What’s driving the need for modernizing payment applications on the HPE NonStop platform? And what are the most effective methods of doing so?
The payments industry is undergoing rapid change, which introduces many reasons for modernizing payment applications. The key drivers for modernizing payment applications fall within two main categories: business and regulatory.
Looking at why organizations need to modernize their applications, there are three main business drivers.
The first is the shift from branch-centered to customer-focused services, particularly prevalent in banking and spurred by competition from new entrants into the payments space. Investments in big data and analytics, customer relationship management (CRM), and enterprise IT integration underpin this driver.
The next business driver is a shift to mobile banking and self-service. Factors propelling this trend include omnichannel architecture, mobile/near-field communication (NFC) banking, and cloud services (e.g., software as a service [SaaS], platform as a service [PaaS]).
The third business driver is competitive pressure on merchants and financial technology (i.e., Fintech) companies. Fierce competition is driving innovation and development of new services. Providers are focused on solutions that lower transaction prices, deliver faster payments, and assist in the transition from cash to non-cash payments. A significant trend is the pressure to develop real-time payments and real-time settlements.
Evolving laws and regulations are omnipresent but there are two major regulatory drivers for the payment industry.
The first is the Payment Card Industry Data Security Standard (PCI DSS) Version 3.2. This updated regulation, released in April 2016, provides new sub-requirements for service providers under Requirements 3, 8, 10, 11, and 12. In addition, there are now extended deadlines for migrating from older to newer versions of Secure Sockets Layer (SSL)/Transport Layer Security (TLS) encryption by June 2018.
The second main driver, particularly for European institutions and those who serve European customers regardless of geographic location, is the emphasis on new data privacy regulations (e.g., the General Data Protection Regulation). New regulations provide requirements for the rights of data subjects, including administrative (i.e., financial) penalties for institutions that allow data breaches.
Options for Modernizing Applications
With these industry drivers in mind, one can choose from three options for modernizing applications. The first is to develop a new application from scratch. This is the most expensive and riskiest of the three options, evidenced by these projects’ low success rate, particularly in banking. As an example, one European bank that announced it would build all of its tech from scratch. Several months later, the bank scrapped those plans after spending more than €1 million on this project.
The second modernization option is to replace an existing payments application with a new one. For example, many organizations consider replacing BASE24 classic with BASE24-eps or other solutions. The main challenge with this option is carrying forward all the legacy application’s existing functionality. This option often results in functionality trade-offs, which can reduce technical feasibility and/or return on investment (ROI).
The third option is “in-place” modernization. As the name suggests, this option leaves the core legacy application in place while modernizing and/or extending it. This option is the least expensive, least risky, and most expedient. It guarantees the continued availability of all existing functionality.
Fundamental Challenges to Modernizing Applications on NonStop
Right now, there are two fundamental challenges to modernizing applications on the NonStop platform. The first is the sheer amount of high-visibility developments taking place in the Linux, Unix, and Windows (LUW) world. This is especially true for mobile and web payments applications.
The second challenge is that NonStop, “out of the box” (i.e., with BASE24), cannot directly talk to other applications in the LUW world. LUW’s current and likely future role in mobile and web applications and platforms guarantees continued relevance. This reality sets up two possible outcomes for NonStop systems:
- They can be modernized to fit within the organizations’ broader IT infrastructure (i.e., LUW); or
- They will be phased out and the functionality moved to replacement LUW applications and platforms.
The latter outcome is seen as unnecessary as NonStop systems can quite easily be modernized to communicate with LUW-based technology (e.g., software-oriented architecture [SOA], web services, etc.). Phasing out NonStop is also less preferable, because it deprives organizations of NonStop’s unique benefits, such as high availability, reliability, and security of payment applications.
So, if modernizing applications is such an affordable, feasible, and proven solution, then why aren’t more institutions doing it? It partly comes down to a communication issue between NonStop owners,the business and LUW representatives. In almost all cases, the problem is exacerbated by the existence of different teams (NonStop and LUW) who speak different languages. For instance, NonStop group talks in BASE24 lingo about Enscribe, PTLF, TAL, CSM, and CAF. Meanwhile, the LUW teams talk about virtualization, DevOps, Agile, SQL, and SOAP.
In many cases, the problem also stems partly from NonStop’s lack of visibility to the business and LUW teams. Because LUW is more visible to the business, and is therefore known to add value, LUW is where new development happens. LUW teams are receiving budgets and the green light to move forward with projects. Meanwhile, because NonStop’s role and benefits are often not visible to or known by the business, these teams face budget cuts and very little new development.
LUW people have no intrinsic interest in NonStop. And because they are working with the technologies that are visible within, and perceived to add value to, the business, they are not compelled to take an interest in NonStop issues. Therefore, it can be concluded that, given the current situation, NonStop owners must take the initiative to talk about application modernization.
A McKinsey insight report nicely summarizes the current situation: “Companies in all industries are experimenting with two-speed tech platforms: rapidly developing innovative website and mobile applications on the front end to facilitate better interactions with customers while continuing to run standardized legacy systems on the back end to ensure data security and reliability." In the payments industry, this plays out as LUW providing front-end tech and NonStop providing back-end tech.
Achieving the Best of all Solutions
In an ideal world, there is an opportunity to achieve the best of both solutions. LUW offers cost effectiveness, cutting-edge development frameworks, cloud-based solutions, and – perhaps most importantly – the ability to get budgets approved for new projects. Meanwhile, NonStop adds value to the business via database integrity and scalability, “five nines” (99.999%) uptime, and legacy applications that provide rock solid existing services via Pathway. It is rather obvious that both groups (NonStop and LUW) have something to offer to and gain from the other.
comForte has been involved in may modernization projects for customers over the years. As an example, these three projects were carried out recently:
- The first examined a project in which an SOA-enabled BASE24 system was able to communicate with LUW systems resulting in better integration in the IT environment.
- The second project successfully transitioned the application and data from an Enscribe to SQL database enabling all applications to use SQL across the enterprise.
- The third project was a security-focused modernization project that implemented tokenization and point-to-point encryption (P2PE) for a better overall data protection.
As daunting as it may seem, NonStop application modernization does, in fact, offer hope as much as hype as outlined above. However, the challenges highlighted must be addressed directly and sooner rather than later, or else NonStop very well may have a limited lifetime in some organizations. That would be a shame as NonStop and payment processing is hard to beat combination as anyone in the NonStop and Payments space will confirm.
This article was published in “The Connection” Nov/Dec 2016 edition.