Licensing Linufix and all accompanying software referenced in this post are classified as free open source software under ...

4 Steps to Deploy Linufix as a Secure Payment Gateway



Licensing

Linufix and all accompanying software referenced in this post are classified as free open source software under GPL licensing scheme. This does not mean that commercial usages of these software, as a whole, or partially, are free of charge. Please do not hesitate to contact Macronodes for more information with regard to Licensing and Copyright.

Challenge of a PSP business

Before beginning with downloading and running Linufix as a Payment Switch,
I take this moment to highlight the business need for such product!

In a PSP business, more transaction means more revenue. But PSP businesses face an enormous technology challenge when they want to expand their transaction processing network or add new added value services to their transaction processing capabilities. Cost of implementation is a secondary challenge.

Linufix, being a free bank-grade Operating System, brings Performance, Scalability, Security, Integrity, and Availability of a payment switch to any transaction processing business.

Anatomy of a Purchase

A brief on the transaction flow in a typical purchase scenario:
 As the flow is shown in the figure above, 1 the Cardholder initiates the transaction at the merchant site on a PoS terminal, 2 merchant's terminal builds and sends a Financial Request 0200* in ISO 8583 format, and 3 merchant bank's acquirer switch (or any 3rd party PSP on behalf of the acquirer bank) receives the transaction and validates the merchant and terminal IDs, checks card information including expiry date, applies financial logic such as surcharge, rebuilt the transaction based on Card Scheme authorization format, and sends up the transaction to the Card Scheme (Visa for instance), 4 Visa, again here opens the transaction, validates the acquirer institution id, finds the corresponding issuer bank and reformat the message to issuer bank's format and submit the transaction to issuer's host. 5 Issuer host tries deducting the purchase amount from the cardholder's bank account and if approved, sends back an approval to the Visa network, 6 Visa, since the transaction is approved, sends an approval message to the merchant acquirer's switch, and here, 7, on successful response, the acquirer fills up all necessary clearing and settlement data so that it can later at the settlement time, sends them to Visa for clearing purposes. And finally, 8, the merchant receives an approved on their terminal and finalize the sale.**

* In some implementations an Authorization request is first sent to guarantee availability of fund in the cardholder's account. In this case a subsequent Financial Advice 0220 should complement the purchase. You may see such implementations in hotel payments where they tend to do a pre-authorization and hold cardholder's intended purchase amount and do a completion transaction request later at checkout.

Have this rule in mind when making a decision between 0100 and 0200 transactions:
  • If the transaction is to have an actual effect on the cardholder’s account, then you use a 0200.
  • If the transaction is instead to put a "hold" on funds in the cardholder’s account in anticipation of a settlement record to come later, then you use a 0100.
** Failure cancellations, Refund processing, Logon messages, and Cutover/Settlement transactions are also among important transactions in a payment processing cycle which I scope them out of this article.

What makes Linufix different?

Linufix will be the unified acquirer Gateway and Payment Switch in this lifecycle.

Linufix transaction switching solution is shipped along with a collection of crucial software and packages that facilitate security, performance and scalability of any acquirer switching business.
PSP businesses often deal with following challenges in their ongoing operations:

Switch software updates  

Card Scheme mandates, customer business requirements, internal software and database design problems, are among the cases for which PSP software teams need to make changes in the core switch. It often come along with lengthy testing period and possibility of introducing another defect in the core system. Risk of running into an unplanned downtime and panic moment is too high and in PSP business missing a single transaction counts towards the revenue!
Linufix payment switching architecture comprises of loosely couple, independent building blocks that make it logically easy to understand by software team and safe to build and rebuild while scoping out the change from the rest of the system. For instance, the key and certificate management is totally independent of core transaction processing or loadbalancing between incoming and outgoing links are completely transparent to the financial logic layer and so on.

Managing keys and certificates

One big pain that is seen almost in all PSP businesses: There is always a secret key, clearly stored in the database somewhere. The key is often the switch master key that needs it to make the very first connection to security module for link encryption and pin translation. This is clearly a security flaw but often ignored by business until something very bad happens.

Linufix is equipped with a software security vault that makes it utterly difficult for even top notch developers who may have access to the production switch and database to see the master keys.  

Handling big data

There are potential of defining many efficient operational processes on top a well-integrated data but many PSPs have difficulty collecting their transaction in a cohesive manner.
Linufix resolves the problem with collecting big data by decoupling the operational database from the data warehouse. The operational database will be a light supper fast database that remove the burden of big bulky databases that can turn out to be a performance bottleneck. The data warehouse, on the other hand is fed with stream of incoming data without imposing any delay overhead on mission critical realtime operations of core transaction engine.  

Upgrade downtimes

Service downtime imposes an enormous costs to service provider.
Linufix is built upon LXC container technologies. This technology makes it possible to hotplug instances of Linufix switching system in a live environment without disrupting the ongoing service. For more information on how to achieve this mission, please read another post here.

Data transmission security 

Payment processors often spend extra on MPLS or dedicated link encryption and load balancing.
Built-in loadbalacing, SSL/TLS and VPN services offered by Linufix out of the box, saves businesses from more allocating these extra costs.

Linufix workshop - Running a Payment Switch

In this section, we cover how to trigger your first purchase transaction from a simulator towards Linufix.

Requirements

- Download the latest version of Linufix from here. Following the deployment instruction in the Linufix official website or simply download the Linufix virtual machine from here. Running a virtual machine is fairly easy. Please follow the instructions listed here.

- Download the latest version of Macronodes Finsim from here.

Steps to setup the Payment Gateway and test it

1- Turn on Linufix machine. After boot completed, open a terminal and run the payment switch service via:

service eft_switch start

2- Run Macronodes Finsim from Applications menu and enter the Linufix machine IP address. Leave the port number to be default as 8585.

3- Build the authorization transaction, select ISO 8583 format and enter the amount. Leave other fields with their default values.

4- Send the transaction and receive the response.

Linufix Performance

Linufix switching platform can handle thousands of transactions per second. In order to benchmark the performance, reboot the Linfuix machine and open a terminal after boot completed and enter following command:

service eft_switch start benchmark

Then in the Macronodes Finsim, check the benchmark bottom and enter TPS. At anytime you can stop the benchmark in the Finsim and see the statistics.


0 comments: