Credit Score Solution Development without Access to Sensitive Data for Online Banking

Managed Team | Customer Case Study | FinTech

Verified by AWS

Romexsoft AWS Partner Network Badge 2022

Executive Summary

Our Customer

SavvyMoney offers a Smarter Credit Score Solution for online and mobile banking platforms. The company provides comprehensive credit score analysis, monitoring, full credit report, and personalized offers — all in one dashboard.

With SavvyMoney credit score solutions consumers have convenient unlimited access to their credit score anytime and anywhere. Company’s main objectives are to empower customers’ control over financial health, to help understand how financial decisions might impact scores, and to provide users with the best savings options.

The Obstacles They Faced

SavvyMoney’s application works with sensitive data of real users, therefore, the company needed to ensure strict separation of the application’s codebase from its configurations.

How We Helped

Romexsoft’s dedicated development team investigated SavvyMondey’s requirements for sensitive data protection and enabled development without access to sensitive data.

We ensured that the same application with the same codebase could be launched in different environments: Staging, QA, and Production.

The Challenge

SavvyMoney’s primary challenge was to ensure secure storage and limited access, only by the authorized personnel, to all passwords for database access, API tokens, and other sensitive configuration parameters for Production instances.

The Solution

Amazon Web Services

SavvyMoney decided to choose AWS as their main hosting platform due to its scalability, reliability, constant innovations, low latency, and a huge variety of services. Romexsoft has successfully utilized a range of AWS tools during the development of the SavvyMoney’s app, ensuring the app’s high performance, global availability, and security.

AWS Services Utilized

EC2, Autoscaling, ALB, RDS MsSQL, ElastiCache Redis, SQS, Amazon MQ, S3, CloudFront, CloudWatch, CloudFormation, AWS CodeCommit.

Solution Delivered by Romexsoft

Romexsoft used AWS Systems Manager Parameter Store to provide secure and hierarchical storage for configuration data management and CodeCommit to make the collaboration on code easier.

SavvyMoney’s microservice architecture is built in Java Spring Boot framework. Each microservice is a separate REST API that performs the required business logic and is running on EC2 instances in the Autoscaling Group. Launch Configuration has an attached IAM role with read-only access to the parameter store. Therefore, any sensitive parameter is only known for the application on startup and there is no possibility to see it.

All sensitive configuration parameters from classic *.properties files are moved into the AWS Parameter Store and all *.property files with other parameters are moved into the CodeCommit. Spring Cloud Config service reads properties from CodeCommit, and REST API application calls Spring Cloud Config for required properties on startup or on-demand refresh. The access to Parameters store and CodeCommit have only the authorized employees.

Secure and Effective Development for Online Banking AWS Architecture Diagram

Secure and Effective Development without Access to Sensitive Data on AWS Architecture Diagram
AWS Architecture Diagram: Secure and Effective Development on AWS for Fintech SaaS.

AWS Services Utilized

Name Description
aws-codecommit CodeCommit AWS repository. It contains all properties of the application, except for sensitive data such as DB passwords, etc.
AWS parameter store AWS System Manager Parameter Store. It contains sensitive data such as DB passwords.
AWS IAM Role AWS IAM role attached to EC2 instance with permission to Read parameters from Parameter Store.

AWS IAM User that has permissions to edit records in the Parameter Store.

The development team has these permissions for Sandbox/Beta env.

Only account administrator has these permissions for PreProduction/Production.

Amazon-EC2

Restful API, Spring Boot 2 application launched an EC2 instance within the Autoscaling group.

The startup app performs two actions:

  • connects to the Configuration Server to get configuration properties.
  • having attached an IAM Role connects to the Parameter Store to get sensitive parameters.

Technologies Used

Amazon Web Services
Java Logo
spring.io
Hibernate Logo
JavaScript
HTML 5

What We Achieved Together

Romexsoft helped SavvyMoney to scale up faster. The improvements we implemented enabled SavvyMoney to increase the number of users by 250 times and to keep it growing.

We ensured that the development team had no access to sensitive data either in Parameter Store or being logged on the EC2 instance. Our team made the separation of parameters storage on Parameter Store and Code Commit which provides better security, handling, and maintenance.

We enabled the possibility to reload parameters from Parameter Store without application rebuild and ensured rigid separation of the application’s codebase from its configurations.

Feedback

SavvyMoney Logo

“Romexsoft has built a skilled and proactive team for SavvyMoney, eager to propose new solutions and hire expertise when needed. It’s a pleasure to work with Romexsoft, and I would highly recommend them.”They have very good developers…. We haven’t had the same problem with them as with other vendors.

Bhavna Guglani, VP of Products at SavvyMoney

Verified by AWS

This case study is validated by AWS. Experts and professional auditors from AWS reviewed this case study and verified that we, Romexsoft, have built a functional infrastructure and efficient cloud solution.

It showcases the value that Romexsoft, being a certified AWS Consulting Partner, delivers cloud solutions according to AWS standards and best practices.

Check out Romexsoft’s profile at AWS Partner Network.

Romexsoft Select Tier Services AWS Partner Network Badge 2022

Recent Success Stories

HealthCare EMR / EHR SaaS Platform Development for Therapy Companies

Managed Team | Customer Case Study | HealthCare

AdTech Text-to-Speech SaaS Platform Development for Content Publishers

Staff Augmentation | Customer Case Study | AdTech

24×7 DevOps Support Services for Healthcare Marketplace

24×7 DevOps Support Services | Customer Case Study | Healthcare

Why Romexsoft

Romexsoft has been a Trusted Software Vendor and Managed Service Provider since 2004.

  • We are an AWS Certified Consulting Partner, focused on customer satisfaction and long-term partnership.
  • We provide customers with the effective and market competitive solutions that absolutely separate them from the competition, help clients minimize their Total Cost of Ownership (TCO) and maximize Return on Investment (ROI).
  • Having a number of AWS Certified Engineers, Cloud Architects, Java Developers, SysOps and DevOps Engineers in the team, Romexsoft offers rapid start and stable performance which 90% of its clients are willing to recommend.

Let’s Talk about Your Business Needs!