Fintech Infrastructures đď¸
Fintech products have grown dramatically in the last couple of years and will evolve even more in the next few years.
One main USP of most fintech apps in COnveninve is better service and UX.
For Banks or NBFCs, user experience is not a major KPI.
They work on basic baking stuff like onboarding, payments and more.
They also have to protect user privacy and data to ensure the safety of innovation and growth.
But when Tech companies started reaching out to these banks, they had to work operationally and technically differently.
Now their customerâs data is not going to be in their investment, it has to be shared as well.
It means they have to work on both inward and outward customer data differently.
To do that, depending upon the required features, banks and fintechs work on different types of system design.
Iâll try to explain a few of them below:-
Version 1 :- Direct Integration
Consider this framework when you want to buy insurance from a fintech app.
You enter PAN details, address and more on the app, then the appâs server fetches all relevant information from the insurance companyâs backend via APIs.
In the case of initial neobanks, onboarding and complete transaction and card management used to work like this.
Good part:-
- Quick setup
- Access to consumer data
- Personalized offers and engagement
- Easy to service
Bad part:-
Fintechs have access to PII where they onboard people who are not their customers. (maybe you have completed the onboarding on NeoBank but you are the bankâs customer, not NeoBankâs)
Version 2 :- Partial SDK method
This practice is introduced to protect some PII and not let fintechs have access to such information.
Such as Aadhaar validation, entering m-PIN, video KYC flow and more.
Example:-
Step 1: The user clicks on the âValidate Aadhaarâ CTA in the appâs frontend.
Step 2: AThe ppâs server-side calls bank SDKâs âValidate_Aadhaarâ function
Step 3: A UI is shown to the user which blends seamlessly in fintechâs UI, so user experience doesnât get compromised.
Step 4: The user successfully validates everything and SDK gives a successful response to the app server side.
Step 5: The user sees a success message in the appâs frontend.
This SDK approach is not limited to only financial products. Whereever, users have to expose their PII, and the business does not have permission to store such information except to validate the userâs existence.
Apart from that storing and processing Aadhaar data requires businesses to have an Aadhaar Vault.
The good:-
- Fintechs can still consume user activity data to provide them with personalized experience.
- Userâs PII is not getting stored at fintech, as they are not fintechâs customers but the Bankâs.
The bad:-
- As fintechs do not hold customer PII, targeting them becomes difficult.
- They hold activity to build an engine but it is disassociated with PII.
Version 3 :- Full SDK approach
Now, this is the safest approach to manage PII while making sure userâs experience doesnât get compromised.
Here appâs server side is also hosted in the bankâs infra.
Step 1:- Beta version is built and deployed in fintechâs infra.
Step 2:- Bank audit the build and complete setup
Step 3: The whole codebase gets moved to the bankâs infra and credentials are shared with the fintech dev team to mange the code.
Step 4:- Depending upon the business agreement, specific SDK functions and APIs get exposed to the fintech server side.
Here everything is the same as V2, the only difference is that, fintech do not have access to plain customer activity data.
Everything is encrypted and very few people have access to manage the code, analyze data and service the customer.
In this case, building a plain dashboard becomes a challenge, so letâs not talk about a data model here.
Personalization becomes pure activity and behavior-based.
You can practically never target customers directly, unless they reach out to you for something.
Move forward
Now, these are some examples of where I have worked, certainly, there must be safer and more complicated model to work on.
Each comes with its own, pros and cons and mostly a business decision on which model they can go forward with.
As I have said before, fintech works on a very thin line of what users want and what regulations allow.
