PayMe, a leader in embedded finance and a PCI-certified financial services provider recognized for its long-standing credibility and excellence, is redefining how SMBs access financial services globally. To stay ahead, they needed an infrastructure as modern and efficient as the platform they deliver. 

Date: June 23, 2025 

The Challenge  

PayMe’s AWS environment was built on EC2 with Elastic Beanstalk and NAT Gateway routing traffic through the public internet. The setup was expensive, hard to manage, and lacked modern security monitoring. Threat detection was reactive, and maintaining the infrastructure was eating up valuable engineering cycles. 

What PayMe Needed 

✔ Compute Modernization – Shift from legacy EC2 to a serverless container approach. 
✔ Private Connectivity – Establish a secure, low-latency channel to their payment partner. 
✔ Real-Time Security Visibility – Gain centralized, automated threat detection and alerting. 
✔ Lower Operational Overhead – Eliminate patching, scaling, and instance management. 

The Solution  

2bcloud worked with PayMe to rebuild their infrastructure using modern AWS primitives that prioritized security, efficiency, and performance. 

Compute Modernization with ECS Fargate 

• Migrated workloads from EC2 + Beanstalk to ECS Fargate to remove infrastructure management. 

• Deployed ECS Service Discovery for more reliable inter-service comms. 

• Streamlined deployments with CI/CD pipelines and auto-scaling, minimizing downtime. 

Private Network Connectivity 

• Implemented AWS Direct Connect to securely link AWS with PayMe’s Israeli payment processor. 

• Eliminated NAT Gateway usage, reducing latency and data transfer costs. 

• Encrypted, dedicated connection replaced flaky internet-based routing. 

Security Visibility and Threat Detection 

• Enabled AWS GuardDuty org-wide to monitor threats across all accounts. 

• Integrated with Slack and email for instant alerting. 

• Moved ECS workloads to private subnets with strict security group rules. 

The Technical Stack

1️⃣ ECS Fargate + Service Discovery 

• No EC2 management 

• Faster, more reliable inter-service traffic 

2️⃣ AWS Direct Connect 

• Static latency, no public internet exposure 

• Cost savings on data transfer 

3️⃣ AWS GuardDuty Integration 

• Centralized threat detection across the org 

• Alerts routed via Slack & email in real-time 

4️⃣ CI/CD Pipeline Revamp 

• GitHub Actions and IAM roles streamline deployments 

• Reduced release friction and overhead 

The Results 

✔ 30%+ cost reduction by cutting EC2 and NAT Gateway usage 

✔ Significant drop in latency to the payment partner via Direct Connect 

✔ Near-zero maintenance overhead with serverless infrastructure 

✔ Real-time threat detection and centralized observability 

Why It Matters 

“As a PCI-certified financial platform, we continuously align our infrastructure to meet high compliance and performance standards. Migrating to ECS Fargate, eliminating NAT Gateway, and using Direct Connect was a strategic move that directly supports our platform’s scalability, and security needs to serve our customer’s best”.

 

Looking Ahead 

PayMe remains focused on maintaining enterprise-grade security while accelerating innovation. With infrastructure off their plate, PayMe’s engineering team is now fully focused on building features that matter to their users. Their platform is scaling securely and cost-efficiently, opening up more opportunities to serve global SMBs with faster, safer, and more reliable embedded finance solutions.