Zenus Bank
Zenus Bank partnered with Switch to build a PCI Level 1–compliant, serverless fintech solution on AWS. This solution enables secure, scalable transactions and accelerates the time to market for new digital banking services.
Zenus Bank is an American digital bank headquartered in San Juan, Puerto Rico. The company operates with an international banking license, offering Personal, Business, Corporate, and Institutional banking services directly to clients through mobile apps and online banking.
It currently serves customers in over 90 countries.
Over 40 currencies
Main VISA distributor in Latin America
Zenus offers BIN sponsorship to fintech businesses, allowing them to access Visa’s payment processing and card management services without joining a major card scheme.
The bank faced a significant challenge: developing a PCI-compliant fintech solution with the highest level of certification (Level 1) to ensure other merchants could operate securely and efficiently. This required a deep understanding of VISA's APIs and the ability to connect them to provide seamless real-time transaction communication and confirmation.
Zenus needed a technology partner with proven expertise in developing complex, cloud-based, secure fintech solutions.
They found a tech partner in Switch; they trusted our technical skills and experience to deliver the robust solution they envisioned.
During the project, we:
- Analyzed transaction workflows to ensure secure and compliant processing, meticulously mapping out each step and identifying the proper channels, freeing the end user from the complexities of secure transaction management to enable instant payments.
- Assessed response times for each transaction type, prioritizing low latency and ensuring optimal performance where required.
- Defined the need for scalable infrastructure to accommodate future growth and fluctuating transaction volumes.
From the outset, our team recognized the critical importance of agility for this project. As AWS partners, we determined that a serverless architecture was the ideal solution for this use case. This approach enabled seamless communication and support for high demand and significantly streamlined the PCI certification process required for the project.
By adopting a serverless infrastructure, we reduced the security burden associated with PCI DSS compliance. We streamlined the PCI mandatory external audit process and focused on business by delegating many security responsibilities to AWS-managed services. This approach minimized the need for extensive security documentation and testing, saving time and resources.
While achieving PCI DSS compliance was a crucial step, we knew it was essential to integrate security throughout the software development lifecycle (SDLC) for lasting protection. This includes secure coding practices and regular reviews of security controls.
After addressing the application status report and implementing enhancements, we continued with the secure SDLC, establishing a strong foundation for future audits and instilling a more organized and efficient workflow across the team.
Thanks to the proper configuration of AWS Security Hub, we can research a comprehensive inventory of data, status, and documentation required for the audit. This proactive approach enabled us to stay ahead of the audit process and continuously improve our security posture with the development team.
.avif)
- Achieved Level 1 PCI certification (for processing over 6 million transactions per year) and went live in a remarkably short timeframe of just a few months—a process estimated to have taken twice as long without the advantages of our AWS serverless solution.
- Designed a scalable solution: level 1 PCI certification meant the developed solution could handle any transaction volume or value, providing complete scalability for the client's needs.
- Reduced complexity of audits.
- Implemented a serverless and cloud-native app, leveraging this modern architectural approach's scalability, cost-efficiency, and resilience.
- Guaranteed a more secure environment.
Zenus solidified its position as a 100% digital bank by enhancing its connection with existing customers and opening doors to new business opportunities. By leveraging Zenus's banking platform, other businesses can now develop their products and services.
.avif)
PCI certification
Transactions per year
