Case Study: ACI Worldwide, Real-Time Anonymisation of Streaming Payment Data
A Case Study in Real-Time Anonymisation for High-Volume Payment Streams.
In payment processing, compliance failures are existential threats. ACI Worldwide processes millions of payment records hourly through Kafka streams—each containing 140-180 columns of sensitive data requiring real-time GDPR compliance. Traditional anonymisation tools couldn’t scale, risking multi-million-dollar fines and customer trust. Deploying DATAMIMIC transformed their streaming pipelines with inline, ruleset-driven anonymisation at millions of records per hour—zero latency impact, full audit transparency, and deterministic consistency. The result: a compliance nightmare turned into automated, bulletproof data protection at global scale.
Customer
ACI Worldwide (US-based technology partner providing the mission-critical software that powers the global payment ecosystem)
Industry
Payments / Financial Services
Techstack
DATAMIMIC Toolbox, Kafka Streaming Adapter, Compliance Reporting
Service
Proof of Value, Enablement, Streaming Integration & Compliance Reporting
Challenge
For a global payments processor like ACI, a failure in data compliance isn’t just a technical hurdle; it’s an existential business risk. They process millions of payment records per hour, each with 140–180 columns of sensitive data. To remain compliant with GDPR and international financial regulations, they needed to anonymise and pseudonymise in real time as data moved through their Kafka pipelines. A single data leak could trigger multi-million-dollar fines and a catastrophic loss of customer trust.
Key requirements:
Inline anonymisation/pseudonymisation with no performance impact.
Deterministic consistency across 140–180 column entities.
Compliance reporting for internal auditors and regulators.
Models driven by formal anonymisation specifications, not ad-hoc scripts.
The existing tools couldn’t keep up with streaming scale, often adding latency or failing to meet audit standards.
Solution
We began with a Proof of Value (PoV) to validate DATAMIMIC’s streaming anonymisation. Once successful, we expanded into enablement and guided feature adoption.
Ruleset-driven anonymisation
Imported customer specifications into DATAMIMIC models, ensuring consistent, spec-compliant anonymisation and pseudonymisation.
Streaming Kafka integration
Records anonymised inline at millions per hour, preserving throughput and reliability.
Compliance reporting
Automated reports documented every applied rule, creating a clear, reproducible audit trail.
Enablement
Hands-on workshops and support enabled ACI’s engineers to extend rulesets and maintain the system independently.
Result
Real-time anonymisation at scale: Millions of payment records per hour anonymised inline without impacting Kafka latency.
Deterministic integrity: Consistency across 140–180 column entities, fully aligned with regulatory specs.
Audit readiness: Automated compliance reports delivered transparency and reduced regulatory risk.
Team autonomy: ACI teams trained to adapt and extend rulesets without vendor dependence.
Operational safety: Pre-production and downstream systems ran without exposure to live PII, ensuring GDPR compliance.