The customer is a US-based company that offers POS solutions for restaurants and retail businesses. With their iPad-based POS and cloud-based Backend platform, they have a large installation base and a considerable market share. The customer wanted to expand their business area by adding payment processing services to their portfolio.
The decision was to purchase a well-known payment gateway company that provides services with millions of payment transactions across North America. However, it was necessary to conduct a deep and complex product audit to understand product quality and potential weaknesses prior to the company acquisition.
MERA was selected as a trusted auditor with great knowledge in all required areas of the assessment: code and architecture quality, security, development processes. The main challenges the team faced:
- Short lead time for a complete review - only 2 weeks for evaluating the product from different angles and preparing a report with the finding and recommendations.
- High product complexity - many components, highly loaded geo-redundant system with millions of transactions.
- Due to security reasons, all materials (documentation, source code) were available only on the company’s premises, which ruled out the possibility of offline or remote review.
- High expectations brought great responsibility for each line in the assessment report.
MERA quickly built up a team of experts who travelled to the US and participated in the online product audit together with the company representatives. MERA was provided with supervised access to the documentation and source code, so active communication was required to gather all the necessary information.
The review goals were to evaluate:
- Product architecture, solution scalability and functional extensibility;
- Product implementation quality, areas of potential issues, risks related to product support;
- Software development, installation/configuration and troubleshooting routines.
MERA provided the customer with a detailed product assessment report, covering all the requested review aspects. High product quality, robust architecture and good performance were confirmed from the source code point of view. Additionally, a major man-in-the-middle attack vulnerability was found and reported by the MERA team during the architecture review.
The obtained insights allowed the customer to view the deal from a new perspective and make a risk-free business decision. At the end, the customer chose in favor of the company acquisition, which allowed them to create a complete and reliable product offer.