PassportCard, part of the DavidShield Group, is a Tel Aviv-based global health insurer providing real-time, cashless medical payments via a dedicated debit card, supporting travelers and expatriates across 150+ countries with innovative, technology-driven coverage.
“Our real-time PassportCard payment model depends on the infrastructure we can trust everywhere our members are. AWS with Cloudride’s MSP services gives us secure, always-on, scalable foundations so we can focus on reinventing global healthcare access – not running data centers.”
Summary
PassportCard partnered with Cloudride to migrate from constrained on‑premises infrastructure to a multi‑region, cloud‑native AWS platform delivering 99.99% uptime, sub‑100ms real-time payment approvals, and strict GDPR/PCI-DSS healthcare compliance. Over three years, FinOps-driven optimization, automation, and DevSecOps practices reduced costs by roughly 25–40% versus the on‑prem trajectory while enabling faster innovation, global expansion, and zero successful security breaches.
Goal
PassportCard sought to replace aging on-premises infrastructure with a globally scalable, cloud-native platform that could reliably support 24/7 real-time payment authorizations, meet strict healthcare and financial regulations in multiple jurisdictions, and provide the agility to launch new services and markets rapidly while improving cost efficiency, visibility, and operational resilience.
Challenges
- Supporting real-time, sub-second approvals for payments in 150+ countries.
- Meeting complex, evolving GDPR, PCI-DSS, and healthcare data regulations.
- Overcoming on-prem capacity limits, manual deployments, and reactive operations.
- Maintaining security, monitoring, and disaster recovery for always-on services standards.
Solution
PassportCard selected Cloudride as a strategic MSP to lead a phased AWS transformation, from discovery and architecture to migration and ongoing operations. Cloudride designed a multi-region, compliance-first architecture aligned to PassportCard’s regulatory, resiliency, and latency needs. Critical payment services were migrated using blue-green strategies to avoid downtime. Monoliths have been refactored into microservices running on containers and serverless functions. A secure AWS Landing Zone with multi-account structure standardized governance. DevOps, FinOps, and DevSecOps practices were embedded as managed services. Orca Security, Fortinet and AWS-native tools delivered continuous security posture management. Cloudride’s team provided 24/7 operations, optimization, and ongoing knowledge transfer.
Technical Execution
Cloudride implemented a multi-region AWS architecture spanning EU (Frankfurt), US (N. Virginia), and APAC (Sydney) to meet latency, availability, and data residency requirements. Core payment services were containerized on Amazon ECS and EKS, supported by EC2 Auto Scaling, AWS Fargate for select workloads, and Lambda-based event processing for notifications and integrations. Amazon Aurora Global Database and Amazon RDS Multi-AZ underpinned transactional and reporting databases, complemented by DynamoDB for sessions, S3 with lifecycle policies, and EFS for shared storage. Connectivity and performance were optimized using CloudFront, Global Accelerator, Route 53, Transit Gateway, and Direct Connect. Security and compliance were enforced with an AWS Landing Zone, WAF, Shield, GuardDuty, Security Hub, Config, KMS, Secrets Manager, and agentless Orca Security CSPM, all monitored through CloudWatch, CloudTrail, Systems Manager, and X-Ray, with CI/CD powered by CodePipeline, CodeBuild, CodeDeploy, and ECR.
Results
- 99.99% availability for real-time payment systems with sub‑100ms approvals.
- Zero planned downtime during migrations and major updates.
- 30% faster transaction processing with autoscaling to handle peak loads.
- 70% reduction in manual deployment effort through CI/CD automation.
- 50% lower MTTR and up to 80% faster incident detection.
- No successful security breaches, with much faster patching and remediation.
- GDPR, PCI-DSS Level 1, and healthcare compliance made audit-ready.
- 25–40% lower costs versus on-prem trajectory over three years.
- IT team refocused from infrastructure maintenance to product innovation.
Future Directions
Building on its AWS foundation, PassportCard plans to add AI-powered claims processing and fraud detection using managed ML services, deeper personalization for members, and richer analytics for proactive care. The roadmap includes enhancing mobile experiences with serverless backends and exploring blockchain-based claim settlement across borders. Integration with IoT health wearables and a robust, AWS-backed telemedicine platform will extend digital health services globally. Cloudride will continue providing strategic architecture guidance and MSP operations to ensure these innovations remain secure, compliant, and cost‑optimized.