In this post, ModusBox CTO, Kent Brown, explains how cloud architecture, virtual private networks (VPNs), virtual private clouds (VPCs), and AWS PrivateLink combine to form the “Fintech Hub” for financial services – an affordable, scalable, and secure connection between financial institutions and fintechs.
Trouble in the “Era of fintech”
A new wave of real-time payment options and fintech is challenging the status quo for community financial institutions (CFIs) by building modern banking services that are cheaper, faster, and easier to use. And, fintech partnerships drive inclusive banking by helping small CFIs compete against big banks. It’s the “Era of fintech.”
But there’s a catch.
Our fintech customers need to connect to dozens of CFI customers (representing unique banking core vendors) and forecast these numbers to double or triple by the end of the year. However, banking core technology can be 30-year-old, monolithic software that is fragile, expensive, time-intensive, and highly complex to integrate. For this symbiotic relationship to flourish, fintechs need a simple solution that connects multiple customers via a single, reusable API.
This post will focus on three of the 12 requirements for financial-grade software facilitated by modern architectural design – affordability, security, and scalability.
Cloud-hosted/cloud-native design enables affordable solutions
Two of the key financial-grade design principles we followed when developing PortX were to build a fully cloud-hosted, cloud-native platform. Cloud-native software is designed and developed to harness the cloud’s scale and resiliency from Day One. Cloud-hosted design presents several key advantages for fintechs and financial institutions.
The big idea: cloud-hosted, cloud-native architecture facilitates affordability by delivering faster time-to-market, reduced capital costs compared to acquiring on-prem infrastructure, and lower personnel costs compared to maintaining on-prem architecture
VPNs and VPCs create security via isolation in the cloud
Cloud-based architecture is gaining traction in modern approaches to integration. In reality, the public cloud platforms (such as AWS) have far more dependable security across the board (physical, network, access control, scanning and intrusion detection, compliance and certification, etc.) than you will likely achieve on-prem.
On the PortX platform, fintechs and CFIs use a VPN (virtual private network) connection to a cloud-hosted API. A virtual private cloud (VPC) is a logically isolated virtual network within the cloud that acts as a security boundary around cloud-based connections. We use a VPC to create a secure section of the AWS cloud that houses the fintech or CFI’s PortX-hosted API. This architecture is akin to designing and implementing a separate, independent network operating in an on-prem data center.
The big idea: This level of isolation assures that the connection (and customer data) is logically isolated from other networks (including those within PortX) in a dedicated environment.
AWS PrivateLink guarantees secure connectivity between VPCs
By default, each VPC is entirely isolated – for both fintechs and CFIs. This design alone would prevent the fintech APIs from connecting to the CFI APIs – defeating the whole point! To make this connection possible and secure, we leverage Amazon PrivateLink to allow PortX customers to securely access and share services between VPCs. PrivateLink works by adding an interface VPC endpoint within the VPC consuming the service, creating an Elastic Network Interface (ENI) in the private subnet of the VPC in a single availability zone. PrivateLink connections are locked down to a single service within the VPC – not the entire VPC.
The big idea: PrivateLink provides complete control and privacy to securely connect the VPC-protected API of a fintech with its CFI customer (or multiple customers) without exposing traffic to the public internet or other networks on the PortX platform.
Multi-architecture allows fintechs to scale connected FIs easily
Modern architecture comes in various forms. RESTful APIs and cloud-native deployments are standard industry-accepted practices, but different application architectures make sense under other circumstances or requirements. For PortX, we took a multi-architecture approach in our design to give users flexibility and the maximum level of reuse.
The big idea: When a fintech connects to the PortX platform, it instantly scales the number of banking cores it can connect to. Likewise, our design empowers CFIs to integrate with other PortX-connected fintechs and payment networks through a single API.
PortX is the “fintech hub” that is affordable, secure, and scalable for financial services
This modern, financial-grade approach to integration architecture makes PortX the fintech hub for fintechs and CFIs. Secure, flexible connectivity allows fintechs and CFIs to rapidly onboard dozens of new customers at a fraction of the cost of one-off integrations.