Finix | Enhancing Identity and Access Controls Through Secure AWS Architecture

Executive summary

This case study examines how Nova, a consultancy firm with expertise in fintech solutions, partnered with Finix Payments, a Series C start-up specializing in digital payment solutions, to resolve significant reliability issues with in-person credit card payments. The collaboration led to the implementation of a robust system that ultimately improved transaction success rates, increased customer satisfaction, and supported Finix’s growth trajectory.

 

The challenge

The reliability issues experienced by Finix manifested in the following ways:

• High transaction failure rates: 15% of in-person transactions were failing, leading to lost sales and reduced customer trust.
• Inconsistent connectivity: Many merchants reported connectivity issues, particularly in lower-signal areas.
• Slow transaction speed: Payment processing times exceeded acceptable limits, affecting customer satisfaction and merchant operations.
• Security Concerns:
  • a) AWS security best practices for authentication and authorization were not fully implemented.
  • b) Lack of centralized governance and visibility across multiple AWS accounts.

 

Why AWS?

AWS Control Tower and Organizations contribute significantly to enhancing security in an AWS environment. When used together, they offer comprehensive security management across multi-account environments to manage their cloud infrastructure centrally, ensure security and compliance, control costs, and automate the deployment and management of AWS resources. Tools and services, Finix was able to address gaps in visibility, governance, and identity and access management, strengthening their overall security posture with integrated, cloud-native solutions.

 

About Costumer

Figure 1 – Finix Logo

Finix Payments developed an innovative mobile point-of-sale (mPOS) system designed for small and medium-sized enterprises (SMEs). Despite initial success, the company faced recurring technical issues with their in-person credit card payment processing, leading to failed transactions and dissatisfied customers. With plans for further funding and scaling, Finix needed a reliable solution.

“AWS Organizations, Control Tower, and IAM Identity Center.”

AWS Organizations and Control Tower provide a scalable framework for managing multiple AWS accounts with centralized governance, automated account provisioning, and consistent policy enforcement using Service Control Policies (SCPs). IAM Identity Center complements this by enabling streamlined, role-based access management across accounts, allowing users to access resources securely and efficiently through a centralized interface. Together, these services simplify administration, enhance security, and support enterprise-scale cloud operations.

 

The Solution

• Comprehensive assessment of Finix’s mPOS architecture, payment gateways, infrastructure, and integrations.
• Implementation of AWS IAM for granular permissions and least privilege enforcement.
• Centralized access management with AWS IAM Identity Center (AWS SSO) across multiple AWS accounts.
• AWS CloudTrail for comprehensive logging, monitoring, and auditability of all IAM-related activities.
• AWS Organizations and Control Tower for centralized governance, automated account provisioning, and consistent policy enforcement via Service Control Policies (SCPs).
• Real-time monitoring and automated remediation for IAM incidents using AWS Lambda

Figure 2 – AWS Identity Center and AWS Control Tower

Best features of AWS IAM

• Fine-Grained Access Control • Role-Based Access
• Least Privilege Enforcement • Policy-Based Management
• Centralized Access Management via IAM Identity Center
• Granular Permissions Boundaries • Comprehensive Logging and Monitoring

 

Results and Benefits

After implementation, Finix observed significant improvements within six weeks:

• Transaction failure rates dropped from 15% to below 1% within six weeks.
• Average transaction processing time reduced to under one second.
• Improved merchant satisfaction and long-term contract retention.
• Enhanced access control and security, reducing human errors and unauthorized changes.
• Streamlined, auditable, and compliant identity management framework.

 

Figure 3 AWS Organizations and IAM Identity Center

 

Finix multi-account architecture

AWS Services Used

• AWS IAM
• IAM Identity Center (AWS SSO)
• AWS CloudTrail
• AWS Organizations
• AWS Control Tower
• AWS Lambda

 

 

Next Steps

The partnership between Nova and Finix Payments successfully addressed critical reliability issues hindering business growth. The comprehensive solution not only resolved immediate technical challenges but also positioned Finix for future expansion and successful customer retention efforts.

Benefits

• Centralized Management – This solution provides optimal multi-account management, flowing through environment distribution for distinct types of workloads.
• Security and Compliance – Ability to implement security and compliance policies across all accounts for a regulatory requirement.
• Scalability and Flexibility – You can add different accounts through organizations and apply best practices to each one at any time. Highly flexible.

 

—

 

About Nova

Nova is a company specializing in Information Technology Consultancy Services. All our team members have one thing in common: our enthusiasm for technology and our passion for customer service excellence. We provide services in all North America, LATAM and Europe. Our headquarters are in NYC metropolitan area, and we also have offices in Guadalajara, Mexico and Madrid, Spain.