How Cancer Research UK streamlines donations with AWS-based payment system

Every year, more than 18 million people worldwide get diagnosed with cancer; by 2040 that number is expected to rise to 28 million per year. Currently, two in every four people survive their cancer for at least 10 years, and Cancer Research UK (CRUK) is aiming to see this increase to three out of four by 2034. 

Pioneering work by CRUK has already been pivotal to survival rates in the UK doubling in the last 40 years. To up the odds of achieving the 3/4 higher survival rate requires money, and lots of it. CRUK spent £443 million towards cancer research projects in its last financial year, supporting over 4,000 scientists, doctors and nurses working to prevent and treat the disease.

The vast majority of this research spend is covered by money the cancer charity raises from donations: of a total income of £668 million in 2021/22, £426 million – almost two-thirds - came from donated income, including legacies.

This makes having a fast, secure and reliable payment system vital for CRUK, to ensure it’s easy and quick for supporters to make donations. But a few years back, this wasn’t the case.

Legacy

Back in 2014, CRUK had switched over to AWS cloud technology as part of its journey to re-architect its old, existing architecture, mostly founded around Oracle. Pete Ainsworth, Head Of Platform Engineering at Cancer Research UK, says:

It was very rooted in Siebel CRM, we had Oracle BI attached to that, and then we used the Oracle CMS on top of that. We found that the Oracle CMS was too constricted and so we started rebuilding some of the websites as an early foray into alternative engineering our front-facing websites. We started looking into the business functions that Oracle was doing for us and found we could achieve much greater agility if we started to break out some of those functions and develop them as dedicated solutions.

As part of this project, CRUK reworked key functions like taking donations, event management, fundraising into web service products, which was the birth of the original payment system.

Donations were accepted via a monolithic application, which handled all payment card processing using a dedicated PCI-DSS-compliant hosting solution that lacked auto-scaling. This limited CRUK’s ability to deal with more traffic and required additional capacity to accommodate predicted increases. It also had a detrimental effect on donations during high-profile opportunities, frequently resulting in downtime during events like the ‘Stand Up To Cancer’ TV telethons. Ainsworth explains:

Those products are now around eight years old. They served us very well for a long period, but they were very much built out in the mindset of the day, pre the explosion of micro-services, DevOps and modern practice; more a large, monolithic application, built in the previous engineering strategy of the time that very much focused on vendor-agnostic solutions. That was a key focus at the time: let's not get as locked into another vendor like we did with Oracle.

CRUK ran the web services on EC2s, which got the charity operational in those key areas like donations and fundraising. But it was a fairly rigid system, with a proliferation of different technologies, languages, toolsets and hosting solutions. Ainsworth adds:

We found that actually restricted our agility on an ongoing basis. It introduced a lot of complexity within the environment.

CRUK set up a new engineering strategy in 2018 designed to counter these issues. The first instantiation of that strategy was a payments rearchitecture, which started in earnest in 2019. Ainsworth says:

There was a huge amount of discovery that went into it, it was a hugely complex application. In 2019, we set out our stall to say, we have to do this complex rearchitecture. We have a very core important product that is taking millions for us in donations, it's highly critical to the business, it's a very difficult thing to re-architect from a legacy infrastructure and a legacy application.

Development 

The charity took a development approach that it had observed in other organizations like the GDS. It set up a team, and then isolated them from the usual practices and processes in operation in the technology department at the time. This allowed them to operate almost in silo, and push much further ahead as a result, according to Ainsworth:

To do that, we set out a couple of initial guidelines: it has to be done in AWS, and it has to be done using cloud-native technologies. If they came up against a limitation in AWS, then they could look at other tools, but only then, and they would do it in serverless and using JavaScript front end and back end.

Out of that new engineering strategy, CRUK developed its latest Payments Web Service, which is an in-house, serverless product for managing online payments and donations. While the system is still PCI-DSS-compliant, one major difference is that it offloads payment card processing to the payment service provider, a big driver for the tech update. Ainsworth explains:

We wanted to offload card processing to the payment provider, but this wasn't an option when we built our original payments system. Since innovations had come through where you have things like hosted fields, we’re able to offload that PCI DSS requirement. We wanted to take advantage of that so that the application we were building was the thinnest piece of the functionality we needed, a front-end and the data processing only. That enabled us to build something much more future thinking.

This makes it easier for CRUK to handle peaks in donations, up to 800 transactions per second, and scale up or down as required. The latest cloud-based payment service is also 94% cheaper compared to the legacy system. 

The transition from legacy payment system to the current AWS version was vital for the charity to keep operating in the digital world. Ainsworth says:

We are the largest independent funder of cancer research in the world, and we are entirely funded by the generosity of the public. Our ability to take donations is at the core of our ability to be sustainable and in an increasingly digital world, the Payments Web Service is an absolutely foundational piece of that puzzle.

The organizational agility that the new payment platform offers is a huge benefit, letting CRUK adapt and move much more quickly as new requirements come along. The charity initially set up the single donation form, which is the form on the front page of its website. The next stage was for repeated donations, and then direct debits.

The AWS tech also made it easier to align with roadmaps of other products. When it came to migrating the payments system over to online fundraising, the process of doing so was much simpler because of the way it was set up:

That's what we're finding every time we come across a new requirement for our payment system, it almost feels like a breeze. Compared to the changes before, we're able to achieve that much quicker, meaning we're able to also step into more innovative spaces and much quicker.

Experimental 

It’s not only fund-raising where the AWS tech is making a difference. CRUK is rolling out the organizational agility it has achieved through payments to other platforms, resulting in new innovation around its core purpose.

One example is the Experimental Cancer Trial Finder (ECTF), which is built using AWS tech on the same principles as the Payments Web Service, but in this case to help clinicians find suitable trials for their patients. ECTF provides a centralized platform for research sites to upload their clinical trial information, and doctors can search through this database to find trials. Ainsworth says:

Previously this was done in a very manual way, shifting paper around in oncologists’ rooms. Now oncologists have a service they are able to access directly, which has all of the key details they need to match a patient in the room with them to a trial, all at the click of a button. It's hugely changed the way we're able to accelerate the outcomes of trials but also improve outcomes for patients.

There are currently over 600 trials available in the system. These are reviewed monthly to ensure the information is up to date and relevant, and are all accessible to clinicians around the UK.