Photo by: Hutsy Financial Inc.
When DETL was tasked with building a financial app for Hutsy Financial, we knew it would be a challenge. However, we at DETL are a team of professionals who are always up for a challenge, so we got to work. This blog post explains how we are making it happen. We hope that our experiences can help you if you ever find yourself in a similar situation.
When you start a project with a tight deadline, the first thing to remember is to not try to do everything yourself. It's better to use existing services, SaaS, and other options which are readily available on the market. By utilizing these resources, you'll be able to save time and get your project done more efficiently.
This advice is not only applicable for tight deadlines but for any projects in general. Whatever the scenario, if the tools already exist, why reinvent them? Moreover, using third-party services can actually improve the functionality of your app as other functionalities such as security is already taken care of. This is especially relevant when talking about banking. Providers who specialize in banking infrastructure are likely to have better security measures in place than you would be able to implement on your own. You can be rest-assured that your data is well protected.
Anyways, let's get to the interesting parts of developing a banking app, which tools we used (and why) and any advices we have for anyone in a similar position.
The most important tool we used is Galileo. Galileo is a banking-as-as-service platform that makes it easy to build a banking app. You can take advantage of a variety of features and API's to create a unique and powerful banking experience. Plug it into your app and BAM, you have yourself a banking app. Just kidding.
Galileo doesn't solve everything when it comes to developing a banking app, but it solves quite a large scale of things. Galileo provides you with API's to issue bank cards to customers (both virtual and physical), create a bank account, view transactions, and many more features. However, this is not enough for a banking app. What's the catch? Well, users need a way to fund their account, introducing PeoplesTrust.
When funding an account, there are several options but the ones that make the most sense are:
The first one is pretty doable as well as secure, but the second one is an implementation which Hutsy is aiming for. Using PeoplesGroup in combination with Galileo brings the Hutsy platform to life as an actual banking app. Integrating the two is fairly simple, but figuring out and solutioning the funding flow (how money moves) is the hard part. Luckily, this was not DETL's responsibility. When the user successfully logs in, you send a JWT token from the backend to the frontend which is securely stored in an encrypted format. Multiple API calls are made on behalf of the user such as "getAccountOverview" to populate the home screen with the users bank account information. It is important to note that user information should not be stored in an unencrypted format in the database, you either need to use an encryption-as-a-service platform or encrypt all of the information yourself.
The process of encryption differs per platform as some engineers decide to do the process of encryption by themselves (us) or use an external encryption-as-a-service platform such as Vault. When encrypting the data yourself, there are libraries that can be used such as Crypto which Node has allowing you to encrypt the data yourself. We've decided to do the encryption ourselves. Of course this decision came about before stumbling upon Vault. Therefore, in retrospect, we would have used Vault to do the encryption for us since Vault doesn't solely serve as an encryption-as-a-service platform only but also as a secret key storage. We are aware of some of the computation power and the costs behind encrypting the data yourself, but we are diligently working to switch the encryption process in order to cut costs and improve Hutsy's app performance. However, we have a talented backend engineer who has implemented encryption multiple times and we are confident of performing the encryption ourselves. However, as stated above, why reinvent the wheel when someone has already built it.
Gluing services together isn't what we have signed up to do. As we are currently still working with Hutsy to continue and develop their application for them, we have already implemented some custom features to make it more exciting for the user.
The goal was to implement a feature which would allow users to view their transaction of a particular month. Both the incoming and outgoing transaction would be displayed in a user friendly manner. The challenge comes in when the API sends a response back where the data is not separated into its core group (Incoming vs Outgoing). We've carefully developed an algorithm that filters the data for the user and taking it a step further, they can select either the incoming or outgoing tab to see the type of transactions that are completed in that particular month.
A notification system isn't the easiest to implement as there are multiple systems that need to work together in order to deliver a notification to a users phone. We had the option to either implement a notification system by ourselves or use an existing service. As previously mentioned, there is no need to reinvent the wheel if it already exists. We've decided to use expo-push-notification in combination with Galileo's web-hook API's. Galileo provides us a custom web-hook as a listener for any event triggers such as account-created, card-activated, money-deposited, etc... When an event is fired, we record every phones notification ID called a notification-token and send the notification to the appropriate phone.
All in all, building a fintech application was not a straight forward process. The solution was to not reinvent the wheel from an implementation perspective. If a certain platform offers a solution that suits your app, then don't be afraid to use it. Always remember to never save sensitive information in your database without properly encrypting it.