Skip to content
<IsaacVidal />
All Projects

Cloud Architecture

Secure-Message Orchestrator (Issuers ↔ SVBankCore ↔ IDEMIA)

Two-service Tokenization platform at Telered: a Node.js + AWS orchestrator that brokers card-payment messages between issuing banks, our SVBankCore core-banking system, and IDEMIA — plus a Java PaymentGateway that adapts SVBankCore's legacy protocol on the back side. Neither service stores or generates tokens, keeping PCI-DSS vault scope from expanding.

Client

Telered

Year

2025–2026

Duration

5 months (Sep 2025 – Jan 2026)

Role

Analyst Developer / Applications Architect

The Challenge

Move card-payment messages between three independent systems — multiple issuing banks, Telered's SVBankCore core-banking platform, and IDEMIA's card-personalization services — under a hard constraint: do not store or generate card tokens, since taking on a token vault would expand PCI-DSS audit scope across the organization and trigger ISO compliance work we couldn't justify.

The Solution

Shipped two services. The Orchestrator (Node.js on AWS) re-shapes, re-signs and re-encrypts each inbound message for its destination, never persisting message bodies — only correlation IDs and result metadata. Each hop uses its own certificate trust and encryption envelope; data in flight at one hop is unintelligible at another. The PaymentGateway (Java) sits between the Orchestrator and SVBankCore, adapting the modern message shape to/from SVBankCore's legacy protocol so each side can evolve independently. Authentication is per-counterparty (mTLS to issuers, signed payloads to/from IDEMIA, internal IAM for SVBankCore). Logging captures who/when/what-type/result without ever touching a PAN.

Key Results

Three external systems brokered through a single auditable hop

Zero card data persisted at rest across either service

PCI-DSS scope held to service-provider only — no vault scope expansion

End-to-end correlation IDs let any failed message be diagnosed without exposing message bodies

Clean Node.js / Java split lets each service evolve at its own pace

Technologies Used

Node.jsJavaAWSPCI DSSmTLSCryptographyMessage OrchestrationISO ComplianceSVBankCoreIDEMIA

Related deep dive · 6 min read

Bridging Issuers, BankCore, and IDEMIA: a Secure-Message Orchestrator That Stays Out of PCI-DSS Scope

Notes from building a Node.js + AWS orchestrator at Telered that brokers card-payment messages between issuing banks, our internal core, and a card-personalization vendor — without storing a single PAN. Plus a Java PaymentGateway that adapts the SVBankCore protocol on the back side.

Previous Project

Chatbot Customer-Journey Integrations

Next Project

Electronic Signature System

Want to chat about a role?

Open to senior backend, applications architect, and cloud engineering roles — full-time or contract, remote or relocation.

Get In Touch