Security, meet scalability: WePay moves to the cloud
At WePay, security is our most important product, the thing that underpins everything we do. When you’re responsible for moving billions of dollars of other people’s money, believe me, security is never far from your mind. Yet at the same time, we also value flexibility and reliability. We know that our partners rely on us for one of the most core parts of their business, and they drive a truly immense amount of traffic through our system each day, so any amount of slowdown or downtime is unacceptable.
That’s why we’re so excited to make an announcement that furthers all of those goals. Today, we announce that we’ve selected Google Cloud Platform as our new hosting provider. By using the Google Cloud Platform we can process our partners’ transactions in a fully scalable, highly available environment with robust security features. The new Payments Card Industry Digital Security Standard (PCI DSS) certification that Google Cloud Platform has achieved in a full cloud environment allows us to dynamically grow our infrastructure as fast as our business and our partners’ businesses demand.
Moving our hosting entirely into the cloud is something we’ve wanted to do for a long time. It will enable us to add more servers in seconds to deal with spikes in demand and give us more flexibility to do systems maintenance without impacting our customers. But as a payments facilitator, we protect our customers by complying with the highest level of the PCI DSS, and that has made the move into the cloud more complicated than it is for many tech firms who don’t deal directly with payment infrastructure. Our strict adherence to PCI DSS standards has traditionally limited us to PCI compliant hosting providers with dedicated servers.
This means that instead of being able to spin up new servers at a moment’s notice, we’d provision new servers within our dedicated environment, a process that could take days or weeks. With Google Cloud Platform, that’s no longer an issue. We can now add or remove servers within seconds to meet the needs of our customers.
No matter who you are or what you sell, if you want to accept online or mobile payments you must adhere to the Payment Card Industry (PCI) Security Standards Council. The PCI Security Standards Council is “responsible for the development, management, education and awareness of the PCI Data Security Standard (PCI DSS) and other standards that increase payment data security.”
The five founding global payment brands (AMEX, Discover Financial Services, MasterCard Worldwide, Visa Inc. and JBC International) all require anyone working with them to facilitate payments and comply with the highest level of the PCI DSS. A recent change in the PCI standard has taken into account the new wave of cloud computing, allowing companies like Google to offer cloud offerings with PCI compliance.
Being wholly compliant with PCI/DSS means that as a business we are exercising best practices to keep our customers valuable data safe and secure, our number one priority. Doing it in the cloud also makes our infrastructure more robust and scalable, letting us deliver on our promise of absolute reliability. It’s truly the best of both worlds, and we’re excited by the possibilities that this opens up for us.