Consumer & Commercial Payments
April 26, 2024
What is this article about? Payments companies are moving away from the restrictions of POS systems for a cloud platform.
Why is this important? Choosing between a private and public cloud-based system is a complicated but important decision for companies wanting to protect services during times of stress.
What’s next? Companies need to conduct a full assessment of their needs before opting for a suitable platform. The future could see better multi-cloud/cloud agnostic systems.
As more organisations move to a cloud-based payments platform, the decision on whether to opt for a private or public cloud will depend on what is most cost effective for a firm.
Legacy infrastructure is being rapidly abandoned by banks and other large organisations that are fighting to stay competitive against emerging Fintechs.
Consumer and corporate payments must be instant and agile. Cloud-based payments have the potential to solve the inadequacies of legacy infrastructure but organisations entering this space are struggling to navigate the tricky question of whether to opt for a public or private cloud platform.
Experts say the industry trend has been to opt for public clouds. Companies that opt for a public cloud-based payments system enjoy better security, a larger server space and less disruptions ‒ all at an attractive price point.
However, others argue that the choice is not that simple.
“It will depend on the bank or organisation,” says a payments expert at a UK bank. “If your traffic is predictable and it’s not going to grow massively, and you don’t get huge payment spikes then it may not be worth it.”
A public cloud is suited for organisations that get violent swings of payment traffic. This is because public cloud platforms have large servers and data space, so it is easier to vertically scale up and cope with spikes in payment traffic.
“I would go for the public cloud deployment and the benefits of that are obviously that the cloud providers are effectively managing your data centres,” explains Michael Mueller, CEO of Form3, a UK-based cloud-native payment processing platform that has helped banks such as Nationwide move its payments systems away from its legacy infrastructure.
Commercially, the public cloud is also very attractive, according to Mueller. “Public cloud providers invest a lot of money in infrastructure, so they typically have redundancies between regions and respective failover contingencies, because those providers really can’t afford any breaches,” he explains.
Despite the blatant advantages of using a public cloud, some banks still opt for the private cloud option for their payment platforms.
“There are some banks who rely on private cloud deployment even for cloud native technology. They do prefer to have the traffic in their own infrastructure,” says Mueller. “I don’t really know if there are entirely rational arguments for that in terms of cost, security or resilience, but they prefer it.”
The main concern for using a public cloud for a payments system is vendor dependency.
The public cloud provider market is dominated by three giants: Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Services. There is also IBM and Oracle clouds, but they have a smaller presence when compared to the aforesaid three dominating forces.
For companies looking at an exit scenario, such as moving from AWS to Microsoft Azure, it can be an incredibly difficult task. Therefore, some firms are using a variety of tactics to manage the risks of cloud failure.
Sulabh Agarwal, global payments lead at Accenture, says manyK organisations are using “multi-region deployments provided by the same cloud provider” to manage the risk of a failure with cloud infrastructure. “Some are also taking a multi-cloud/cloud agnostic approach to plan for a potential failure scenario, which is more complex and expensive to deliver and run,” adds Agarwal.
Cloud agnostic is where companies can run payments system on more than one of the public clouds. It’s a good idea in theory but executing it is challenging.
“A lot of banks are looking at becoming cloud agnostic but it’s super difficult because it is in the interests of the cloud service providers to ensure their clients are sticky,” says a payments expert at a UK bank.
Some of the ways that cloud providers make it difficult for companies to be cloud agnostic is by having all the configuration, monitoring and support tools be unique for one cloud provider. For example, if a firm’s payment infrastructure is configured to AWS, it will require an overhaul for it to be configured to Azure.
A key issue surrounding the debate of private versus public cloud for payments is the need to achieve cybersecurity.
A common misconception is that a private cloud would be more ‘private’, but the wording is misleading. Public cloud providers have a mountain of cash behind them to invest in better cybersecurity infrastructure.
Creating a secure public cloud payment infrastructure can be an insurmountable challenge for smaller companies lacking in resources.
“Some companies may not fully trust public cloud yet or require greater control,” says Agarwal. “Some banks are going for a private cloud because they believe it gives them more control, and to take advantage of a cloud native architecture stack.”
Arguably, the largest public cloud providers have more robust cybersecurity due to the sheer amount of money invested in protecting their systems. For example, in August 2021, Microsoft’s CEO Satya Nadella tweeted that the company will invest $20 billion (£17.5 billion) over the next five years on security solutions alone.
Otto Benz, director of payments at Nationwide, says that when you look at the cost of it, “you can come to a position which says that in order to provide enhanced resilience, public cloud-based environment is equal, if not better than house data centre-based solution”.
Another key advantage of a public cloud-based payments platform is its ability to handle large volumes of payments with minimal disruptions. This is particularly crucial during peak payments days such as Black Friday or Boxing Day.
“It’s important to have the ability to cope with increased payments on peak days or as you go into New Years,” says Benz. “It’s useful when you don’t have to plan for, procure and execute large-scale infrastructure renewal programmes.”
“It isn’t cost effective for a payment provider to buy millions of servers just in case they may need that capacity in the future,” says the payments expert from the UK bank. A public cloud allows firms to scale up quickly, as and when the need arises, such as on Black Friday weekend. During more stagnant months, firms using public clouds can easily drop off.
Accenture’s Agarwal shared the same view. “With public cloud you get the benefit of sharing the ongoing investments by the cloud provider and also not needing to build infrastructure capacity for peak-day volume which happens infrequently.”
Many legacies systems do not have this key benefit of more elasticity for payment volumes during times of stress, making cloud systems attractive.
All in all, opting for a private or public cloud will depend on what is cost effective for the company in managing its payments volume, while offering good control. Companies need to conduct a full assessment of their needs before opting for a suitable platform.
Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.
Development note: Shows when the article IS from Payments Intelligence, AND when a reader is NOT a member of TPA
Development note: Shows when the article IS from Payments Intelligence, AND when a reader is NOT a member of TPA
Development note: Shows when we know someone IS logged-out, IS a subscriber and IS a member (i.e. Cookie “role” is NOT set to “guest, customer, non-member” and “is_subscriber” is “true”)
Join The Payments Association and unlock a world of benefits:
We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.
Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.
Please click the button below which relates to the issue you’re having.
Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association
Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.
For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.
The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.
Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.
Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.
For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.
