येLo (Yelo Bank) is a digital-only, mobile-first neo-bank focused on serving mass-market consumers – the ‘next half billion’ people who will be coming online in the next five years. It offers an optimum basket of financial products that are meant to meet their unique needs, unlike the standard offerings from traditional financial service providers.
The company, which was founded in 2019 and started building its banking platform in January 2020, recently won AWS’s Startup Architecture Challenge program in India, which comes with a prize of $25,000 in AWS credits. In its winning submission, येLo co-founder and CTO Nishant Chandra highlighted how building the neo-banking stack using AWS gave the startup a simple, elegant, and secure architecture.
“As you would imagine, a digital bank stands for trust, and that translates directly to security and reliability. And this is reflected in the architecture,” Chandra says. येLo’s stack is divided into three sections: One hosts customer accounts, another handles payment processing, and the third provides security and monitors different threat vectors.
For resilience, the company uses micro-services deployed on Amazon ECS and asynchronous processing using Kafka — in Amazon’s case MSK — and SQS. Accounts and ledgers are at the heart of the banking system, and Amazon QLDB was the perfect solution for realizing an immutable ledger, as it has in-built data integrity functions. For money transfers, services use exactly once processing semantics, which were built using Amazon RDS.
To design a PCI DSS-compliant system, the company turned to the AWS Quick Start guide, which provided a template architecture. For enhanced security, the infrastructure is first partitioned at the AWS organization level, then at the VPC level, and finally at the subnet level. One important consideration was how micro services communicate with payment services. For this, येLo built service-to-service authentication and authorization using Amazon IAM and Systems Manager, specifically the Parameter Store.
On the PCI DSS-compliance front, AWS Fargate emerged as a hero. It limited the scope of assessment — there was no need for bastion hosts to manage the servers, or a need to update or patch the servers. Typically, PCI DSS compliance is arduous, requiring many months or even years to complete. Using pre-certified AWS services reduced the cost of penetration testing, however, and allowed येLo to launch much more quickly than anticipated.
“The most important benefit about this architecture is that it reduced the operational risk, so that we can focus on product development,” Chandra says. “Security is hard, and AWS security services made it easier.”
Now, as the world economy slowly recovers from the coronavirus pandemic, the company anticipates digital banking to become more relevant than ever before, and AWS has enabled येLo to offer low-cost financial services to millions of people. “We believe improving the financial health of the consumer can happen only when we combine innovation on product design, user experience, and platform architecture,” Chandra explains, “And that’s what we constantly challenge ourselves with.”