Mallikarjuna Chevula

Mallikarjuna Chevula’s career reads like a case study in how modern payments infrastructure is actually built: quietly, at scale, under strict security scrutiny, and with the expectation that systems must keep working when traffic spikes and risk is highest. Across more than two decades in enterprise software—through roles at InComm, IBM, Cognizant, and HCL—he has specialized in the engineering disciplines that sit behind consumer-facing simplicity: cloud architecture, API-first integration, and payment platform modernization.

At InComm, a company known in the payments ecosystem for prepaid and gift-card–driven commerce and distribution, he has operated at the center of high-volume transaction systems that must balance speed with rigorous controls.  His work aligns with a broader industry direction: moving stored-value products and funding mechanisms into more programmable, API-mediated rails, including mobile wallet enablement and tokenization patterns that reduce exposure of sensitive card data.

Chevula’s technical signature is platform thinking. Rather than treating integrations as one-off connections, he frames them as reusable services: Spring Boot microservices and REST APIs for customer self-service, customer care, and partner ecosystems; message and integration tooling (Kafka, Apache Camel, Tibco, Fuse) to bridge legacy and modern estates; and cloud deployments designed for resilience, multi-region availability, and predictable operations.

In API governance and security, his work sits squarely in the mainstream of modern enterprise integration, where API gateways and policy-driven controls become the “control plane” for rate limiting, authentication, mediation, and transformation. Google’s Apigee documentation describes this model explicitly—using policies to add security, traffic management, and transformation without rewriting backend systems—precisely the kind of approach that enables large organizations to scale partner integrations safely.

Just as importantly, his track record emphasizes security engineering as a product constraint—not an afterthought. The payments domain is defined by standards-based obligations, and PCI Security Standards Council materials describe PCI frameworks as resources that help organizations ensure safe handling of cardholder data end-to-end.  Against that backdrop, Chevula’s work in encryption (AES-256, ECC), OAuth2/JWT authorization, and audit-ready controls is best understood not as “features,” but as the operating requirements of a platform trusted to move value.

Across this arc, the theme is consistent: building systems that are secure by design, scalable by default, and operationally durable—then institutionalizing them through architectural governance, documentation, and mentorship so that the capability persists beyond a single team or release cycle.