● CASE STUDY · 03
Cardpersonalizationplatform
Client · IDEMIA
Year
2022 — 2025
Role
Software Engineer II
Stack
- Java
- SQL
- PCI-DSS
- Linux
(01) Context
IDEMIA's card personalization platform issues physical cards for some of the largest U.S. banks. PCI-DSS compliance is the floor; zero tolerance for data defects in production is the bar. I spent three years there on the backend that turns a customer record into a card a real person uses.
The problem
At this scale, edge-case data defects, layout regressions, and SLA-bound incidents come with the territory. Every change has to be backward-compatible with live programs — you can't break a card program that's been issuing for years.
(02) Approach
- 01
Secure issuance pipelines under PCI-DSS
Built and maintained sensitive issuance pipelines to PCI-DSS bars and partner-specific security requirements — reducing compliance risk on the client side and standardizing how new programs onboard.
- 02
Critical incident response under SLA
Resolved critical production incidents under strict SLAs by pinpointing logic and data defects fast — root-cause analysis across large datasets, same shift.
- 03
Custom card layouts without breaking history
Backward-compatible backend additions for new layout features — older programs continued unchanged while new ones picked up the new options on opt-in.
- 04
Production discipline
Daily standups, partner reviews, QA coordination, and 5S production-floor auditing as a volunteer — the operational side of running a high-availability backend that can't go down.
(03) Outcome
Three years on a platform where mistakes are extremely expensive — and none of mine made it to a customer.
PCI-DSS
compliance bar
Same-shift
RCAs at scale
Tier-1
banking clients