Cloud Architecture

Credit Card Tokenization System

PCI-DSS compliant tokenization system replacing raw PAN storage with secure tokens, bridging AWS with on-premise BankCore servers.

Client

Telered

Year

2025–2026

Duration

5 months (Sep 2025 – Jan 2026)

Role

Analyst Developer / Applications Architect

The Challenge

Eliminate raw credit-card PAN storage across legacy systems under strict PCI DSS constraints, while preserving real-time integration with on-premise BankCore servers that can't move to the cloud.

The Solution

Designed a hybrid-cloud tokenization service running on AWS (Node.js on Lambda, DynamoDB, API Gateway, KMS for key management) with Fortinet VPN tunnels bridging AWS to on-premise BankCore. Token vault kept in-cloud, detokenization flows audited end-to-end.

Key Results

PCI DSS compliant token vault deployed

On-premise BankCore integrated via secure Fortinet tunnels

Zero raw PAN persisted outside the vault

End-to-end audit trail for every token operation

Technologies Used

Node.jsAWS LambdaDynamoDBAPI GatewayKMSFortinetBankCoreCryptographyPCI DSS

Related deep dive · 5 min read

Bridging On-Prem BankCore to AWS: Building a PCI-DSS Tokenization Platform

Notes from building a credit card tokenization system at Telered — Node.js on AWS Lambda, talking to legacy BankCore servers across a Fortinet site-to-site VPN, under PCI-DSS scope.

Previous Project

Chatbot Customer-Journey Integrations

Next Project

Electronic Signature System

Want to chat about a role?

Open to senior backend, applications architect, and cloud engineering roles — full-time or contract, remote or relocation.

Get In Touch