preloader
SparkMinds
SparkMinds
Spay-payment-scaled

Secure Your Payment with SPay

SPay is a payment application that the SparkMinds team developed to help users make payments or money transfers quickly with internet access. SPay meets all your payment needs quickly, conveniently, safely, and with high information security. Furthermore, it also has some special functionalities such as payment link generation, QR scanning, and security enhancement with PCI DSS standards…

Project Overview

Client

Client name: Private
Nation: Vietnam

Industry

Fintech

Platform

Web & Mobile Application

Team Size

2

Technologies

Features & Security

Functional

  • User Registration, Login, and Logout   
  • QR Code Payments   
  • Funds Deposit and Withdrawal   
  • Peer-to-Peer Money Transfers   
  • Seamless Bank Integration   
  • Access to Payment History   
  • Convenient Payment Link Generation   
  • Enhanced Security with PCI DSS Standard   
  • OTP Authentication for Added Security  

Non-Functional

  • High Performance Auto-scaling server system ensures smooth operation with tens of thousands of concurrent users
  • Web Responsive Ensuring optimal system performance across different web platforms and devices
  • User Experience Clear warnings and prevention of transactions if the minimum amount received is significantly lower than expected, avoiding user confusion and financial losses

System Security

  • HMAC Authentication Verifies that requests are coming from expected sources and have not been tampered with during transit
  • DDoS Attack Prevention  Utilizing CloudFlare, the system can monitor and quickly block DDoS attacks based on request IP addresses
  • XSS, CSRF & SSRF protection
  • Encrypted data User’s sensitive information related to banking, phone numbers, addresses, etc., is encrypted in the database
  • CloudFlare (CDN) integration  Integration with CloudFlare enables easy prevention of DDOS attacks, unauthorized access through OTP verification, and real-time security monitoring
  • IP Whitelist/VPN Access to the web admin system is restricted to IP Whitelist or authorized VPN accounts
  • Secret key stored in Vault All project keys (such as secret keys, third-party API keys) are stored securely in a separate storage system (without any information stored in the database or source code)
  • Multisignature cold wallets
  • Hide sensitive data in logs All important information is hidden in the system logs
  • Frequent security scanning with OWASP, SynkIO, and AWS Security Scans Integration of well-known security scanning tools such as OWASP, AWS Security Scans, and mandatory SEC tools ensures the detection of security issues and daily updates on new security vulnerabilities

User Security

  • Two-factor Authentication Integration of One-Time Password (Google Authenticator) for functions such as FIAT/Crypto Withdrawal and User Security Features
  • Login Throttling Limits the number of logins attempts an attacker can make while providing multiple opportunities for users to remember their passwords
  • Complexity policy for password and PIN Ensures a certain level of complexity for passwords and PINs (for mobile phones) to prevent easy guessing by hackers

Challenges

Because of the unstable economic context, the client only provided a limited budget for app development. Moreover, due to numerous ongoing projects, the app development was undertaken by just two developers. The final challenge of this project is the extremely tight deadline, requiring the project to be completed within two months. 

Limited budget for the payment application development  

Developing the app with limited human resources.

Tight deadline for the development (~ 2 months)

Solutions

For saving development cost, we utilized the power of AI during the app development process. In addition, to address the lack of human resources, we decided to use hybrid programming languages for coding. Lastly, to reduce the app development process, we utilized third-party APIs and services for payment processing, authentication, and security enhancements.

Utilizing the power of AI during the payment application development process

Using hybrid programming languages for coding  

Utilizing third-party APIs and services for payment processing, authentication, and security enhancements  

Cost & Quality Optimization

The way we save cost and optimize quality for this project:

Building the app with reusable components (Utilizing existing libraries, frameworks, and open-source solutions helps to save time and development costs.)  

Developing the app using a Hybrid approach (Typically, for finance-related apps, prioritizing a consistent logic across iOS and Android reduces errors and cost, making the Hybrid approach the most suitable choice.)

Utilizing third-party APIs and services (Integrating pre-built functionalities will help save coding time and shorten the development process.)  

Utilizing AI in the workflow

With the current capabilities of AI in assisting various tasks, applying AI to tasks such as UI design, testcase review, and source code review has helped the project team save a significant amount of time and effort.

Automation of code review

Using SonarQube for automated code review helps save costs associated with manual code review and ensures the quality of the source code. 

Proper task allocation

Each project involves both experienced and new team members. Although all team members receive training before joining the project, it is not possible to cover the entire system comprehensively. Therefore, to accelerate project progress and ensure the highest quality, it is essential to assign experienced individuals to tasks that require expertise in a specific domain. For example, when developing a Mobile App, experienced individuals can handle API integration for screens with complex logic, while newcomers can focus on UI development, requiring little or no experience in Crypto Exchange.

Adhering to strict quality processes

It may seem difficult to persuade, but usingthird-party services can save more money than handling a service internally. For instance, by using a third-party service for Slider Captcha (a service provided by a dedicated team), the project can save costs compared to implementing and maintaining a separate service. Based on the company's experience and project team's expertise, they have identified third-party providers with the best cost-effectiveness, stable service quality, and sustainability.

Utilizing third-party services to save costs

Each error results in a series of related actions, such as logging bugs, fixing and retesting, reporting, and capturing evidence. By ensuring strict quality processes within the company, the project team has minimized the occurrence of errors, reduced rework time and saving costs.

Experience from previous projects

With their own experience and a team of experienced consultants, the project's technical and business implementations are streamlined and accurate, minimizing costs, time, and resources. For a large-scale project, even a single incorrect business or technical approach can lead to a cascade of issues. By forecasting and providing appropriate solutions based on previous project experiences, this project ensures the highest quality while maintaining reasonable and cost-effective measures.

Accomplishment

The project has been completed on schedule and met all client's requirements. Through this project, the development team has also gained valuable experience to apply to similar projects in the future.

Need a companion?

Don’t Hesitate, Contact Us Now!

    Let's work together!