“Cloud in India gave us a compliant, real-time gateway with end-to-end visibility. Reconciliation is automated, fraud is down, and we launch new rails without drama.”
Case Study: Building a Bank Payment Gateway on Salesforce
Engagement Lead: Rahul Mehta
Financial Services | Payments & ISO 20022 | Integrations & Security
“Designed for real-time rails and regulatory rigor—secure, observable, and scalable from day one.”
1. Overview & Objectives
A multi-entity UK financial services group needed a modern payment gateway to support B2C and B2B flows across subsidiaries. The solution had to orchestrate initiation → authentication (SCA) → screening → clearing → settlement → reconciliation while complying with PCI-DSS and regional regulation. Strategic objectives: (1) enable real-time payments (Faster Payments/SEPA Instant) with ISO 20022 messaging, (2) centralise fraud & AML screening with configurable decisioning, (3) deliver automated reconciliation back to ledgers and CRM, (4) provide auditability and operational resilience with active monitoring.
2. Delivery Approach
We delivered in three iterative waves to land value safely:
Discovery & Blueprint: Regulatory gap assessment (PCI-DSS, SCA), payment flows, message catalogue (pain.001/pacs.008), non-functional requirements (TPS, latency, RTO/RPO), data lineage & masking.
Foundation Build: Canonical payment model in Salesforce, MuleSoft API-led layers (Experience, Process, System), secrets management, idempotency & retry strategies, secure logging, Salesforce Shield encryption & event monitoring.
Scale & Optimise: Async orchestration with Platform Events, queue back-pressure controls, golden-path 3DS2 journeys, observability (APM, distributed tracing), blue/green release and chaos drills.
Pillars: Compliance, Resilience, Speed, Insight, Extensibility.
Why it works: Payment steps are decomposed into fault-tolerant services,
making compliance changes, scheme extensions, or fraud vendor swaps low risk and fast.
3. Solutions Implemented
1) Financial Services Cloud (FSC): Party & account modelling, mandates, payment preferences, exposure limits, relationship hierarchy across subsidiaries.
2) Payment Orchestration App (Custom): LWC console for payment lifecycle, status tracking, manual review, force-retry & RMA, case auto-creation for exceptions.
3) MuleSoft Integrations: API-led connectivity to clearing partners (FPS/SEPA), card acquirers, KYC/AML & fraud scoring, sanctions lists, and core banking/GL. ISO 20022 transformations with schema validation and idempotent message keys.
4) Security & Trust: Salesforce Shield, field-level encryption, tokenisation for PAN, signed webhooks, SCA/3DS2 step-up, role-based access with platform events for audit.
5) Reconciliation & Ledger: Event-driven postings to sub-ledger, automated receivables matching, dispute/chargeback handling and fee breakdowns; CRM Analytics dashboards for settlement gaps and aging.
6) Operational Excellence: Runbooks, canary health checks, DLQs, auto-heal flows, synthetic transactions, and RTO ≤ 30 min DR plans with data residency controls.
7) Customer & Partner Portals (Experience Cloud): Secure payment initiation, mandate management, downloadable statements, and real-time notifications (email/SMS/Push).
4. Outcomes & Impact
• Time-to-authorise: sub-second for real-time rails; < 2.5s end-to-end for 85% of card payments.
• Straight-through processing: 92% STP across domestic rails via decisioning and idempotent retry.
• Fraud loss rate: reduced by 37% through adaptive rules and step-up SCA.
• Ops productivity: 45% fewer manual reconciliations; exception backlog reduced by 60%.
• Audit readiness: full lifecycle trace with immutable event logs and SoD controls.
• Business agility: new scheme onboarding in weeks via reusable ISO 20022 assets.
Next step for your bank/fintech: Start with a 6-week foundation—map target flows, stand up ISO 20022 assets, integrate one real-time rail, and operationalise observability—then scale to additional schemes and use cases.