Credit Score Software Development without Access to Sensitive Data

Our Customer

SavvyMoney offers a Smarter Credit Score Solution for online and mobile banking platforms. The company provides comprehensive credit score analysis, monitoring, full credit report, and personalized offers — all in one dashboard.

With SavvyMoney credit score solutions consumers have convenient unlimited access to their credit score anytime and anywhere. Company’s main objectives are to empower customers’ control over financial health, to help understand how financial decisions might impact scores, and to provide users with the best savings options.

The Obstacles They Faced

SavvyMoney’s application works with sensitive data of real users, therefore, the company needed to ensure strict separation of the application’s codebase from its configurations.

How We Helped

Romexsoft’s dedicated development team investigated SavvyMondey’s requirements for sensitive data protection and enabled development without access to sensitive data.

We ensured that the same application with the same codebase could be launched in different environments: Staging, QA, and Production.

SavvyMoney decided to choose AWS as their main hosting platform due to its scalability, reliability, constant innovations, low latency, and a huge variety of services. Romexsoft has successfully utilized a range of AWS tools during the development of the SavvyMoney’s app, ensuring the app’s high performance, global availability, and security.

Romexsoft used AWS Systems Manager Parameter Store to provide secure and hierarchical storage for configuration data management and CodeCommit to make the collaboration on code easier.

SavvyMoney’s microservice architecture is built in Java Spring Boot framework. Each microservice is a separate REST API that performs the required business logic and is running on EC2 instances in the Autoscaling Group. Launch Configuration has an attached IAM role with read-only access to the parameter store. Therefore, any sensitive parameter is only known for the application on startup and there is no possibility to see it.

All sensitive configuration parameters from classic *.properties files are moved into the AWS Parameter Store and all *.property files with other parameters are moved into the CodeCommit. Spring Cloud Config service reads properties from CodeCommit, and REST API application calls Spring Cloud Config for required properties on startup or on-demand refresh. The access to Parameters store and CodeCommit have only the authorized employees.

Secure and Effective Development for Online Banking AWS Architecture Diagram

Romexsoft helped SavvyMoney to scale up faster. The improvements we implemented enabled SavvyMoney to increase the number of users by 250 times and to keep it growing.

We ensured that the development team had no access to sensitive data either in Parameter Store or being logged on the EC2 instance. Our team made the separation of parameters storage on Parameter Store and Code Commit which provides better security, handling, and maintenance.

We enabled the possibility to reload parameters from Parameter Store without application rebuild and ensured rigid separation of the application’s codebase from its configurations.