Real-Time Payment Processing on AWS | Rewards360 Case Study | Rapyder

Introduction:

Rewards 360 Pvt. Ltd. is a fintech-specialized payment processing company founded in 2016 and headquartered at Bengaluru. Rewards 360 Pvt. Ltd provides real-time reward calculation and settlement services to India’s card-issuing banks and NBFCs.

Client:

Rewards 360 Pvt. Ltd

Industry:

Payment/Financial Technology

Offering:

24/7 Managed Services & Consulting

AWS Services:

1. API Gateway + Lambda
2. Amazon MSK
3. EKS + KEDA
4. Aurora PostgreSQL
5. CloudHSM + S3 KMS
6. EventBridge + Lambda
7. Redshift + QuickSight
8. AWS KMS
9. Network Firewall + WAF
10. CloudWatch + X-Ray
11. Backup + Cross-Region Replication

The Challenge:

The legacy system was a monolithic J2EE application on bare-metal servers, tightly coupling payment processing, reward rules, and ledger posting — a critical anti-pattern in payment systems that limited scalability and resilience. This legacy infrastructure had the below PCI-DSS & RBI Compliance Gaps.

• Cardholder data stored unencrypted in Oracle tablespaces; no field-level encryption
• Manual HSM key rotation with no audit trail; not attestable for PCI-DSS
• Audit logs scattered across syslog; 8-week manual aggregation required for PCI-QSA audits
• Partial network segmentation; cardholder data environment not fully isolated
• No real-time compliance reporting: quarterly RBI submissions required manual evidence

The Solution: Strategic Implementations

Rapyder engineered a secured & regulatory compliant infrastructure based on the below design principles.

• Event-Driven Settlement: All payment events flow through Amazon MSK, eliminating synchronous coupling. Enables independent scaling and resilience per component.
• Secure-by-Design: PCI-DSS Level 1 from inception: CloudHSM for keys, VPC isolation, encrypted flows, immutable audit logs to S3 WORM.
• Elastic Scaling: Containerized services on EKS with KEDA autoscaling; scales 500-15,000 TPS in <90 seconds based on actual Kafka consumer lag.
• Data Residency Compliance: All cardholder data in AWS ap-south-1 (Mumbai) and ap-south-2 (Hyderabad); zero cross-border transfer.
• Ledger ACID Compliance: Aurora PostgreSQL with optimistic locking; prevents double-posting of rewards under any failure scenario.
• Observability-First: CloudWatch + X-Ray distributed tracing; MTTD <3min (vs. 45min); MTTR 22min (vs. 4hrs).

Technical Impact:

• Auth Capture: Card auth events from payment switches forwarded to API Gateway within 20ms. Events include transaction amount, MCC, cardholder ID, program ID.
• Enrichment: Lambda enriches events with card program metadata (tier, eligible MCCs, multipliers) from ElastiCache; sub-5ms lookup.
• Computation: Enriched events published to MSK. EKS rule engine consumers process in parallel; P99 latency 62ms.
• Ledger Posting: Computed rewards posted atomically to Aurora with optimistic locking; prevents double-posting under retries.
• Notification: SNS + SES deliver real-time confirmation to cardholders within 2 seconds.
• Reconciliation: EMR (Spark) runs end-of-day reconciliation against network settlement files; exceptions flagged.

The Business Impact:  Impact Engineered by Rapyder

The solutions delivered measurable operational and strategic benefits to customer:

• • Real-time Settlement: Rewards now credited within 2 seconds (vs. T+1 day). Cardholder NPS improved 18 points.
  • Hyper-Personalization: SageMaker-powered offer personalization enabled context-aware rewards (e.g., 5x points on coffee shop visits).
  • Reduced Disputes: Reward disputes dropped 74%. Reduced cardholder call center load.
  • New Products: Launched EMI-linked rewards and co-brand offer management, infeasible on legacy architecture.