Security in Open Banking
Partnered with a large Australian independent provider of payments solutions to build a secure Open Banking platform.
Services we provided
In partnership with the customer, Mantel Group supported the delivery of a suite of Open Banking services using a microservices approach. This involved providing several small, loosely coupled and independent service offerings to clients, all hosted and managed within Amazon Web Services (AWS) for maximum efficiency, security, and reliability.
The Open Banking services and product offering represent a significant part of the future strategy for the payments provider, serving as a cornerstone of their mission to deliver exceptional value to clients. By leveraging Open Banking technology, the customer aims to revolutionise the way that their clients’ end users interact with their financial data, empowering them to make informed decisions and streamline their financial workflows. This forms part of a broader effort to not only provide innovative payment solutions but also to create a seamless, user-friendly experience that sets the customer apart from competitors. With Open Banking at its core, the strategy is designed to foster long-term partnerships with clients, built on trust, transparency, and a shared commitment to harnessing the power of cutting-edge financial technology.
Mantel Group provided expert support to ensure that the Open Banking solution was designed and built to meet the complex operational and security requirements of a production grade Open Banking solution.
Deliver innovative, reliable and secure payment solutions for businesses of all shapes and sizes. Provider of payment solutions and a CDR Intermediary providing a gateway to regulated data sharing and payments in Australia.
The client deployed Opening Banking in 2021 and have been in the journey of continuous improvement and enhancements.
The Customer’s challenge was to implement Open Banking, the first application of the Consumer Data Right (CDR) that applies to the banking sector. Under Open Banking, consumers and businesses will be able to consent that the data held about them is shared with accredited recipients for the purpose that the consumer or business has authorised.
While the customer had already invested considerable resources into developing the Open Banking services, they required expert assistance in scaling and deploying these services on Amazon Web Services (AWS) to leverage cloud-native security features, efficiency, availability, and scalability benefits.
The customer engaged Mantel Group as partners to overcome these challenges and ensure a successful implementation.
Mantel Group was able to hit the ground running by integrating into the Customer’s development teams and their ways of working to rapidly understand the requirements of the Open Banking services. Together, we utilised an agile development methodology, with a focus on continuous integration and delivery to ensure rapid, iterative, deployments and high quality.
Our initial activities were focussed on reviewing and improving the security of the AWS landing zone, which was already well established but could benefit from additional refinements and AWS services such as Control Tower, and GuardDuty. A solid foundation was engineered to enable the customer’s various Product teams across the business to drive strategy, i.e., through well architected AWS infrastructure that reflected the requirements of the business domain.
Within each of the workload AWS accounts, a defence in depth network strategy was employed to appropriately segregate workloads in the Amazon Virtual Private Cloud (VPC). High Availability was ensured by selecting Multi-AZ at the data store layer in RDS and Elasticache, and auto-scaling introduced across all Availability Zones for workloads running on ECS and EC2. AWS services such as CloudFront, Application Load Balancers, and API Gateway were deployed along with WAF to provide protection for the Open Banking services running in the VPC.
Our solution provided several unique benefits to the customer and their clients. Firstly, it enabled compliance with Open Banking regulations, allowing them to securely share data with accredited recipients. Secondly, it provided a seamless user experience through the various Open Banking services. Finally, it offered a comprehensive set of utility services, extending beyond Open Banking to support broader financial markets and Open Data initiatives. The solution was tailored to meet the specific needs of the customer and their clients, providing a competitive edge in the market.
The project’s success was largely attributed to Mantel Group’s expertise in AWS and the financial services industry, as well as our commitment to delivering high-quality, secure solutions that meet the unique needs of our customers within project timelines.
Key Products/Services we used
Given the strategic opportunity Open Banking presented for the Customer and the growth potential, the decision was made to utilise the Customer’s existing in-house SMEs and skills to develop Open Banking services internally rather than using an Open Banking platform provider. Amazon Web Services was selected as AWS is the preeminent cloud service provider and was already an existing vendor for the Customer. Compared with other cloud service providers, the Customer considers AWS to offer greater cost-efficiency whilst ensuring flexibility and scalability over the long-term. over the long-term.
- Amazon Virtual Private Cloud (VPC) segregated into network tiers for hosting component services within subnets – DMZ, Application, and Data.
- AWS Transit Gateway controlling all inter-VPC traffic routing and egress traffic.
- Amazon API Gateway exposes external APIs and facilitates throttling and security controls.
- Amazon Elastic Container Service (ECS) for containerised compute nodes supporting most APIs developed by the customer.
- Amazon Elastic Compute Cloud (EC2) for non-containerised compute supporting a subset of APIs developed in Java.
- AWS Lambda primarily for event-driven, asynchronous, serverless compute.
- Amazon Relational Database Service (RDS) for managed service data persistence.
- Amazon ElastiCache for Redis for in-memory data store providing sub-millisecond latency to the application tier.
- Amazon CloudFront and S3 for hosting and caching static web content.
- AWS Transfer Family and Amazon S3 for simplified SFTP hosting.
- Amazon GuardDuty, AWS WAF, AWS Config, and AWS Shield for providing security in depth.
- AWS Key Management Service (KMS) for customer controlled key management through customer managed keys.
- AWS Certificate Manager for provisioning and managing SSL/TLS certificates used by AWS services.
- AWS CloudTrail, Amazon CloudWatch, and AWS X-Ray for monitoring, logging, and tracing native AWS components and deployed applications.
- AWS Control Tower for providing account management capabilities and guardrails to provide governance assistance.
Open Banking has been live for the Customer and their clients since December 2021. Success is measured in two ways:
Meeting non functional requirements and implementing new features as mandated by ACCC, documented at Consumer Data Standards. The ACCC collects relevant metrics from the Customer’s APIs and makes these available to the general public via a dashboard, see https://www.cdr.gov.au/performance. While there are some areas for improvement, predominantly around the performance of downstream APIs outside of the customer’s control, the Customer has largely met ACCC’s requirements.
Successful client onboarding. The customer onboarded a number of Data Holder clients before Production go-live in 2021, and additional clients in 2022 and 2023.