How Mastercard Achieved Near-Zero Downtime Deployments for Fraud Detection

Introduction

Mastercard’s AI-powered real-time fraud prevention platform, Brighterion, has been delivering advanced fraud detection and risk management solutions to enterprise customers for over 20 years. Trusted by more than 2,000 clients worldwide, including 74 of the top 100 U.S. banks, Mastercard’s Brighterion AI platform scores over 150 billion transactions annually, helping organizations prevent fraud while optimizing approval rates. Its key differentiators include a proven track record, a state-of-the-art machine learning toolkit, and the ability to leverage Mastercard’s proprietary data and intelligence for superior fraud prevention.

Challenge

One of the most critical value-added services Mastercard provides is the fraud detection service. The fraud detection system provides capabilities for customers to configure various rules through Rules Management Platform that affect the outcomes of transaction scoring (ML model inferencing). The Rules Management applications used to have scheduled maintenance events with some downtime for the customers during the maintenance window.

Overview

With the new architecture outlined, leveraging AWS Managed Services especially Amazon CloudFront Blue Green (Continuous) deployment service we have eliminated downtime and can perform an entire end-to-end deployment with zero downtime. We will share the architecture and the steps on how Mastercard achieved zero downtime for its fraud detection system here.

Solution

Brighterion uses Blue-Green Continuous Deployment strategy to achieve near-zero downtime for their critical fraud detection applications, incorporating both backend services and frontend user experiences. The key aspects of this approach include separating Application and Infrastructure Pipelines: Brighterion maintained distinct pipelines for managing application-level changes (microservices, databases, etc.) and infrastructure-level changes (Kubernetes clusters, managed services, etc.). This allowed them to independently execute blue-green deployments for each. See Figure below.

Ensuring Backward Compatibility

When rolling out new application versions, Brighterion designed their database schemas and service interfaces to be backward compatible. This allowed the “blue” (current) and “green” (new) versions to coexist without disrupting the user experience.

Integrating Front end Blue-Green

Beyond just the backend services, Brighterion extended their blue-green deployment strategy to the front-end user experience as well. They used features like CloudFront’s continuous deployment policy to switch between “blue” and “green” website versions.

Enabling Pre-Production Validation

To provide visibility for the new release candidate before going live, Brighterion’s pipelines allowed their release testing and customer success teams to access the “green” environment and validate the full user flow. This gave them confidence in the new version before promoting it to production.

Benefits

Increasing availability and agility through their innovative blue-green deployment approach, Brighterion could achieve the following outcomes:

• Improved system availability > 99.999%, avoiding costly outages for their customers
• Enabled real-time updates to fraud detection rules, allowing customers to respond rapidly to evolving threats
• Empowered customers to comply with strict regulatory requirements through highly available services
• Facilitated a more agile release cadence, allowing features to be rolled out incrementally with reduced risk

To support their blue-green deployment strategy and increase high availability, Brighterion leveraged a suite of resilient and secure AWS services, including:

• Amazon Elastic Container Service (Amazon ECS) and Amazon Elastic Kubernetes Services (Amazon EKS) for containerized application deployments
• Amazon Redshift and Amazon Managed Streaming for Apache Kafka (Amazon MSK) for scalable data processing and analytics
• AWS CloudHSM, Amazon S3 and Amazon KMS to meet stringent compliance requirements

By adhering to the AWS Well-Architected Framework, Brighterion could build a highly reliable, secure, and cost-effective platform to power their critical fraud detection capabilities.

Key Takeaways

Brighterion’s journey to achieve near-zero downtime deployments for their fraud detection applications offers several valuable lessons:

1. Decouple application and infrastructure changes to enable independent blue-green rollouts.
2. Design for backward compatibility to facilitate seamless version transitions.
3. Extend blue-green strategies to both backend services and frontend user experiences.
4. Empower pre-production validation to gain confidence in new releases.
5. Leverage managed AWS services to enhance resiliency, security, and compliance.

By adopting this comprehensive approach, Brighterion has positioned itself as a leader in delivering highly available, agile, and compliant fraud detection solutions to its enterprise customers worldwide.