Back to projects

Hero Plus Payment Platform

Multi-gateway payment platform processing transactions across Thailand, Hong Kong, Malaysia, and Singapore.

Ruby on Rails React PostgreSQL AWS Payments PCI DSS POS

Overview

Founding engineer at Hero Plus. Built their payment infrastructure from scratch, now processing card transactions across Hong Kong, Singapore, Malaysia, and Thailand.

Key numbers:

  • 6 gateways (Stripe, Adyen, Airwallex, Nomupay, 2c2p, Fiuu)
  • 4 currencies (HKD, SGD, MYR, THB)
  • 42% faster frontend load times
  • Deployment time cut from 45 min to 8 min

Technical highlights

Multi-gateway abstraction - Built a unified interface for capture, authorize, refund, void across all six gateways. Each has different signing methods (HMAC, JWS, RSA), settlement windows, and error handling.

POS and SoftPOS - Implemented Remote Key Injection for Sunmi terminals. RSA key exchange, 3DES wrapping, DUKPT derivation. SoftPOS turns phones into payment terminals using NFC and secure elements.

PCI-compliant key management - Three-component BDK splits, XOR reconstruction, dual-control procedures. The kind of cryptographic infrastructure work where “decryption failed” is your only debugging feedback.

Tokenization - Apple Pay, Google Pay, network tokens. Cryptogram validation, scheme-specific handling for Visa/Mastercard/UnionPay.

Merchant onboarding - KYC verification, subaccount creation, webhook provisioning, settlement routing, risk profiles.

Stack

Ruby on Rails, React, PostgreSQL, Redis, Sidekiq, AWS (RDS, S3, Elastic Beanstalk), GitLab CI/CD