Transforming Payments: Token and Zitec Launch a PCI DSS Platform in Record Time

The Market

According to McKinsey, fintechs are a driving force for modernization and customer satisfaction in Europe’s financial services sector. In each of the seven largest European economies, at least one fintech ranks among the top five banking institutions.

However, more than half of European countries have fewer than 10 fintech companies per million capita, compared to 30 fintechs in Ireland and Switzerland and 26 fintechs in the UK. On average, the top five countries have 25 fintech companies per million residents.

The Challenge

Three main challenges had to be addressed:

• The platform needed to be EU-compliant and easily scalable across multiple countries, providing the flexibility required for rapid expansion. Additionally, it needed to secure regulatory approval from the National Bank of Romania (BNR) and support the secure handling of sensitive payment data.

• High levels of security were also critical to achieving PCI DSS compliance, minimizing fraud risks, and obtaining certification from an accredited auditor.

• A seamless user experience was also essential to improve merchant acquisition and reduce onboarding friction. Token aimed to deliver an intuitive, efficient process that would attract merchants and streamline their integration into the system.

More so, the project came with several complex technical requirements, given the sensitive card data involved. Hence, Token Financial Technologies sought a trusted IT partner to develop a PCI DSS-compliant online payment platform. They selected Zitec for proven expertise in fintech solutions, innovative architectural approach, and a highly skilled team.

The Solution

In less than nine months, Zitec delivered a scalable payment platform: Odero PAY, using a microservices architecture and agile development practices, achieving PCI DSS compliance. The project focused on three key milestones:

1. PCI DSS Audit

To meet PCI DSS standards, we implemented a dedicated Kubernetes cluster specifically designed to handle sensitive cardholder data securely. This included end-to-end data encryption across cloud components such as databases, logs, and caches.

The team also developed a terminal router framework to manage payment routing logic and ensure seamless integration with Banca Transilvania and Romcard for bank connections. Real-time monitoring of cluster activity was achieved using Falco, providing proactive detection of unauthorized access and modifications.

2. Merchant Onboarding Flow & Admin Interfaces

The solution optimized the merchant onboarding process by incorporating automated KYC/KYB checks and building user-friendly admin dashboards for seamless transaction management. These admin interfaces support real-time insights and include Client SDKs for easy integration by merchants. AWS Secrets Manager was employed to handle sensitive credentials securely, keeping environment variables separate from the application code.

3. Minimum Viable Product (MVP)

The MVP was designed to support card payments and marketplace transactions. To prepare for future scalability, Zitec implemented Terraform configurations to streamline infrastructure provisioning and maintenance. This approach ensures the platform can adapt quickly to support additional features, such as :

• BNPL (Buy Now Pay Later)

• Apple Pay

• Google Pay

The Impact

The collaboration between Token Financial Technologies and Zitec resulted in a series of impressive outcomes:

• By achieving PCI DSS certification and adhering to European Banking Authority (EBA) guidelines, Token secured its position as a trusted provider in the European payments landscape.

• The platform’s swift delivery in under nine months allowed Token to seize market opportunities and expand ahead of schedule.

• Additionally, the microservices architecture reduced development and operational costs while ensuring scalability for future growth. This architecture supports the integration of diverse payment methods, which positions Token to respond to emerging trends like BNPL and digital wallets.

The project established a secure and flexible payment ecosystem that boosts merchant acquisition and streamlines transaction management across multiple markets.

“Collaborating with Zitec for the development of our Odero PAY online payment platform was a great experience. The team at Zitec had strong technical knowledge and went beyond expectations in terms of project management, advanced and scalable architecture e.g., cloud computing, microservices, Kubernetes, and security. Our platform was delivered with high uptime and a great user experience. Additionally, they have supported us during PCI DSS certification to ensure the security and compliance of our product. They are agile, professional, friendly, and very accommodating to our needs as a business. We highly recommend them and will continue to refer them to our merchants.”

Uğur Halatoğlu, Chief Technology Officer, Token Financial Technologies

Looking ahead

Token plans to introduce new payment features such as BNPL (Buy Now Pay Later), Apple Pay, and Google Pay for their merchants to make the customer experience more convenient and seamless.

Furthermore, they will expand cloud-based services in countries of the European Union so that merchants can have more opportunities to reach out to customers and maximize their sales potential.

Forging partnerships with local banks and payment providers to boost market reach is also on their radar, and so is evaluating new technologies to improve current solutions.