

by Manuel Huez on

One of the common startup issues is providing customers with powerful search results and intelligent analytics. At ProcessOut, this need arised from the very beginning, as companies need to be able to search for a specific transaction or customer, and see how their business is doing, all in real time. For example, we offer our merchants analytics for their conversion and authorization rates, failed transactions charts, card details and much more.

Dive in (2 minutes read) →

The secret life of a transaction

by Gregoire Delpit on

In our post, The Payments Crew, we presented the different players involved in an online transaction. Now we’d like to take a look at the journey of an online transaction.

As a customer, you have probably noticed that when you pay with your payment card, the money is not debited instantly from your bank account. This is because when you click “Pay” you are not really sending the money to the merchant as you would for a cash transaction.

Dive in (2 minutes read) →

The Payment Crew

by Gregoire Delpit on

Online payment is a complex ecosystem and too often only experts succeed to navigate into it. The objective of this article is to provide, in less than 500 words, a simplified overview of the players involved in an online transaction. If words like Issuing Bank, Acquirer, Processor or Gateway do not sound familiar to you, this article is for you.

Dive in (1.5 minutes read) →