Skip to main content

Case Studies

PhonePe simplifies fintech compliance with Ubuntu Pro

About PhonePe

  • PhonePe is India’s largest digital payments platform. The company was founded in 2015 and is headquartered in Bengaluru.
  • PhonePe enables users to make payments and investments via a mobile app with a Unified Payments Interface, serving over 600 million registered users. The PhonePe app processes approximately 330-350 million transactions per day.
  • The award-winning payment platform is run by an infrastructure team with over 150 employees.
  • PhonePe standardized most of its platform on Ubuntu as its operating system, and runs a fleet of over 30,000 servers.

A trusted OS for a trusted payments platform

PhonePe is on a mission to democratize payment services in India. Over the years, the company has expanded to new segments including insurance, loans, and wealth management. As a leading fintech platform, PhonePe needs to ensure a smooth and reliable user experience while complying with strict regulatory requirements, such as the Payment Card Industry Data Security Standard (PCI-DSS), and regulations set by the Securities and Exchange Board of India (SEBI). The company is a big proponent of open source software and had chosen Ubuntu to run most of their infrastructure. When faced with the need to meet an increasing set of cybersecurity compliance requirements, PhonePe chose Ubuntu Pro for seamless and consistent security patching across its estate.

“We have been an Ubuntu house from the very beginning. Our first release was Trusty Tahr and we never looked back. We chose Ubuntu for its regular version upgrades and long term support. It just works. Enabling Ubuntu Pro was an obvious choice for us.”

Senior SRE leadership
at PhonePe

Challenge

India processes the world’s highest volume of digital payments. Millions of citizens and businesses rely on the country’s Unified Payments Interface to partake in the digital economy. PhonePe was one of the first fintech providers to benefit from this payment transformation, and launched with a mission to make payments accessible and reliable. Like many financial services companies, PhonePe relies heavily on open source to innovate quickly. The company itself open sources some of its solutions, including an alternative to Kubernetes called Drove. When faced with an increasing wave of cybersecurity regulations, the company had to look for a more efficient way to handle security patching across its large open source software stack.

The regulations PhonePe is subject to include the Payment Card Industry Data Security Standard (PCI-DSS), and those set forth by the Insurance Regulatory and Development Authority of India (IRDAI), the Reserve Bank of India (RBI) and the Securities and Exchange Board of India (SEBI). PhonePe needed a way to maintain core open source packages in order to meet these regulatory requirements and uphold their cybersecurity commitments.

“We have a large fleet so it’s not very practical to constantly upgrade to get the latest security fixes. We did some brainstorming internally and considered other Linux distributions, but we could get what we needed with Ubuntu’s Expanded Security Maintenance (ESM) and coverage for the Ubuntu Universe repository. We needed a way to stay on top of security patches and wanted something reliable. Thanks to Ubuntu Pro, we can confidently pass our compliance audits.”

Senior SRE leadership
at PhonePe

Solution

PhonePe’s infrastructure team has been a long-time “Ubuntu house” since 2015. PhonePe’s leadership considers that the OS is really stable and is happy with the level of support it receives. With Ubuntu Pro, PhonePe gets the flexibility to plan migrations to subsequent Ubuntu versions while benefiting from tested and carefully applied fixes that are backported to previous versions. This provides stability while facilitating ongoing innovation.

“We use open source because it enables you to test new software without worrying about constant licensing checks,” PhonePe’s SRE leadership explains. “If we used proprietary software across such a large fleet of virtual machines, we’d have to hire people just to deal with licenses. With open source operating systems like Ubuntu we can skip the licensing overhead, we just try things out when we want to, and can engage Canonical when we need to. If there is one thing we don’t have to worry about in our ecosystem, it’s Ubuntu.”

Besides the benefit of stability, PhonePe’s team prefers Ubuntu for its extensive hardware support and performance.

“We run Ubuntu for databases, queuing systems and many other types of workloads. We run performance tests consistently across these, and there are no surprises. The fact that Canonical has been around for 20 years and works with leading hardware vendors like Dell also made Ubuntu an obvious choice for us. We can’t afford to have an OS where certain NICs or cards won’t run. The beauty of Ubuntu is that it just works.”

Senior SRE leadership
at PhonePe

Results

Thanks to Ubuntu and Ubuntu Pro, PhonePe can confidently pass its compliance audits and continue serving millions of users with confidence. “Our team is able to provide a stable and securely maintained environment for all of the applications our different business units run. We can deliver a highly responsive and reliable product as a result,” adds PhonePe’s SRE leadership.

While the lack of consistent security maintenance was a blocker in the past, PhonePe was able to overcome those limitations with Ubuntu Pro and Ubuntu as its trusted platform.

“It’s difficult to quantify the positive impact of a security patching solution like Ubuntu Pro, but the absence of it can be quite debilitating. It’s a bit like oxygen - you don’t think about it while you’re breathing easily but it’s the very thing keeping your system alive and moving.” - Senior SRE leadership at PhonePe

Learn more about Ubuntu Pro ›