From Vision to Implementation: A SaaS e-Commerce Solution for the Gift Card Processing Industry

Executive Summary

Cardganize is a family owned business and their mission is to support gift card buyers. When the company first started, they quickly discovered there was no industry-specific management solutions available. So, they decided to create an all-in-one management tool for subscribers that tracks their gift cards from purchase to profit.

Cardganize understands the current limitations involved with managing the various aspects of gift card buying and reselling. Staying organized, tracking customers, enabling compliance with increasing industry regulation, mitigating potential fraud, and managing profit/loss margins are just a few of the challenges involved in managing a gift card business.

The Challenge

As opportunities arise in the marketplace for new products or services, those products or services start off fragmented as companies discover new ways to serve their customer base. Over time, as they begin to determine how to optimize those products or services, companies begin to refine how they deliver these valuable commodities and ultimately reduce lost profit and fraudulent activity.

Like many other industries that have come before it, the gift card exchange industry has experienced huge growth over the last decade. But with the growth come challenges related to managing gift card exchange manually or adhering to regulatory guidelines that are changing rapidly. Overall, it is still a very tedious process for gift card exchange businesses to purchase cards from the public and then resell them to third parties. The current process leaves room for human error and potential fraud at a time when establishing a consistent and structured process of buying and reselling gift cards is the key to the industry’s long-term success.

The ClearScale Solution

Cardganize recognized this opportunity and approached ClearScale, an AWS Premier Consulting Partner, to develop a SaaS Point-of-Sale (POS) solution, called a Gift Card Management Tool, to help overcome some of the deficiencies they saw in the existing manual exchange process. The client had envisioned an end-to-end SaaS POS solution which could be accessed by any number of businesses wishing to purchase gift cards from customers for cash value then reselling them on the secondary market.

Cardganize’s goal was to have ClearScale develop the solution, deploy it, and provide ongoing development and maintenance of the system. They hoped that this approach would offer them a cost-effective solution that was flexible and scalable as required. The system needed to be easy to understand and use for a variety of different user types, from cashiers to system level administrators and managers. Cardganize also needed their solution delivered on a very tight schedule. They knew that one of their busiest times of the year was immediately following the Christmas holiday season, so they engaged with ClearScale in the summer in the hopes that it would be delivered and tested before the holiday season.

1. SaaS Application Design and Development:

An initial comprehensive cost analysis of the project was performed for the client by ClearScale once all of the specific requirements were reviewed. Since Cardganize needed design expertise, ClearScale took time to properly model out the entire system end-to-end to make certain that it would meet the immediate needs, but that it would also be flexible enough to build on additional features and API integrations in the future without extensive code rewrites.

From there, ClearScale began building out the front-end experience in HTML5 and Bootstrap and coupled it with a robust backend that was built with Java on a JVM-based web server and leverage with Apache Wicket. For the database, ClearScale opted to implement PostgreSQL to support long-term viability of the schema model they had designed for the SaaS POS solution.

Early on, ClearScale decided on a web-based front-end that would help drive the adoption and deployment costs down while at the same time providing rapid application development and deployment cycle. Coupled with extensive support for modular HTML components on the server (implemented with Apache Wicket), this choice allowed ClearScale to roll out new UI functionality quickly and reliably.

Primary users of Cardganize online application are the cashiers and management at gift card retail stores. The Point-of-Sale (POS) software is designed for flexibility and can easily handle large data entry activities and reporting on a wide range of hardware. Using responsive layout with support from the Bootstrap framework, the ClearScale team has successfully adapted all data entry forms to a wide range of different screen sizes. Depending on the screen size, the layout changes to fit the screen better: from a wide multi-column layout suitable for large screens to a single-column one designed for smaller devices.

Web Application Data Entry Page

On the server side, web UI is backed by a set of Apache Wicket components that implement the user experience in a uniform way. While traditional approaches to building web applications require some duplication between the frontend code and backend code such as data validation, conversions, etc., component-oriented approaches such as Apache Wicket localize the code on the server side, deriving the UI code automatically. For instance, a page displaying a list of orders can be modeled with the following nested components, each handling its own piece of functionality.

A component diagram for the Orders page

When the page is displayed in the browser, each component will deliver its HTML and JavaScript code to the browser. It will then seamlessly talk to its server-side code to handle user input and other events, and update its UI:

This approach to frontend code has played out well, allowing the ClearScale team to focus more on the essential business tasks and rely on the framework code to handle client-server communications.

For the data access layer, ClearScale chose to use JBoss Hibernate Object-Relational Mapper (ORM) library, backed by a PostgreSQL database. Hibernate enables quick yet flexible mapping between database concepts and Java code, allowing rapid application development. Despite being a high-level framework, Hibernate delves down to plain SQL code when advanced database functionality is required. Because Cardganize stores info on business transactions, a database with support for ACID transactions and comprehensible reporting was required. PostgreSQL, a production-grade open-source database management system natively supported by AWS Relational Database Service (RDS) was the best fit.

Purchasing and reselling gift cards the correct way means generating significant data and reports. To help Cardganize subscribers track their progress, the company’s SaaS solution has several reports built-in, including an End-of-Day report, a Net Income report, a Loss Rate report, and a Return on Investment report. Reports were implemented as custom queries against the card and transactions database, rendered to HTML with an optional export to CSV.

Net Income Report

2. AWS Services Enablement:

At the same time the initial SaaS application was being designed, ClearScale was building out the AWS services infrastructure that was going to be necessary to ensure success once it was ready for production. To accomplish this, ClearScale configured the client’s S3 buckets and implemented AWS Elastic Beanstalk, a service that creates AWS EC2 instances inside of an Auto Scaling Group with a single AWS Elastic Load Balancer (ELB). By doing this, ClearScale was making sure that as demand for the application grew, the client’s AWS implementation would scale and balance traffic evenly allowing for flexibility in usage without impacting performance.

System Architecture Diagram

To further provide the scalability and reliability the client was looking for, ClearScale implemented the solution across several Availability Zones (AZ). Not only would this provide increased availability to customers that used the SaaS POS solution, regardless of where they were located, but it also provided some additional peace of mind by allowing for data replication should an AZ become unavailable at a critical time. AWS CloudWatch would monitor the Relational Database Services (RDS) PostgreSQL databases and scale them as needed once a certain threshold was reached. This would provide high performance and availability of the database so that it could scale according to demand. In turn, CloudWatch provides both server and application level metrics that allows system administrators to monitor ongoing performance of the application in the AWS instance.

To properly encrypt the data, ClearScale leveraged AWS Virtual Private Cloud (VPC) augmented with AWS EC2 Security Groups and Identity Access Management (IAM) services. All data at rest would utilize AWS Elastic Block Store (EBS) and Key Management Services (KMS), and during data transit secure SSL connections, both to internal and external sources, would be used. All database setups would be required to use SSL for all user connections, both for replication and communication with the apps servers.

3. Multi-Tenancy:

Cardganize built a SaaS business with the owners of gift card retail locations in mind. They trust Cardganize to handle their gift card transactions and customer information securely and cost-effectively. To secure the subscribers’ data from accidental access by another subscriber, ClearScale developed the code to provide each subscriber with a separate database instance. Once a user logs in under their master account, all subsequent operations are performed with separation from other user accounts. This is accomplished with multiple accounts within the user’s master account as well. To prevent leaks of sensitive data, all data is protected using AWS Relational Database Services (RDS) encryption.

4. Integration:

Being a Point-of-Sale (POS) solution, Cardganize application needs to integrate with POS hardware such as receipt printers and web cameras used to take photos of customers. This features present a natural difficulty for a purely web-based SaaS solution. ClearScale successfully solved this problems using WebRTC (Web Real-Time Communications) APIs to capture images.

New Customer screen with an integrated webcam capture

Additional hardware integration projects that will further enhance security, like fingerprint scanners integration, are already under-way.

The secondary gift card market is a fast growing industry with a large number of online gift card resellers that Cardganize subscribers need to be able to work with. Each reseller has its own workflow and integration methods, so Cardganize SaaS solution needs to be flexible enough to be able to integrate with them. ClearScale’s solution currently allows integration with multiple online resellers and provides subscribers with additional controls to integrate with additional sellers through the configuration UI. The current solution is centered around the exchange of CSV files, with API-based capability close.

The Benefits

ClearScale developed the SaaS solution and provided both a staging and production environment within AWS to the client. Partnering throughout the development and rollout stages, both ClearScale and Cardganize were able to quickly identify key areas of concern and, in turn, resolve the issues found prior to the final solution being launched in mid-December. The initial rollout of the SaaS solution provided some key improvements over the error-prone manual method the client had previously used. Specifically, it allowed for image capture of the customer ID as well as the gift card being exchanged for cash, bulk management of gift cards that had been purchased from customers, and CSV exports of gift card information that could be uploaded directly to the third-party resellers account.

With the increased need of the gift card industry to fall under regulatory control, Cardganize and ClearScale continued to make improvements on the original application to support the many facets of local, State, and Federal regulations that will evolve over the coming years. This will allow other companies that Cardganize works with to leverage a customized SaaS POS experience based on their particular needs or regulatory mandates. ClearScale is implementing further improvements, include better integration with third-party resellers and law enforcement systems through REST APIs. This will allow the proper cataloguing of all gift cards that have been purchased and resold in the market, reducing the risk of fraud and operational cost.

Cardganize’s goal was to deliver a cost-effective multi-tenant POS solution that’s scalable, flexible, secure, and easy-to-use. ClearScale was able to meet each one of these requirements based on how the project was modeled and developed in partnership with the client. The initial Cardganize SaaS POS solution was delivered in time for the busy holiday season and the customer saw immediate benefit from using the new system. Through ongoing engagement with ClearScale, the solution will continue to evolve based on client and industry needs, and an ever-changing regulatory landscape.