Our team was responsible for the development of the e-wallet service from scratch. We were engaged in all stages of the development process: architecture design, code implementation, unit and integration testing, security testing, compliance verification, deployment, and support. The final solution consisted of a platform based on microservices architecture, mobile apps for iOS and Android, and an administration web portal.
The microservices architecture was designed and developed with scalability, fault tolerance and automatic recovery in mind. Every microservice was shielded with a security layer and tight monitoring of performance metrics. Automatic re-processing of failed transactions was the core principle of the platform’s fault tolerance.
A mobile team developed user-friendly applications for iOS and Android that were integrated with back-end microservices.
A front-end team developed an administration web application that incorporated a modern web framework.
As a part of the core functionality of the solution, we implemented several integrations with different types of third-party services such as bank systems, payment platforms, delivery tracking systems, and airlines. A separate set of microservices was dedicated to these integrations. All sensitive data collected via mobile apps and stored on the platform side was encrypted. One of the key integrations – integration with Adyen payment platform – was implemented using REST API and Adyen check-out SDK.
A registration and verification scenario incorporated identification of user PII data for security compliance reasons. Initially, it was performed manually by administrators looking up through the documents received via a web portal. When the number of users increased significantly, the client decided to automate the process. Lohika solution incorporated a set of separate microservices integrated with Onfido, which verifies people identities using a photo-based identity document, a selfie, and artificial intelligence algorithms. This integration enabled the full automation of the processes.
Lohika team implemented two-factor authentication using a one-time password to exclude the possibility of registration of a user with a fake mobile number. We used a strong number generator to create OTP verification codes that are impossible to crack.
Starting at the early stage of the development process, the development team was supported by the team of security experts. They oversaw architecture design and implementation from the security standpoint to avoid global security flaws. The architecture was reviewed in detail by our security team to identify vulnerable logic and workflows, and detect all possible inconsistencies with the security standards the product complies with at early stages of design and implementation. The security team used a set of penetration tools, vulnerability scanners, static and dynamic source code analysis tools from different vendors to perform analysis from different angles and perspectives. Also, the security team assisted the development team to resolve all security related issues in a fast and quality manner.