Case Study
LawGuard (Guardian Product Solutions, LLC)
LawGuard sells legal insurance directly to consumers online, underwritten by Professional Solutions Insurance Company. eWay designed and built the public-facing website and eCommerce platform on AWS using a serverless Lambda architecture, integrated with BriteCore policy administration, Authorize.Net payment processing, and SmartyStreets address verification. The platform achieved full PCI compliance for the entire solution including software and architecture, and was engineered to scale from hundreds to hundreds of thousands of customers per month.
- Industry
- Insurance
- Platform
- Custom Application on AWS
- Services
- Custom Application Development + PCI Compliance + Cloud Hosting
- Engagement
- Project-based
Client Snapshot
About LawGuard (Guardian Product Solutions, LLC)
- Scale
- Direct-to-consumer legal insurance platform underwritten by Professional Solutions Insurance Company
- Website
- www.lawguard.com
LawGuard, the trade name of Guardian Product Solutions, LLC, provides legal insurance to consumers across the United States. LawGuard Legal Insurance reimburses buyers for costly attorney fees while putting them in control with the power to choose any attorney they want, anywhere in the world.
Legal insurance from LawGuard is underwritten by Professional Solutions Insurance Company, headquartered in Clive, Iowa. The product offers consumers protection against the unpredictable cost of legal representation while preserving their freedom to select counsel of their own choosing.
The Challenge
An eCommerce platform that sells insurance, integrates with policy admin, and meets PCI.
In 2020, LawGuard selected BriteCore as their new policy administration vendor for legal protection plans. BriteCore would handle back-end policy administration, but LawGuard needed a public-facing website and eCommerce platform that could sell policies online, verify customer information, charge credit cards, and integrate with BriteCore via REST API to issue policies after payment.
The platform needed to scale from a few hundred customers to hundreds of thousands of customers per month. It needed to process credit card transactions securely. It needed to store and process personally identifiable information. And it needed to achieve full PCI compliance for both the software and the architecture, not just the payment processing in isolation.
The technical bar was high: a serverless architecture that could scale to traffic levels far above the launch baseline, tokenized API calls protecting the integration with BriteCore, fraud detection during checkout, WAF protection against DDoS and OWASP-class threats, and CDN-backed content delivery.
What the platform had to deliver
Public-facing website and eCommerce platform selling policies online
REST API integration with BriteCore for policy issuance after payment
Credit card transaction processing through Authorize.Net
Advanced fraud detection including address verification against vendor data
Scale from hundreds to hundreds of thousands of customers per month
Full PCI compliance for software and architecture
WAF protection against DDoS, OWASP Top 10, bots, and malware
The Solution
Decoupled AWS architecture with Lambda business logic and full PCI compliance.
eWay designed a secure, resilient, and scalable architecture on AWS Cloud Infrastructure. The website, database, BriteCore integration, and backend services were decoupled so each could scale independently. Most of the business logic runs on AWS Lambda, a serverless event-driven compute service that scales automatically without provisioning. Security is layered: AWS WAF on the perimeter, tokenized API calls through API Gateway in the middle, and PCI compliance applied across the entire stack rather than at the payment-processing boundary alone.
Secure, scalable AWS architecture with decoupled backend services, website, database, and BriteCore API integration so each tier scales independently
AWS Lambda for the bulk of business logic, providing serverless event-driven compute that scales to millions of users without manual intervention
Tokenized API calls through an API Gateway acting as a proxy for backend services and the BriteCore insurance platform
Authorize.Net payment gateway integration for credit card authorization and capture
Advanced fraud detection rules and filters including billing address verification against vendor street-address data through SmartyStreets
AWS WAF protecting against DDoS attacks, injections, malware, bots, and OWASP Top 10 threats
CloudFront CDN delivering static content from edge locations close to users
DevOps process based on industry best practices for on-demand build, test, and deploy without operations team support
Full PCI compliance work across both the software and the architecture, ensuring the entire solution meets PCI standards rather than the payment processing alone
Architecture
A glimpse of the stack
Cloud
AWS with Lambda, API Gateway, WAF, and CloudFront CDN
Frontend
Angular, HTML, CSS, JavaScript
Backend
Node.js APIs on Lambda, MySQL database, REST/JSON
Integrations
BriteCore policy admin, Authorize.Net payments, SmartyStreets address verification
The Outcome
A serverless eCommerce platform engineered for PCI compliance and scale.
Serverless scale without manual intervention
AWS Lambda runs the bulk of the business logic, scaling automatically as traffic grows. The platform was designed to handle scaling from hundreds of customers to hundreds of thousands per month without operations-team intervention.
PCI compliance across the entire solution
Compliance work covered both the software and the architecture rather than treating payment processing as an isolated PCI scope. Tokenized API calls, hardened infrastructure, and disciplined data handling produced a platform that meets PCI standards end to end.
Defense-in-depth security
AWS WAF blocks DDoS attacks, injections, malware, bots, and OWASP Top 10 threats at the perimeter. API Gateway with tokenized calls protects the integration boundary between backend services and BriteCore. The result is a security posture appropriate for a platform that processes payments and PII.
Fraud prevention at checkout
Advanced fraud detection rules and filters include billing address verification against vendor street-address data. Fraudulent transactions are blocked before they become chargebacks or refund claims, reducing operational cost and risk.
The LawGuard platform demonstrates the depth of capability eWay brings to AWS-native eCommerce work: serverless architecture, PCI compliance, fraud prevention, payment processing, third-party API integration, and security discipline appropriate for handling payments and PII at scale. The same capability applies to any institution where a public-facing site needs to handle payments under PCI scope, including higher-education tuition and fee payments, healthcare patient billing, and government fee collection.
Common questions about this engagement
What buyers ask before engaging us on a project like LawGuard (Guardian Product Solutions, LLC)
What does PCI compliance for software AND architecture mean in practice?
PCI DSS compliance commonly focuses on the payment processing boundary itself: tokenization, point-to-point encryption, scope reduction. For LawGuard, eWay extended that discipline across the entire solution. The software was reviewed and adjusted for PCI-required handling of card data, PII, and access controls. The architecture was designed so PCI scope was clear and contained, with WAF, IAM, network segmentation, and tokenized API access reinforcing the compliance boundary. The result is a platform where compliance is structurally embedded rather than achieved by carving the payment pages off into a separate iframe.
Why AWS Lambda for the business logic?
Lambda is a serverless compute service that runs code in response to events without requiring server provisioning or capacity planning. For an eCommerce platform that needs to scale from hundreds to hundreds of thousands of customers per month, Lambda removes capacity-planning as an operational concern. As traffic grows, Lambda invocations scale automatically. As traffic drops, costs scale down with usage. The platform was built with this scaling in mind so growth would not require an architectural rewrite.
How does the BriteCore integration work?
BriteCore handles back-end policy administration. The LawGuard platform integrates with BriteCore via REST API to issue policies after a customer completes purchase. The API integration runs through API Gateway with tokenized calls, providing a controlled, auditable boundary between the public-facing platform and the BriteCore insurance system. This decoupling means the website, eCommerce flow, and BriteCore can each evolve independently while maintaining a stable integration contract.
What does the fraud detection layer do?
At checkout, advanced fraud detection rules and filters evaluate the transaction before it reaches Authorize.Net for capture. The rules include billing-address verification against vendor street-address data through SmartyStreets, which catches a significant class of fraud where the billing address provided does not match a real address. Catching fraud before authorization reduces chargeback rates, refund claims, and the operational cost of fraud handling.
Why does this case study fit a public-sector positioning?
The technical capabilities demonstrated in the LawGuard build apply directly to public-sector contexts. PCI-compliant payment processing on AWS is required for higher-education tuition and fee payments, healthcare patient billing, government fee collection, nonprofit donation processing, and other public-sector payment flows. AWS Lambda serverless scaling, API Gateway tokenization, fraud detection, and WAF protection are all transferable technical capabilities. The LawGuard engagement is the proof point that eWay has built a PCI-compliant payment infrastructure on AWS at consumer scale.
Related Case Studies
Other engagements you might want to see
Healthcare · Custom Application · Azure
Custom EMR Platform for Iowa's Largest Free-Clinic Network
Free Clinics of Iowa is a donor-supported nonprofit and the largest network of free medical clinics in the state. eWay designed, built, and continues to operate the custom EMR platform that powers patient care across more than 30 member clinics.
Nonprofit · Custom App · Azure
Statewide Self-Exclusion Database for Iowa's Responsible Gaming Program
The Iowa Gaming Association operates the statewide Voluntary Self-Exclusion Program. A confidential list of individuals who have asked to be banned from every commercial casino in Iowa. eWay redeveloped the database application that holds this list to comply with 2017 legal reforms, hardened security to protect the sensitive records, and operates the system on Microsoft Azure for the 19 member casinos that depend on it.
Higher Education · Custom App · AWS
Custom Search Appliance Spanning 26 University Websites on AWS
Franciscan University of Steubenville operates 26 marketing websites across academic programs, schools, news, events, and student services. Each site had its own siloed search and none returned results from the others. eWay built a unified search appliance on AWS using Elasticsearch, Angular, Node.js, and Lambda. Visitors now search every site from a single interface with category filters and near-real-time indexing.
Have a similar environment? Let's talk.
Let's scope a managed engagement for your platform.
Every engagement starts with a platform assessment. We review your current environment, document operational gaps, and recommend a managed operations model sized to your organization.