Imagine being responsible for safeguarding millions of pounds worth of digital vouchers. That is what I have been experiencing for the last one and a half years. With the growing popularity of our Choice products, the demand for stocking vouchers is getting higher. So, it is not just about protecting data—it’s about safeguarding money. Digital vouchers are essentially liquid cash, and if they fall into the wrong hands, the consequences can be devastating. At every management meeting, this was one of the common topics to discuss.
Every time I see our vouchers being used by customers, I’m reminded of the responsibility to keep them safe. It’s not just about technology—it’s about trust. Digital vouchers are as good as cash, and losing control of them could cost the company millions. And, it is my responsibility as a Head of Technology to keep them secure. However, beyond the financial impact, a security breach could damage customer trust and the reputation of the Choice Platform. I had to consider all aspects of protecting the vouchers from internal and external threats.
To manage the vouchers, we developed a microservices-based platform that connects to multiple retailer APIs, collects digital vouchers, and stores them securely in our database, which is powered by SQL Server. There are facilities to store and collect non-API-based vouchers on the platform. At any given time, our system can hold up to a million pounds worth of vouchers. These vouchers are then distributed to customers through our Choice Platform, which integrates with our system to fulfil voucher requests.
Given the high financial stakes, the key elements that I have implemented to secure the whole process are –
Securing the Database
Since our SQL Server database holds digital vouchers, it is one of the most critical components for security. Here’s how we ensure its protection:
- All vouchers are stored using strong encryption. Even if someone gains access to the database, they won’t be able to use the vouchers without decrypting them.
- Only authorized services and users can access the database. We use role-based access control (RBAC) to ensure that even internal employees have minimal permissions. SA account is disabled, and a strict policy is implemented to create a user and password. Only trusted persons can access the vouchers in the database to avoid any misuse.
- We conduct regular security audits to check for vulnerabilities and ensure compliance with security policies.
- Sensitive data is masked in non-production environments to prevent unauthorized exposure.
- Backups are stored securely and encrypted to ensure data recovery in case of an attack or failure.
Securing Connections between the Systems
- All communication between our microservices and external APIs must be protected to prevent interception and unauthorized access.
- All communication between our platform and external systems is encrypted using HTTPS and TLS (Transport Layer Security). This ensures that data can’t be intercepted or tampered with during transmission.
- Every API request is authenticated using secure tokens. These tokens are time-limited and can only be used by authorized systems. If a token is compromised, it expires quickly, minimizing the risk.
- To prevent API abuse and attacks, we enforce rate limiting to control the number of requests made by external services.
Securing Vouchers in the Database
Even within the database, taking extra steps is necessary to prevent unauthorized access to stored vouchers:
- We use tokenisation, where the actual voucher code is stored in a separate, highly secure environment, while the token is used in the central system for processing and transactions. In our platform, when we collect voucher codes from retailers, we don’t store the actual codes directly in our central database. Instead, we replace each voucher code with a token. Imagine a customer redeeming a £30 SocialChoice voucher for a popular restaurant. We connect the relevant API that sends us the voucher code, say ABC123XYZ. Our system replaces ABC123XYZ with a token, like TKN789456. The token TKN789456 is stored in our central database, while ABC123XYZ is securely stored in a separate location. When the customer redeems the voucher, our system uses the token
TKN789456to retrieve the actual codeABC123XYZfrom the vault and complete the transaction. - Voucher details are only accessible for a limited time. If they are not used within a set period, they become inaccessible until explicitly requested again. We also move the vouchers that are delivered to an archive location after a certain period of time to minimize the load of the database and reduce risk. If the user requests to redeliver a voucher after that(unlikely), the application connects the archive database to redeliver the voucher.
- We log every access to the voucher data and monitor for any unusual activity. Suspicious access attempts trigger automatic alerts.
Securing from External Threats
Hackers and fraudsters continuously attempt to exploit digital systems, so we have implemented additional security layers to protect against external threats:
- Our network infrastructure includes firewalls and IDS to detect and block unauthorized access attempts. We use Rapid7 and Crowdstrike Falcon.
- Any user or system accessing sensitive voucher data must go through multi-factor authentication.
- We regularly monitor and analyze transaction patterns and flag suspicious activity.
- We do regular penetration tests to identify potential vulnerabilities and patch them before attackers can exploit them. We regularly use various tools from Qualys to check the security of our infrastructure and applications.
Securing from Internal Threats
While you are dealing with the external threats, you can not ignore the internal threats. You will have some colleagues who will have direct access to the database. You will also have colleagues who will have admin access to the platform who can download or redeliver the voucher. So we ensure
- Everyone on the team undergoes regular security training to stay updated on the latest threats and best practices.
- All the activities of the admin procedure are logged and monitored.
- Limit database access with Vouchers to only the necessary users.
Securing a system that manages multi-million-pound digital vouchers is a challenge, but with the right security strategies in place, it is possible to minimize risks. Unfortunately, the security is never a one-time task. It’s an ongoing process, and we constantly refine our security measures to stay ahead of potential threats.