Financial Services Financial Services & Banking Payments & Card Networks

Issuer Processing

Regulated environments where trust, compliance, and operational resilience are non-negotiable.

Fiserv FIS TSYS i2c
Inside this journey
  1. Pre-Discovery

    Align the room on outcomes, decision process, and constraints before deeper discovery.

    1. Stakeholder Alignment

      Confirm decision roles, timeline, migration constraints, and what 'good' looks like for each stakeholder.

      Alignment Questions

      Getting Acquainted: Who's In the Room?

      • Who are you and what is your primary role in this evaluation? Options: Head of Cards / Product, CTO / Head of Engineering, CFO / Finance, Head of Operations, Head of Risk & Fraud, Procurement, Other
      • Which functions will actively participate in evaluating a new card processor? Options: Product, Engineering/IT, Operations, Risk & Fraud, Finance, Legal/Compliance, Customer Support, Vendor/Partner PM, Other
      • Who is the ultimate decision owner for processor selection in your organization? Options: CEO/C-suite, CFO, CTO, Head of Cards/Product, Board/Committee, Consensus across functions, Undecided
      • If we asked you to list the three people who must sign off before a contract is executed, who would they be?
      • Have you led or been through a card processing migration before—tell us briefly what went well and what surprised you?
      • How much time per week can your core evaluation team commit to workshops and discovery over the next 60 days? Options: > 8 hours/week, 4–8 hours/week, 1–4 hours/week, < 1 hour/week

      What If One Voice Gets Left Out?

      • Which single stakeholder, if not fully aligned, would most likely derail this migration—and why? Options: Head of Cards/Product, CTO, CFO, Head of Operations, Legal/Compliance, Risk & Fraud, Customer Support, Other
      • For that stakeholder, what are their top three non-negotiables (examples: uptime, contractual liability limits, data control)?
      • How are approvals typically reached in your organization—centralized decision, committee consensus, or distributed sign-off? Options: Centralized (single approver), Committee/steering group, Consensus across functions, Delegated to program manager, Varies by item
      • What evidence tends to settle disputes in your organization (e.g., quantified SLA impact, legal language, peer references, cost analysis)? Options: Measured SLAs/metrics, Legal/contractual terms, Reference customers, Detailed TCO model, Executive directive, Other
      • Are there silent influencers or groups outside the core team we should proactively engage? Who are they and what might they raise?
      • If a split vote happens, how is the final decision typically made? Options: Escalation to C-suite, Steering committee decision, Program manager recommendation, Default to incumbent/vendor, Other

      If This Migration Fails, Who Feels It Most?

      • What level of authorization availability is your team unwilling to compromise on (express as percentage or business language)? Options: >99.999% (essentially zero downtime), 99.99%, 99.9%, 99%, Acceptable but negotiable
      • What is the maximum tolerable rate of transaction loss, duplication, or reconciliation error during cutover (per day)? Options: Zero tolerance, < 0.01% of volume, 0.01–0.1%, 0.1–1%, > 1%
      • Which failure modes keep you up at night when thinking about cutover? Options: Authorization outages, Data mismatches / account mapping errors, Duplicate transactions, Clearing/settlement reconciliation issues, Fraud spikes, Customer confusion / support surge, Other
      • Are there regulatory, audit, or contractual obligations that create immovable constraints on when or how we migrate? Please summarize.
      • If an outage or data integrity issue exceeds your tolerance, what remediation or financial remedies would you expect from a vendor?

      What Would 'Good' Actually Look Like?

      • Which stakeholders should we map 'what good looks like' for? Pick all that apply. Options: Product / Head of Cards, CTO / Engineering, CFO / Finance, Operations / Processing, Risk & Fraud, Legal / Compliance, Customer Support, Board / Executives
      • For the product owner(s) you selected, list up to three measurable outcomes that would make them say 'this is a success' (e.g., time to launch, feature parity, customer retention).
      • For the CTO/Engineering, which operational metrics and platform capabilities will convince them this is a safe move? Options: 99.99%+ auth availability, SRE-run monitoring + alerts, Runbooks & playbooks, APIs with stable contracts, Reference architecture + case studies, Other
      • For Finance/CFO, which cost or risk metrics will determine a green light? Options: Total cost of ownership (TCO) over 3–5 years, Migration cost vs retention impact, Liability/indemnity exposure, Predictable monthly pricing, ROI / Payback period, Other
      • For Operations and Support, what service features or SLAs are non-negotiable? Options: 24/7 support with named contacts, Dedicated SRE during cutover, Clear escalation paths, SLA credits for breaches, Operational runbook handover, Other
      • Who will own post-migration success tracking on your side and what review cadence feels right? Options: Product owner, CTO / Infra owner, Operations manager, Program manager, Joint steering committee

      How Much Risk Are You Willing to Carry?

      • Which migration approach feels most acceptable to your leadership at this moment—and why might that be? Options: Parallel processing (dual-run), Phased / account waves, Pilot then scale, Big-bang cutover, Undecided
      • Which internal constraints limit our choice of migration approaches? Select all that apply. Options: Budget / capital limits, Limited internal staffing, Certification or network windows, BIN changes required, Card reissue risk, Customer communications bandwidth, Regulatory approvals, Other
      • Do you require a full rollback capability—meaning we can revert to the incumbent under defined conditions? Options: Yes, full rollback mandatory, Partial rollback acceptable, Rollback too risky / not feasible, Undecided
      • How important is minimizing cardholder-facing change (examples: keep existing BIN, avoid card re-issue, maintain card controls)? Options: Critical, Important, Nice to have, Not important
      • What concrete data quality thresholds must be met before we can cutover (for example: percent of accounts with complete mapping, duplicate tolerance)?
      • What staging, sandbox, or test environments do you have available and who controls access to them?

      Who's Owning What — For Real?

      • Which of these ownership models best describes how migration responsibilities will be assigned? Options: Single program manager with RACI defined, Multiple owners with shared RACI, Vendor-led with internal approvals, No clear owner yet / TBD
      • Do you have a named migration program manager today, and what decision authority will they hold? Options: Named with formal decision authority, Named with recommendation authority only, No named PM yet, Shared PM between vendor and client
      • How should cross-functional escalations be handled if disagreements arise during migration? Options: Steering committee, C-suite escalation, Program manager decision, Legal/contractual trigger, Other
      • What governance cadence will keep stakeholders informed but not overwhelmed (choose the closest fit)? Options: Weekly tactical + monthly steering, Bi-weekly updates, Monthly only, Daily during cutover then weekly, As-needed
      • Who on your side is authorized to approve changes to scope, timeline, or commercial terms?
      • Are there external parties (card networks, processors, regulators, third-party vendors) who must be invited into governance or decision forums? Options: Card network(s), Current processor / incumbent, Acquiring bank / sponsor, Regulator, Third-party vendors (e.g., fraud, loyalty), None, Other

      If We Commit Today, What's the Timeline?

      • What is the latest acceptable go-live window your organization will tolerate? Options: Within 3 months, 3–6 months, 6–12 months, 12+ months, No fixed date
      • Are there contractual notice periods, certifications, or blackout windows with your current provider we must plan around? Options: Yes — we'll describe in notes, No, Unsure
      • Which internal milestones must complete before you can sign (select all that apply)? Options: Budget approval, Legal & compliance signoff, Board approval, Security review / approval, Procurement / vendor onboarding, Vendor risk assessment
      • Do you have peak seasons or dates when migrations are strictly prohibited? Options: Yes — list in notes, No
      • How confident are you that the timeline above is achievable with present resources? Options: Very confident, Somewhat confident, Low confidence, Unsure
      • What single change would most increase your confidence in meeting the timeline?

      Next Steps — A Small, Low-Risk Path to Test the Water

      • Which of these low-risk next steps would you be willing to take first? Options: Technical discovery workshop, Reference calls with similar issuers, Pilot with a small account set, Proof-of-concept in staging, Security and compliance review, Commercial term outline review, Other
      • If a pilot feels right, what sample size and account mix would you prefer to validate assumptions? Options: 1–10K accounts (small pilot), 10–100K (meaningful sample), 100K–1M (large pilot), >1M (near-production scale), Unsure — need recommendation
      • What success criteria should we use to validate a pilot (pick priority metrics or describe your own)? Options: Auth availability, No data mapping errors, Matched clearing/reconciliation, No customer-impacting incidents, Support call volume within expected range, Other
      • Who will need to sign off internally to move from pilot to full migration? Options: Product owner, CTO / Engineering, CFO, Operations, Legal / Compliance, Steering committee / Board, Other
      • What documents or artifacts will your stakeholders need to feel comfortable taking the next step (examples: runbooks, SLA drafts, data mappings, TCO)? Options: Runbooks and playbooks, Draft SLAs / liability terms, Data mapping & reconciliation plan, Pilot test plan & results, Security/compliance attestations, Cost model / TCO, Other
      • When would you like to schedule the initial technical workshop or discovery session? Options: This week, Next 2 weeks, Within 1 month, 1–2 months, Undecided
    2. Current State Mapping

      Document current processor performance, integrations, data quality, and failure modes that drive migration risk.

      Current State

      Where We Stand Right Now (Quick Snapshot)

      • Give a concise snapshot of your current card processing environment: who runs it (vendor or in‑house), how long it’s been live, and the scale (active card accounts, average monthly transactions).
      • Which best describes your current processing model? Options: Fully in‑house, Managed service with customizations, Standard vendor platform (multi‑tenant), Legacy monolithic platform, Hybrid (some functions outsourced)
      • Approximately how many active cardholder accounts and monthly authorizations do you handle today? Options: <10k accounts / <100k txns, 10k–100k accounts / 100k–1M txns, 100k–1M accounts / 1M–10M txns, 1M–10M accounts / 10M–100M txns, >10M accounts / >100M txns
      • Who are the primary stakeholders we should engage for technical discovery and migration decisions (role + name/email if available)?
      • What are the top three business objectives driving your interest in evaluating a new processor?

      When 'Good Enough' Breaks: How Reliable Is Reliable Enough?

      • We often see teams accepting small authorization gaps until they cascade—what specific availability or authorization failure would force you to act today? Options: Any customer visible downtime, Authorization availability < 99.99%, Repeated partial outages in peak hours, Data integrity issues impacting statements, Other
      • What is your measured (or reported) authorization availability over the last 12 months? Options: >=99.999%, 99.99%–99.998%, 99.9%–99.99%, 99.0%–99.9%, <99.0%, We do not have a measurement
      • When outages or slowdowns happen, which of these describe the typical root causes you observe? Options: Network/infra, Peak load saturation, Card network issues, Downstream partner failures, Application bugs, Data corruption, Manual operational error, Other
      • How quickly do outages get detected and escalated today (detection → first response)? Options: <1 minute, 1–5 minutes, 5–30 minutes, 30–120 minutes, >2 hours, We lack consistent detection
      • Describe a recent reliability incident that still affects how you think about migration risk (what happened, customer impact, and how it felt to your team).

      The Hidden Threads: Integrations That Make or Break Cutover

      • Most migrations stumble because a single integration was underestimated—what critical systems depend on your processor today (select all that apply)? Options: Core banking/ledgers, Fraud scoring engine(s), Acquiring/billing systems, Mobile/wallet providers, Loyalty/rewards engines, Card production/embossing, Settlement/reconciliation, In‑house custom middleware, Other
      • Which of those integrations are custom, undocumented, or maintained by a single engineer? Options: None, 1–2 integrations, 3–5 integrations, More than 5 integrations
      • What interface types do you use with each primary integration (choose all that apply)? Options: Real‑time API/REST, ISO 8583 / network protocol, Batch files (SFTP), MQ/streaming, Database replication, Custom socket/legacy protocol
      • How complete and up‑to‑date is your integration documentation (endpoints, schemas, SLAs, owners)? Options: Fully documented + versioned, Mostly documented, some gaps, Sparse documentation, tribal knowledge, No documentation
      • Who owns each integration end‑to‑end (tech owner, business owner) and how quickly can they be made available in migration planning?

      What Keeps Your Data Up at Night?

      • We see migrations fail because teams assume their data is clean—what recurring data problems do you see that would complicate migration? Options: Duplicate accounts, Missing or truncated PANs, Inconsistent status codes, Incorrect currency or routing, Old/invalid consent flags, Historic balance mismatches, Other
      • Approximately what percentage of accounts do you estimate have one or more data anomalies that require remediation? Options: <1%, 1%–5%, 5%–15%, 15%–30%, >30%, Don't know
      • How are critical data fixes performed today—automated scripts, manual remediation, or vendor assistance—and how long does a typical fix take? Options: Automated (fast), Semi‑automated (requires manual review), Manual (slow), Vendor handles with SLA
      • Which specific data fields do you consider migration blockers if not migrated perfectly (e.g., authorization history, dispute state, rewards balances)?
      • Do you have reconciliation tools or processes to validate post‑cutover data integrity? If yes, describe frequency and owners. Options: Real‑time automated reconciliation, Daily batch reconciliation, Ad‑hoc manual checks, None formalized

      When Things Fail: A Forensic Tour of Incident & Recovery Modes

      • If a cutover produced inconsistent authorizations for a subset of accounts, what would a worst‑case customer outcome look like for you? Options: Incorrect billing, Lost authorizations causing revenue loss, Double charges, Massive customer support volume, Regulatory breach, Other
      • Describe your typical incident lifecycle today: detection, triage, resolution, and customer communication—what works and what repeatedly fails?
      • How confident are you in your ability to run a rollback that restores all transaction and account state without data loss? Options: Very confident, Somewhat confident, Low confidence, No practical rollback
      • What are your current RTO (recovery time objective) and RPO (recovery point objective) targets for processing systems? Options: RTO <5min / RPO <1min, RTO 5–30min / RPO 1–5min, RTO 30–120min / RPO 5–30min, RTO >2hr / RPO >30min, Not defined
      • Tell us about one past incident where recovery revealed an unexpected data gap or hidden dependency—what did you learn?

      People, Runbooks, and Midnight Calls: Who Actually Knows the System?

      • Many migrations are more social than technical—who are the people you can’t do this without, and how accessible are they during a cutover window? Options: 24/7 on‑call team, Business hours only, Vendor on SLA, Single point of contact (risky), Unknown/not documented
      • Do you have runbooks for each high‑risk failure mode (authorization failures, settlement mismatch, data sync failure)? If yes, how often are they exercised? Options: Yes, exercised quarterly, Yes, exercised annually, Runbooks exist but not exercised, No runbooks
      • How are change approvals and emergency overrides handled during high‑stakes operations—who signs off and in what timeframe?
      • What is your customer support readiness plan for a migration window (training, scripts, call volume handling)? Options: Dedicated surge team + scripts, Partial cross‑training, Reactive handling only, No clear plan
      • If we asked your ops lead to run a dry‑run today, how many hours notice and what materials would they demand?

      Compliance, Security, and the Certification Minefield

      • People often assume certifications travel with data—what compliance or certification constraints must be preserved through migration (PCI level, local regulator approvals, card network attestations)? Options: PCI DSS level 1, PCI DSS level 2–3, Local banking regulator approvals, Card network certifications (Visa/Mastercard), Cross‑border data residency, Other
      • How is cryptographic material (keys, HSMs) handled today and what constraints would limit moving or sharing keys during migration? Options: Keys managed in HSM with strict controls, Keys stored in vendor HSMs, Mixed approaches, Unsure / undocumented
      • Have you ever paused a vendor change because of a compliance or audit concern? If so, describe the blocker and how it was resolved.
      • Are there geographic limits on where cardholder data can be processed or stored (e.g., EU data must remain in EU)? Options: Yes - strict residency, Some restrictions by dataset, No strong residency constraints, Unsure
      • What reporting or attestation artifacts will you need from a new processor to satisfy your auditors/regulatory exams?

      Hidden Costs & The Non‑Technical Drag Factors

      • We often see migration timelines slip because non‑technical steps are underestimated—what contractual, billing, or vendor governance items could delay a cutover? Options: Long vendor termination notices, Complex billing reconciliation, Interim chargebacks, Third‑party supplier approvals, Legal review cycles, Other
      • What is your tolerance for customer‑facing disruption during migration (choose the maximum acceptable outcome)? Options: No visible disruption allowed, Short interruptions during off‑peak, Scoped disruption with prior notice, Customer outage acceptable for short window
      • How is migration budget and resourcing allocated—do you have dedicated project headcount, contingency funding, and vendor implementation slots? Options: Fully funded + staff assigned, Budget approved but staff shared, Budget tentative, No dedicated budget
      • What internal politics or organizational constraints have historically slowed platform changes (e.g., procurement cycles, board approvals)?
      • If the migration cost more than expected, what cost items would you be willing to trade off to keep timeline (scope, features, or support)? Options: Reduce feature scope, Phased migration, Extended vendor support, Delay non‑critical integrations, Not willing to trade off

      If We Could Rewind: Your Migration Dealbreakers

      • Imagine the cutover failed in week one—what conditions would make you stop the migration and roll everything back immediately? Options: Major data loss, Regulatory breach, Mass customer impact, Inability to process authorizations, Critical PCI compromise, Other
      • What quantitative KPIs define an acceptable migration outcome for you (e.g., <0.01% transaction loss, authorization availability >99.99%)?
      • Who holds the final go/no‑go authority and which committee or governance body must sign off on post‑cutover acceptance?
      • What rollback triggers or automated alarms must be in place before you’d allow a high‑risk transition to proceed? Options: Auth availability drop >X%, Reconciliation mismatch >X, Spike in decline rate, Customer complaint surge, Manual override by exec
      • If you had one non‑negotiable assurance from a new processor to proceed, what would it be?

      Quick Audit: Facts We Can Use Tomorrow

      • Current measured peak TPS (transactions per second) and sustained TPS during business hours? Options: Peak <100 TPS, 100–500 TPS, 500–2k TPS, 2k–10k TPS, >10k TPS, Unknown
      • Current monthly authorization volume (approximate)? Options: <100k, 100k–1M, 1M–10M, 10M–50M, >50M, Unknown
      • Primary card networks in use today (select all that apply). Options: Visa, Mastercard, Discover, AmEx, Local/regional scheme, Proprietary network
      • Primary data centers or cloud regions used for processing (list providers/regions).
      • Who should receive a technical artifact pack from us (logs, sample payloads, schema mapping templates) to accelerate discovery?
      • What is the preferred cutover window(s) and blackout periods you need us to respect? Options: Weekday business hours, Early morning off‑peak (local), Late night off‑peak, Weekend window, Rolling/phased windows only
      • Any immediate red flags or hard blockers we should know before deeper technical mapping begins?
  2. Outcome Discovery

    Define target authorization availability, migration risk tolerances, cost and timeline constraints, and measurable success signals.

    Discovery Questions

    Quick Grounding: Who's in the Room?

    • To set the context, which card program types are you considering for this migration? Options: Credit, Debit, Prepaid, Co‑brand, Private label, Other
    • Roughly how many active cardholder accounts would move in the initial conversion wave? Options: < 100k, 100k–1M, 1M–5M, 5M–20M, > 20M
    • Which internal stakeholders must sign off on migration success (pick all that apply)? Options: Head of Cards/Product, CTO/Head of Engineering, CFO, Head of Operations, Head of Risk/Fraud, Legal/Compliance, Customer Service/Operations
    • How long has your incumbent processor/platform been in production for these programs? Options: < 1 year, 1–3 years, 3–7 years, 7–12 years, > 12 years
    • Who will serve as the single owner (name/role) for migration decisions and approvals?

    What Would Keep You Up at Night?

    • Imagine a migration hiccup causes meaningful auth failures during your busiest hour—how would that land with your executive team? Options: Board level concern, Executive escalation but manageable, Operational headache only, Wouldn't be a big deal
    • Tell us about any past authorization or migration incidents you’ve experienced—what happened and what was the fallout?
    • What is your current expected baseline for authorization availability (choose the target you measure to)? Options: 99.9%, 99.95%, 99.99%, 99.995%, 99.999%
    • What degree of short‑term degradation (if any) during cutover is tolerable expressed in percentage or minutes/hours per month? Options: None (zero tolerance), < 0.01% / < 1 minute, 0.01%–0.1% / 1–10 minutes, 0.1%–0.5% / 10–60 minutes, > 0.5% / > 60 minutes
    • How do authorization failures impact you beyond immediate transactions (revenue, churn, regulator exposure, brand)? Please be specific.

    If Authorizations Dropped by 100bps Tomorrow...

    • How would a sustained 100 basis point drop in authorization availability affect your daily operations and top‑line in the first 72 hours?
    • Which customer segments or channels are most sensitive to availability dips (e.g., high‑volume merchants, premium cardholders, ATM network)? Options: E‑commerce, POS retail, ATM network, High‑value cardholders, Merchant partners, Rewards program transactions
    • What absolute SLA thresholds (per 30/90/365 day window) would you require from a new processor to consider this migration successful? Options: Availability % thresholds, Mean time to detect (minutes), Mean time to restore (hours), Transaction integrity rate, Incident frequency limits
    • Who (role/title) needs to be alerted first if authorization latency or error rates spike during cutover? Options: Head of Ops, CTO, Head of Cards, Head of Fraud, Customer Support Lead
    • How do you want degradation to be represented in runbooks/SLAs—by percent, minutes of downtime, or number of failed transactions? Options: Percent availability, Minutes of downtime, Failed transactions count, Monetary impact

    Where Does Migration Risk Live?

    • Which single technical dependency or data issue do you believe is most likely to derail account conversion? Options: Card BIN mapping, Cardholder data quality, Network tokenization, External processor integrations, Billing/statement cycles, Other
    • List the critical integrations that must remain live and accurate during cutover (issuer switch, risk scoring, fraud engines, loyalty, billing).
    • How would you describe the current quality of your core issuer data for migration (completeness, normalization, duplicates)? Options: Excellent, Good with edge issues, Patchy and needs cleaning, Poor / high risk
    • What failure modes have you already identified (examples: missing PANs in tokenized flows, mismatched account statuses, duplicate accounts)? Please list top 3.
    • Which external vendors or third parties introduce the most operational risk during conversion? Options: Card networks, Token service providers, Fraud vendors, Acquirers/Processors, Card manufacturers, Other

    Money Talks — What Are You Willing to Spend to Sleep Better?

    • If we could guarantee specific availability and rollback controls, would you be willing to pay a premium for that assurance? Options: Yes — significantly, Yes — modestly, Maybe — depends on terms, No
    • What is the target budget range allocated specifically for migration engineering, testing, and contingency? Options: <$250k, $250k–$1M, $1M–$5M, $5M–$20M, >$20M
    • How do you prefer to structure migration costs—fixed‑price, milestone‑based, or time & materials with a capped contingency? Options: Fixed‑price, Milestone/pay‑for‑outcomes, Time & materials with cap, Hybrid
    • Would you accept a tradeoff of longer timeline for lower cost, or is time the overriding priority? Options: Prefer lower cost even if slower, Prefer faster even if more expensive, Need balanced options, Undecided
    • If a commercial incentive for penalty‑free rollback was available, how valuable would that be to your stakeholders? Options: Extremely valuable, Moderately valuable, Slightly valuable, Not valuable

    Clock and Pressure Cooker — Timeline & Decision Triggers

    • What is the immovable external deadline (if any) that drives your migration timeline (regulatory date, contract expiry, product launch)? Options: Regulatory deadline, Contract expiration, Major product launch, Investor milestone, No immovable deadline
    • What is your preferred go‑live window cadence—big bang, phased by portfolio, parallel processing, or hybrid? Options: Big bang, Phased by segment/wave, Parallel processing (dual run), Hybrid (parallel + phased)
    • What are firm blackout dates or seasonal surges we must avoid for conversion?
    • What minimum advance testing (end‑to‑end scenarios, load, fraud, reconciliation) do you require before a cutover decision? Options: Functional only, Functional + integration, Full end‑to‑end + load, Full + live pilot
    • Which real‑world decision triggers will you use to greenlight a wave (e.g., pilot metrics, reconciliation accuracy, incident rate thresholds)?

    Success in Measurable Terms

    • If you could pick one KPI that would convince execs the migration succeeded, which would it be? Options: Authorization availability, Transaction success rate, Fraud false positive rate, Time to detect/resolve incidents, Customer complaint volume
    • Select the set of KPIs you will require to accept the migration wave (choose up to 5). Options: Auth availability %, Max auth latency (ms), Transaction integrity %, Reconciliation accuracy, Chargeback/dispute rate, False positive fraud rate, Customer calls per 1k transactions
    • For each chosen KPI, what are the numeric acceptance thresholds we must meet during pilot and production?
    • Who must sign the acceptance — role/title — and what is their tolerance for rolling back if sign‑off criteria are missed? Options: Head of Cards, CTO, CFO, Head of Ops, Cross‑functional committee
    • How do you want monitoring and post‑cutover dashboards delivered (frequency, owners, and key viewers)? Options: Real‑time dashboards, Daily summaries, Weekly executive briefs, Ad hoc on incidents

    Smallest Experiment That Proves It

    • What's the smallest, lowest‑risk live experiment or pilot that would convince your board to proceed? Options: Small customer cohort (1–5%), Non‑revenue test accounts, Single product feature migration, Tokenization/authorization only pilot, Synthetic traffic validation
    • How many accounts or what transaction volume would you need in a pilot to feel statistically confident? Options: < 1k accounts, 1k–10k, 10k–100k, 100k–500k, > 500k
    • Which real migration scenarios must the pilot include (e.g., recurring payments, network‑tokenized e‑commerce, ACH funding flows)? Options: Recurring billers, E‑commerce tokenized, POS magnetic stripe fallback, ATM withdrawals, Rewards redemptions, Dispute lifecycle
    • What are non‑negotiable pilot success signals we should agree on before starting?
    • If the pilot meets success signals, what is the expected cadence to scale to the next wave? Options: Immediate weekly waves, Monthly waves, Quarterly waves, Review before each wave

    Who Owns the Fall‑Back?

    • When a critical incident happens during conversion at 2 AM, who do you want us to call first and why? Options: Head of Ops, CTO on call, Incident commander, Vendor liaison
    • What escalation timeframes do you require (time to acknowledge, time to start mitigation, time to restore)? Options: Acknowledge < 15 min, Mitigation start < 60 min, Restore < 4 hours, Restore < 24 hours, Other
    • Which contractual remedies or incentives matter most to you if SLAs are missed (credits, extended support, money‑back, liability caps)? Options: Service credits, Extended free support, Financial penalties, Enhanced remediation services, Other
    • How should communications to impacted customers be handled if a migration error affects cardholders? Options: We send dual messages (ours + vendor), Vendor drafts and we approve, Vendor handles communications, We handle all communications internally
    • Who owns post‑mortem and long‑term remediation tracking (roles and cadence)?
  3. Solution Experience

    Walk through outcome delivery using the customer’s real migration scenarios, cutover options, and rollback controls.

    Experience Meetings

    • Current State & Risk Confirmation
    • Migration Scenario Workshop — Real Account Walkthroughs
    • Cutover Options & Rollback Controls Review
    • Rehearsal & Failover Simulation Planning
    • Executive Alignment & Readiness Sign-Off
    • Ensure monitoring and alerting are defined to enable real-time go/no-go decisions during rehearsal and cutover.
    • Capture a prioritized list of residual risks and owners for mitigation before cutover.
    • Create finalized scenario runbooks (including pre-checks, data transforms, monitoring, rollback steps) and circulate for approval.
    • Add identified residual risks to the migration risk register with owners and mitigation deadlines.
    • Request any missing sample data or logs required to simulate scenarios in a rehearsal environment.
    • Recap Future-State Acceptance Criteria
    • Select a preferred cutover approach with documented rationale tied to quantified consequences and acceptance criteria.
    • Define explicit rollback triggers, control actions, and decision rights for the cutover execution.
    • Agree on immediate next steps to prepare a cutover plan and rehearsal schedule.
    • Document the agreed cutover plan and rollback playbook, including metrics-based triggers and named decision authorities.
    • Produce a communication and stakeholder notification matrix for rollback and cutover events.
    • Prepare acceptance-threshold monitoring dashboards and alerts required for go/no-go decisions.
    • Simulation Objectives & Scope
    • Agree on simulation objectives and pass/fail criteria that directly map to production acceptance thresholds.
    • Schedule rehearsals with confirmed roles, runbooks, and required test data/environments.
    • Introductions & Purpose
    • Publish a detailed rehearsal plan (dates, runbook steps, test cases, owners) and share with all participants.
    • Provision simulation environments and deliver required sample data sets and access credentials.
    • Build and validate monitoring dashboards and automated alerts for acceptance thresholds prior to rehearsal.
    • One-Sentence Recap: Current State → Consequence → Future State
    • Obtain executive-level sign-off to proceed based on demonstrated proofs and agreed acceptance criteria.
    • Confirm a short list of remaining preconditions, owners, and deadlines before the scheduled rehearsal.
    • Align governance and reporting cadence for deployment-phase execution and issues escalation.
    • Capture executive sign-off document with agreed scope, acceptance criteria, and any conditions attached to approval.
    • Publish a consolidated pre-deployment checklist with owners and dates for all outstanding items required before rehearsal.
    • Schedule the first full-scale rehearsal and invite necessary executive and operational stakeholders.
    • Agree and document a single-sentence current-state statement that all parties acknowledge.
    • Produce a quantified list of top failure modes and their operational/financial consequences.
    • Identify and assign owners for any missing evidence needed to run realistic migration scenarios.
    • Finalize and circulate the one-sentence current-state statement for sign-off by all meeting attendees.
    • Collect and share requested logs/metrics and sample records for scenario planning (owner and due date).
    • Create a short failure-mode register with estimated impact and probability to feed into scenario design.
    • Recap Preconditions
    • Validate complete, stepwise runbooks for each representative migration scenario with customer confirmation.
    • Demonstrate, with explicit ties back to consequences, how the proposed migration approach prevents or mitigates each failure mode.
    • One-Sentence Current State
    • Cutover Option Review
    • Select Representative Scenarios
    • Evidence Summary: Scenario Proofs & Simulation Results
    • Test Case Selection
    • Residual Risk Overview & Mitigation Plan
    • Evidence Review: Metrics & Failure Modes
    • Roles, Responsibilities & Runbook Walkthrough
    • Scenario Walkthrough #1 (Highest Risk)
    • Rollback Controls & Triggers
    • Scenario Walkthrough #2 (Edge Case)
    • Commercial & Operational Preconditions
    • Consequence Quantification
    • Monitoring, Telemetry & Acceptance Criteria
    • Decision Rights & Escalation Path
    • Decision & Sign-Off
    • Proof Points: How Each Option Achieves Future State
    • Logistics, Data & Environments
    • Scenario Walkthrough #3 (Representative Bulk Wave)
    • Customer Validation & Clarifications
    • Tiebacks: Proof → Problem
    • Vote & Select Preferred Cutover Plan
    • Agree Next Steps / Data Gaps
    • Post-Sim Assessment & Decision Gate
    • Capture Residual Risks & Mitigations
  4. Solution Scope

    Define modules, migration approach (parallel/phased), responsibilities, acceptance criteria, and compliance obligations.

    Scope Configuration

    • Real-time Authorization Processing
    • Fraud Scoring and Real-Time Risk Blocking
    • Cardholder Account Provisioning and Lifecycle Management
    • Physical and Virtual Card Issuance & Fulfillment
    • PIN Management and EMV Personalization
    • Tokenization and Network Token Management
    • Statement Generation and Billing Cycle Processing
    • Dispute and Chargeback Handling
    • Rewards Posting and Redemption Processing
    • Batch Clearing, Settlement, and Network Reconciliation
    • API Gateway with Webhooks and Event Streams
    • Regulatory Compliance Reporting and Audit Trails
    • Parallel Processing and Phased Account Conversion

    Scope Questions

    Real-time Authorization Processing

    • What target authorization availability do you require (SLA / objective)? Options: >99.99%, 99.9-99.99%, 99.5-99.9%, <99.5%, Custom/Unknown
    • What peak and average transactions-per-second (TPS) should the authorization engine support? Options: Peak <100 TPS, Peak 100-1,000 TPS, Peak 1,000-5,000 TPS, Peak 5,000+ TPS, Unknown
    • Which card networks and routing rules must be supported? Options: Visa, Mastercard, Amex, Discover, Other
    • Do you require custom routing or decisioning logic at authorization time (e.g., BIN routing, BIN split, issuer rules)? If yes, describe. Options: Yes, No
    • What end-to-end latency targets do you expect for authorizations (milliseconds)? Options: <100 ms, 100-250 ms, 250-500 ms, >500 ms, Custom/Unknown
    • Describe any offline authorization, store-and-forward, or retry behaviors currently used or required (free response).

    Fraud Scoring and Real-Time Risk Blocking

    • Do you currently use an in-house fraud model, a third-party provider, or a hybrid approach? Options: In-house, Third-party provider, Hybrid, None / Unknown
    • Which real-time actions do you want available based on scoring (e.g., decline, challenge, allow, route to specialist)? Options: Decline, Challenge / OTP, Allow, Route to specialist, Other
    • What acceptable false-positive tolerance or manual review rate do you require? Options: Very low (≤0.1%), Low (0.1-0.5%), Moderate (0.5-2%), High (>2%), Custom/Unknown
    • Do you need model retraining, custom features, or access to model explainability for decisions? Options: Yes - retrain, Yes - custom features, Yes - explainability, No
    • What data sources must be evaluated in real time (device fingerprinting, velocity, historical transactions, third-party risk signals)? Options: Device fingerprint, Velocity rules, Historical transactions, Third-party signals, Other
    • How should fraud alerts and alerts workflow integrate with operations (webhooks, ticketing system, email, dashboard)? Options: Webhooks, Ticketing integration, Email, Operational dashboard, Other

    Cardholder Account Provisioning and Lifecycle Management

    • How many live cardholder accounts and monthly active accounts will be on day one, and expected growth in 12 months? Options: <10k, 10k-100k, 100k-1M, 1M+, Provide numbers
    • Which provisioning methods are required: real-time API provisioning, batch onboarding, or both? Options: Real-time API, Batch import, Both, Other/Unknown
    • What lifecycle events must be supported (activation, suspension, closure, reissuance, fraud block, PIN reset)? Options: Activation, Suspension, Closure, Reissuance, PIN reset, Other
    • Do you require self-service capabilities for cardholders (mobile app/API) and what scopes (activate, lock/unlock, disputes)? Options: Activate, Lock/Unlock, Dispute initiation, Update contact info, Other
    • What KYC/identity verification integrations are required (vendors, data fields, workflow steps)?
    • Are there specific data fields or mappings from your legacy system that must be preserved during migration (free response)?

    Physical and Virtual Card Issuance & Fulfillment

    • Will you issue physical cards, virtual cards, or both? Options: Physical only, Virtual only, Both, Planned/Unknown
    • Which fulfillment vendors or partners do we need to integrate with (e.g., card manufacturer, personalization bureau, delivery providers)?
    • Do you require instant-virtual issuance and provisioning to digital wallets (Apple Pay, Google Pay, Samsung Pay)? Options: Yes - wallets, Yes - instant virtual only, No
    • What personalization attributes are required on plastic and virtual cards (name, BIN choice, co-branding, embossing)?
    • What fulfillment SLAs do you expect for physical card production and shipping? Options: 3-5 business days, 6-10 business days, >10 business days, Custom/Unknown
    • Are there special compliance or encryption requirements for card art, messaging, or carrier packaging? Options: Yes, No, Unknown

    PIN Management and EMV Personalization

    • Do you require online PIN management, offline PIN verification, or both? Options: Online PIN management, Offline PIN, Both, None
    • What HSM or key management solution must be integrated for PIN and EMV keys? Options: Customer HSM, Provider HSM, Cloud HSM, Unknown
    • Do you support EMV personalization profiles and need personalization file delivery to bureaus? Options: Yes, No, Planned
    • What PIN distribution methods do you use (mailers, IVR, in-app)? Options: Mailers, IVR, In-app / Push, None
    • Are there specific EMV kernel/version or personalization data elements required?
    • List any PCI, local regulatory or scheme-specific obligations for PIN/EMV handling that the project must meet.

    Tokenization and Network Token Management

    • Which tokenization types are required: network tokenization (TSP), device tokens, or gateway tokens? Options: Network tokens (TSP), Device tokens (wallet), Gateway tokens, Multiple / Unknown
    • Do you need integration with specific token service providers (e.g., Visa/Mastercard token services) or mobile wallet provisioning? Options: Visa, Mastercard, Amex, Wallets (Apple/Google), Other/None
    • What token lifecycle policies do you require (expiration, refresh, reissuance, mapping back to PAN)?
    • How should token-related events be surfaced to your systems (webhooks, events, reports)? Options: Webhooks, Event stream, Batch report, Other
    • Is fallback to PAN allowed in decline scenarios, and what controls govern fallback? Options: Allowed, Not allowed, Controlled/Conditional
    • Describe any expected volume or TPS for tokenization requests vs PAN authorizations (free response).

    Statement Generation and Billing Cycle Processing

    • How many distinct billing cycles and statement runs do you require (monthly, multiple cycles)? Options: 1 cycle (monthly), 2-4 cycles, More than 4, Custom
    • Which statement formats and delivery channels are required (PDF, HTML, email, portal)? Options: PDF, HTML, Email delivery, Customer portal, Postal delivery
    • Are there complex billing rules needed (proration, interest calculations, scheduled charges, installment plans)? Options: Yes - proration/interest, Yes - installments, No / Basic
    • Do statements require multi-language or multi-currency support? Options: Multi-language, Multi-currency, Both, No
    • What historical statement data (months/years) needs migrating for customer access or regulatory reasons? Options: None, Last 12 months, Last 24 months, All history / Custom
    • Are there reconciliation or billing dispute flows that should integrate with statements (adjustments, credits)? Options: Yes, No, Planned

    Dispute and Chargeback Handling

    • Do you require automated representment workflows and evidence bundling for chargebacks? Options: Yes - automated representment, Manual only, Hybrid, Unknown
    • Which chargeback reason codes and timeframes are most relevant to your portfolio?
    • Should disputes integrate into a customer-facing portal or remain internal to operations? Options: Customer-facing portal, Internal only, Both
    • What SLA targets do you require for dispute acknowledgement, investigation, and representment? Options: 24 hours, 48 hours, 72+ hours, Custom
    • Do you need analytics and root-cause reporting for dispute drivers (merchant, BIN, product)? Options: Yes, No
    • Are there specific integrations required (issuer dispute portals, scheme portals, case management systems)?

    Rewards Posting and Redemption Processing

    • What earning rules and categories must be supported (base earn, bonus categories, merchant-funded rewards)?
    • Which redemption channels do you require (statement credit, statement balance, partner catalog, transfer)? Options: Statement credit, Balance paydown, Partner catalog, Transfer, Other
    • How should reward liability be calculated and reported (accrual basis, immediate posting)? Options: Accrual, Immediate posting, Custom
    • Do you need promotional or limited-time offer mechanics (bonus multipliers, time windows)? Options: Yes, No
    • Are there partner integrations required for redemptions (merchants, loyalty platforms)? Options: Yes - partners, No
    • What reporting cadence and KPIs do you need for rewards (redemption rate, breakage, liability)?

    Batch Clearing, Settlement, and Network Reconciliation

    • Which clearing and settlement windows do you operate against (daily, intra-day batches)? Options: Daily, Intra-day multiple batches, Real-time settlement, Custom
    • What currencies and multi-currency settlement requirements exist? Options: Single currency, Multi-currency, FX conversion required, Unknown
    • What reconciliation tolerances and exception workflows must be supported (amount thresholds, auto-resolve rules)?
    • Do you require integration to treasury or core banking systems for settlement posting? Options: Yes - integration required, No
    • How should clearing files be exchanged (SFTP, ISO 20022, API)? Options: SFTP, ISO 20022, API, Other
    • Describe any multi-entity netting, subledger, or pass-through settlement needs (free response).
  5. Mutual Commit

    Finalize commercial terms, SLAs, liability allocations, and governance for migration and ongoing operations.

    Agreement Modules

    • Master Services Agreement (MSA)
    • Statement of Work (SOW)
    • Service Level Agreement (SLA)
    • Commercial Terms & Pricing Schedule
    • Payment & Billing Schedule
    • Data Processing Agreement (DPA)
    • Security & Compliance Addendum
    • Migration Governance & Runbook
    • Acceptance Criteria & Sign-off
    • Transition Services Agreement (TSA) / Cutover Support
    • Liability, Indemnity & Cap Allocation
    • Change Order Agreement
    • Termination & Exit Plan
    • Insurance & Risk Transfer
    • Network & Third-Party Certification Commitments
  6. Deployment

    Operationalize rollout with readiness checks, enablement, and outcome validation.

    1. Pre-Deployment Readiness

      Confirm data extracts, test environments, access, rollback plans, and verified owners are ready for execution.

      Readiness Questions

      Quick Alignment — who’s at the table?

      • Who from your organization will be the primary, day-to-day migration owner we should work with? Options: Head of Cards / Head of Product, CTO / Head of Engineering, Head of Operations, Program Manager, Other (please name), TBD
      • Which stakeholders must receive routine status updates during pre-deployment and cutover (use roles, not names)? Options: Head of Cards, CTO, CFO, Head of Ops, Head of Fraud/Risk, Compliance/Legal, Customer Support, Third-party partner(s)
      • What business outcome(s) are absolutely non‑negotiable at go-live (pick all that apply and add details below)? Options: Authorization availability target, No loss of cardholder balances, Reconciliation parity, No regulatory reporting gaps, Minimal customer support impact, Other (please specify)
      • Do you have any absolute blackout dates or business cycles that would prevent a cutover (quarter end, holiday season, marketing campaigns)? Please list. Options: No blackout dates, Quarter-end / month-end close, Holiday peak season (specify dates), Planned product launches, Regulatory filing windows, Other (please describe)
      • How many active card accounts (and average daily transactions) do you expect to include in your initial conversion wave?

      If Something Breaks, Who Actually Catches It?

      • If an unexpected authorization outage occurs within 48 hours of go‑live, who in your organization will be accountable for ‘go/no-go’ decisions and external communications?
      • List the escalation contacts we must reach and the expected response SLA for each role. Options: 15 minutes, 30 minutes, 1 hour, 4 hours, Same business day
      • Which internal teams will own incident resolution for the following areas: network connectivity, fraud rules, settlement/reconciliation, and customer support? Options: Network/Connectivity, Fraud/Risk, Settlement/Reconciliation, Customer Support/Service, Cards Product, Engineering/Platform, Third-party vendors
      • Have you previously run a cutover tabletop or war‑room exercise for a migration like this? If yes, summarize the biggest surprise. Options: Yes — recently (within 6 months), Yes — but more than 6 months ago, No, never
      • What internal decision criteria (metrics or thresholds) would automatically escalate an incident to executive attention? Options: Auth success below threshold, Unreconciled balances, Customer-impacting incidents > X%, Regulatory reporting failure, Other (please describe)

      Where Are The Data Landmines?

      • If one data field in your conversion extract were wrong, which one would cause the most damage (examples: BIN mapping, account balance, token mapping, card status)?
      • Which data extracts will you provide for conversion (choose all that apply)? Options: Cardholder master, Account balances, Transaction history, Pending/authorized transactions, Tokens and PANs, Card status/blocks, PINs / PIN offsets, Rewards balances and rules, Disputes and chargebacks, Fee schedules, Other
      • How would you characterize the current cleanliness of those extracts? Options: Production-ready with minimal transformation, Minor known issues that require mapping, Significant normalization and deduplication required, Extracts not yet available
      • Do you maintain a data dictionary and sample extract schemas we can validate against? If so, how will those be shared? Options: Yes — accessible via secure share, Yes — available but needs grooming, No — we can create on request, No — we need help producing one
      • Are there any PII/PCI or regional data residency requirements that will affect how extracts are transferred or stored? Options: PCI requirements, GDPR / Data residency, State-level privacy laws, Internal encryption / tokenization required, No special constraints, Other (please specify)

      Are Our Test Environments Real Enough?

      • If your QA/staging environment had to mirror production for one thing only (latency, volume, network behavior, or data fidelity), which would you pick and why? Options: Latency/response characteristics, Production-scale volume, Network-side behaviors (networks/switches), High-fidelity data, Security/perimeter configuration
      • Which environments will be available for end-to-end migration rehearsals? Options: Development (Dev), Quality (QA), User Acceptance (UAT), Staging/Pre‑Prod, Production shadow / dual-run, None of the above
      • Will we have production-sized datasets and live network connectivity (or equivalent mirrors) for load/performance testing? Options: Yes — full prod-sized dataset and live connectivity, Partial dataset with network mirrors, Mocks/simulators only, No, not available
      • Which test accounts or scenarios should be prioritized for dress rehearsals (e.g., high-value merchants, BINs, tokenized flows, rewards redemptions)?
      • How many full dress rehearsals do you believe are necessary to be comfortable with go‑live, and what would be the exit criteria for each rehearsal? Options: None, 1, 2-3, 4 or more

      Can We Undo This If It Goes Sideways?

      • If a critical failure occurs during cutover, what rollback approach would you most trust to protect cardholders and balances?
      • Which rollback/fallback models are acceptable to you? Options: Full rollback to legacy platform, Phased rollback per conversion wave, Freeze new activity and continue legacy processing, Manual remediation workflows, Hotfix on new platform (no rollback)
      • What is the maximum decision window you require before initiating a rollback (i.e., how long can we wait to decide)? Options: 15 minutes, 30 minutes, 1 hour, 4 hours, Same business day
      • Who has delegated authority to approve a rollback, and how will that approval be documented?
      • Do you have a communications and legal playbook for informing cardholders and partners if we must rollback? If not, who will prepare it? Options: Existing playbook — ready, Playbook exists but needs updating, No playbook — will create, Legal/comms will own

      Who Has The Keys — Access, Credentials, and Controls

      • How many distinct teams or external vendors will require admin or privileged access during pre‑deployment and cutover, and who controls those credentials today?
      • Which authentication and access patterns should we use for migration access (choose all that apply)? Options: SSO / SAML, OAuth, API keys, LDAP, Just-In-Time (JIT) privileged access, Permanent VPN credentials, Bastion host / jump server
      • Will vendor/partner access to production be permitted during cutover, and if so under what controls (JIT, monitoring, session recording)? Options: Yes — JIT only with monitoring, Yes — permanent access allowed, Limited via VPN with audit, No vendor production access
      • How will credentials be provisioned and revoked at cutover closeouts, and who verifies revocation?
      • Do you require specific audit trails or session recording for all privileged sessions during migration? Options: Yes — full session recording required, Yes — activity logs sufficient, No special auditing required, Other (please specify)

      When Will We Know It's Working?

      • What single, measurable metric reported to your executives would make you call this migration an unqualified success?
      • Which acceptance criteria must be met before we sign off on converted accounts (select all that apply)? Options: Authorization success rate >= target, Transaction latency within SLA, Reconciliations match within tolerance, No open critical incidents for X hours, Customer support impact within threshold, Regulatory reports validated
      • What authorization availability target should be used for acceptance (choose the closest option or specify a custom target)? Options: >= 99.99% (best-in-class), >= 99.95%, >= 99.9%, < 99.9% — custom target, Other (specify)
      • Which monitoring dashboards, alerts, and owners will be used to evaluate health in the first 72 hours post-cutover? Options: Auth success rate dashboard, Latency P95/P99, Error rate by BIN/Issuer, Reconciliation / settlement variance, Customer support volume & NPS, Fraud alert volume
      • Who provides the formal acceptance sign-off (role and backup), and what format will that sign-off take (email, signed doc, ticket closure)? Options: Named executive sign-off (email), Operations sign-off (ticket), Legal/compliance sign-off (document), Automated metric gate closure, Other (specify)

      Last-Mile Logistics — schedules, comms, and fallbacks

      • If the go-live were delayed by 48 hours at the last minute, what business impacts would you incur and which stakeholder(s) would object most strongly?
      • What is your preferred go-live window (dates/times), and are there secondary windows we should hold as backups? Options: Weekday business hours, Weekend (preferred), Overnight/low-traffic window, Specific dates (please specify), Flexible — will align
      • Which external parties must be coordinated for the cutover (card networks, acquirers, partner processors, BIN sponsors), and who will own each contact?
      • What customer-facing communications (email, SMS, in-app, statement messaging) must be issued as part of the migration, and who approves content? Options: Email, SMS, In-app notification, Statement messaging, IVR / support script updates, No customer communications required
      • Do you have fallbacks for card reissuance, PIN migrations, or failed token mappings, and who owns those operational processes? Options: Reissue cards procedure ready, PIN migration plan ready, Manual token reconciliation process, No formal fallback — will build if needed
    2. Deployment Enablement

      Schedule conversion waves, coordinate engineering and operations tasks, and execute cutover with clear escalation paths.

    3. Validation Checklist

      Verify account conversions, transaction integrity, monitoring thresholds, and sign off on acceptance criteria.

      Validation Questions

      Getting Acquainted: Your Migration at a Glance

      • Briefly describe your current card processing setup and what prompted you to explore a migration now.
      • Which best describes your organization’s issuer scale today? Options: Top 20 bank (tens of millions of accounts), Regional bank / large CU (1–10M accounts), Mid-market bank / fintech (100k–1M accounts), Early-stage fintech (<100k accounts)
      • Which card products and networks are in scope for this migration? Options: Credit, Debit, Prepaid, Private label, Visa, Mastercard, AmEx, Discover, Other
      • Roughly how many active cardholder accounts and monthly authorizations will be in the initial migration wave? Options: <50k accounts / <100k auths, 50k–250k / 100k–1M auths, 250k–1M / 1M–5M auths, 1M–5M / 5M–20M auths, >5M / >20M auths
      • Who are the primary internal stakeholders we should engage (roles and names if available)?

      What Keeps You Up at Night About This Move?

      • If this migration caused a visible degradation in transaction processing, what would be the single biggest business consequence?
      • How many basis points of authorization availability do you currently lose to incidents per month, and what would you consider acceptable during migration? Options: <1 bps, 1–5 bps, 5–20 bps, >20 bps, I don’t have this metric
      • Tell us about a recent production incident or cardholder-impacting failure — what happened, who noticed it first, and why did it stick with you?
      • Which of these migration fears feel most real for your team right now? Options: Mass authorization failures, Data loss or mismatched balances, Cardholder authentication issues, Network settlement or clearing gaps, Regulatory or reporting lapses, Operational overload during cutover
      • How would a significant incident during conversion make you feel about your vendor relationships and internal leadership?

      Where Your Ops and Tech Silos Hide Risk

      • Which hidden operational or data gaps would surprise your execs if they were fully visible during conversion?
      • Which integrations and third-party dependencies are most critical to get right on day one? Options: Card networks (Visa/MC/AmEx), Fraud/riskscore providers, Issuer core/billing systems, Customer portal/mobile apps, Card personalization vendor, Settlement/clearing partners, Rewards/loyalty engines
      • How would you rate the overall quality of your account, card, and transaction data today? Options: High — automated reconciliation & clean, Moderate — some gaps we patch, Low — multiple known issues, Unknown — we haven’t measured
      • Describe your current reconciliation and exception workflow — who touches it, how long it takes, and where bottlenecks appear.
      • Which teams own the most fragile runbooks or manual steps that will be involved in cutover?

      What 'Good' Actually Means — Measurable Signals

      • If we could guarantee one metric post-migration that would convince your CFO and CTO, which metric would you pick? Options: Authorization availability (basis points), Avg. authorization latency (ms), Decline rate for valid transactions, Reconciliation accuracy, Time-to-market for new products, Cost per transaction
      • What exact target and tolerance would you set for that metric in the first 30, 90, and 180 days?
      • What SLAs, credits, or remediation do you expect if those targets aren’t met? Options: Financial credits, Dedicated remediation team, Extended warranty support, Termination rights, Escalation to executive sponsor
      • How do you prefer success be reported and validated (dashboards, daily syncs, automated reports, third-party audit)? Options: Real-time dashboard, Daily executive summary, Automated exception reports, Third-party validation/audit, Ad-hoc deep dives
      • Who must sign off on acceptance at each milestone (roles and approval thresholds)?

      Cutover and Rollback: What Would Make You Sleep at Night?

      • What single control or capability during cutover would make you confident enough to proceed live?
      • Which cutover approach do you believe aligns with your risk appetite? Options: Parallel processing with dual-authorizations, Phased / wave-based conversion, Big-bang with pre-cutover freeze, Hybrid (parallel for high-value cohorts)
      • What are your non-negotiable rollback criteria (e.g., X% auth failures, Y minutes of outage, revenue impact thresholds)?
      • What test coverage and live-scenario runs do you require before authorizing a production cutover? Options: End-to-end smoke in staging, Full reconciliation dry run, Live pilot with limited cohort, Network certs & settlements dry run
      • Who is empowered to call a pause or rollback during cutover, and what escalation path should follow?

      Experience Test: Walking Through a Real Migration Story

      • Imagine migrating your highest-risk 100k accounts tomorrow — which single scenario must we run end‑to‑end to prove readiness?
      • Which sample scenarios are highest priority for your business validation? Options: PAN migrations with active subscriptions, BIN and product code changes, Reward balance and statement history migration, Recurring payments and merchant tokens, Lost/stolen card flows and reissuance, Chargeback and dispute lifecycle
      • What production-like data and test customers can you provide to validate migration fidelity? Options: Full anonymized subset, Synthetic but realistic dataset, Tokenized production samples, No sample available — we need guidance
      • What acceptance criteria would you apply to each scenario (examples: zero data drift, <0.1% balance variance, reconciliation closed within 24hrs)?
      • How would we jointly run a pilot (timeline, cohort selection, success gates) and who needs to be in the pilot steering calls?

      Money, Contracts, and the Fine Print

      • What contract clause or commercial unknown would cause you to pause negotiations or delay a signature?
      • Which commercial terms matter most for you right now? Options: Predictable pricing, SLA credits & uptime guarantees, Liability limits, Data ownership & portability, Exit & migration assistance
      • What internal approval gates (finance, legal, procurement) and timeline are required for a commitment? Options: Finance approval, Legal/compliance sign-off, Procurement review, Board/CEO approval
      • Do you have budget allocated for this project in the next fiscal period, and if so what is its status? Options: Budget approved, Budget requested / pending, No budget yet — exploring, Unsure
      • What commercial model do you prefer for migration cost and ongoing processing? Options: Fixed migration fee + per-transaction, Time & materials for migration + per-transaction, Subscription with usage tiers, Blended fixed + usage

      People, Governance, and Who Decides

      • If this project started tomorrow, who in your org would be most likely to block it — and why?
      • Which of these roles are already committed to participate in migration governance? Options: Head of Cards, CTO/Head of Engineering, CFO, Head of Operations, Head of Risk/Fraud, Legal/Compliance
      • How many full‑time equivalent (FTE) resources can you realistically assign over the next 3 months? Options: <1 FTE, 1–3 FTEs, 4–8 FTEs, >8 FTEs
      • Describe your preferred governance cadence and escalation model for delivery (e.g., weekly PMO, daily cutover war room, executive checkpoints).
      • What cultural or change-management barriers do you anticipate internally, and how have you overcome similar blockers before?

      Monitoring, Alerting and Who Watches the Store

      • What monitoring thresholds or alerts would compel immediate action from your team during the first 90 days? Options: Auth availability drop > X bps, Auth latency > X ms, Spike in decline rate, Reconciliation variance > X%, Fraud rate increase
      • Which telemetry and dashboards must be available in real time on cutover day? Options: Auth success/availability, Latency heatmaps, Decline reason breakdown, Settlement windows/status, Exception queue length
      • Who owns the alerts (vendor, joint ops, internal NOC) and who gets escalated copies? Options: Vendor first-line, Joint ops team, Internal NOC/On-call, Executive on-call
      • What automated mitigations (circuit breakers, throttles, fallback routing) would you insist on having in place? Options: Automatic rollback, Failover to legacy processor, Token-level throttles, Manual hold and review
      • How do you want post-launch support structured (runbook handover, 24/7 joint support, fixed-duration elevated support)? Options: 24/7 elevated support for 30 days, 24/7 for 90 days, Business hours plus on-call, Handover to internal ops immediately

      Acceptance, Reporting, and Long-Term Confidence

      • What formal acceptance process do you expect after each milestone (who signs, what evidence is required)?
      • How frequently do you want status and SLA reports once live? Options: Real-time dashboard, Daily for first 30 days, Weekly for 90 days, Monthly thereafter
      • What independent validation or audit would increase your confidence (third‑party testing, SOC report, sample reconciliation attestation)? Options: Third-party migration audit, SOC/ISO compliance reports, Sample reconciliation attestation, None required
      • What business metrics should we track together as ongoing KPIs beyond operational SLAs (e.g., product launch velocity, cost-to-serve, NPS)? Options: Product launch time, Cost per transaction, Cardholder NPS, Fraud losses, Reconciliation variance
      • Who will own the post-launch roadmap for enhancements and how do you want to capture backlog and feature requests? Options: Joint roadmap committee, Vendor-owned backlog, Customer-owned backlog with vendor delivery, Other

      Next Steps — What Would Build Mutual Confidence?

      • What would you need to see from us in the next 7 days to feel confident moving toward a formal proposal? Options: Detailed milestone plan, Pilot plan and cost estimate, Reference calls with similar migrations, Preliminary commercial terms
      • Which quick wins or low-risk pilots would you be willing to run to accelerate trust? Options: Sandbox cert for integrations, Small pilot cohort conversion, End-to-end reconciliation dry run, Fraud rules test in shadow mode
      • Realistically, what is your internal timeline for a final decision and contract signature? Options: <1 month, 1–3 months, 3–6 months, >6 months, Undecided
      • Who else should we bring into the next conversation to remove blockers or speed approvals?
      • Is there anything we haven’t asked that would materially change your view of migration risk or readiness?
  7. Success

    Review measured outcomes against success signals, capture lessons, and track issues and enhancement requests.

    Success Reviews

    • Success Review & Validation Workshop
    • Lessons Learned & Incident RCA Session
    • Enhancement Backlog Prioritization & Roadmap Workshop
    • Operational Metrics, Monitoring & Governance Alignment
    • Executive Outcomes & Commercial Decision Meeting

    Issues & Enhancements

    • Establish a governance cadence for ongoing prioritization and acceptance of enhancements.
    • Produce incident postmortems with timelines, root causes, and corrective actions.
    • Update operational runbooks and monitoring playbooks to incorporate lessons learned.
    • Create implementation tickets for permanent fixes with owners and target dates.
    • Review of Collected Enhancements
    • Agree on a prioritized enhancement backlog tied to customer outcomes.
    • Establish a proposed delivery roadmap with owners and rough estimates.
    • Identify enhancements that require commercial or compliance approval.
    • Publish the prioritized roadmap with RICE/MoSCoW scoring and owners.
    • Request engineering estimates for the top N items and update timelines.
    • Initiate commercial review for items needing contract or funding changes.
    • Monitoring Dashboard Review
    • Confirm operational thresholds and monitoring coverage to detect regressions early.
    • Agree on escalation and on-call responsibilities to reduce time-to-resolution.
    • Welcome & Objectives
    • Deliver updated monitoring dashboards and alert definitions to customer operations.
    • Document and publish escalation contact lists and on-call rotation.
    • Schedule recurring governance/steering meetings with agendas and owners.
    • Executive Summary of Outcomes
    • Obtain executive alignment on whether to accept the migration outcomes and transition to steady-state.
    • Secure approvals for any commercial or funding actions required for prioritized enhancements.
    • Confirm executive sponsorship and schedule for agreed next-phase deliverables.
    • Issue a short Executive Outcomes memo capturing decisions, funding approvals, and next milestones.
    • Update commercial agreements or create change orders for approved roadmap items.
    • Assign executive sponsor(s) to the ongoing governance and roadmap delivery.
    • Ensure all stakeholders agree on whether each success signal was met or not.
    • Make the business consequence of any gaps explicit and quantified.
    • Obtain customer confirmation (acceptance or remediation request) and assign owners for next steps.
    • Publish a measurement report with raw data sources, pass/fail per success signal, and formal customer acceptance or exceptions.
    • Create remediation tickets for failed signals with owners and due dates.
    • Schedule the follow-up validation checkpoint to re-measure remediation effectiveness.
    • Pre-work Review & Incident List
    • Identify root causes for top incidents and determine permanent remediation.
    • Capture operational lessons and update runbooks/playbooks.
    • Assign owners and timelines for fixes and control improvements.
    • Current State Snapshot (one-sentence)
    • SLA Performance & Exceptions
    • Map Enhancements to Success Signals & Business Value
    • Top Incident RCA (1)
    • Financial Impact & ROI
    • Measured Outcomes vs Success Signals
    • Constraints & Impact Assessment
    • Residual Risk & Mitigation Plan
    • Escalation Paths & On-call Responsibilities
    • Top Incident RCA (2)
    • Prioritization Exercise
    • Commercial Implications & Options
    • Governance Cadence & Roles
    • Cross-cutting Process & Tool Gaps
    • Consequence & Delta Analysis
    • Preventive Controls & Permanent Fixes
    • Draft Roadmap & SLA/Support Expectations
    • Future State Confirmation
    • Decision & Approvals
    • Change Management & Release Controls
    • Customer Validation & Sign-off
    • Decision & Funding Path
    • Document Lessons & Knowledge Transfer
    • Immediate Next Steps & Owners
First-Party AI

1-2 minutes please — Your AI agent is working

First-Party AI™ can make mistakes. Always check important information.