Enhancing the security and efficiency of sensitive data flow for a Caribbean financial sector client
Creating a reliable and privacy-driven API connection with partner banking institutions and eliminating incoming data loss issues to ensure steady system performance and help build trustful relationships with B2B customers for our client.
Our client, a Caribbean financial company, operates credit history portraits in a closed sharing system available to their members – banking institutions and private individuals. The client provides report copies that help the credit issuers verify their applicants and are a dependable source of truth for finance-related disputes or for anyone simply wishing to check their credit history. This financial service company is active in the Dutch Caribbean and Suriname, and aims to increase equity in the local financial sector. By improving the risk management process, they support both banking institutions and individuals in settling mutually beneficial credit contracts.
The client’s company has to operate in strict compliance with SOC 2 – an American standard for corporate management of customer data. In client’s own words, Noltic was recommended to them as a superior knowledge provider with strong awareness of security and privacy matters. We started our cooperation in June, 2021 and it remains ongoing.
The client needed to optimize the way they handled incoming credit report requests from their customers, how they processed the data and how they sent out the final reports. Also, since our client works with dozens of banking institutions, their system needed to be as privacy-mindful as possible, and the goal was to move towards an even more secure architecture.
Prior to our collaboration, the client had an existing Experience Cloud setup. To receive a credit report, a customer bank representative had to fill out a manual request in our client’s internal system which was noticeably inconvenient. We were set to implement an API connection that could be used by our client’s customers to seamlessly request all the necessary credit reports directly in their own environments.
Since the core service our client provides is equipping banks with full credit portraits of individuals according to the local legislation in the Caribbean region, another task was to improve the delivery of these reports by refining every aspect of it. It was all the more crucial since the customers were charged for every report operation and our client could not afford losing their loyalty because of occasional system malfunctions.
To make sure the service would be provided as expected, our team needed to enhance the data uploading flow for when customers create a report request to avoid this request being incomplete or lost in the process. As a consequence of these issues, client’s customers sometimes did not receive neither the credit report nor any notification about their request being failed. This has also caused an issue with duplicates that we needed to resolve.
- Implementing a secure API connection with Salesforce-based user authentication web service allowing banking institutions to send credit history requests in their own systems over a simple widget click;
- Implementing XSS and XSRF protection mechanisms to ensure that sensitive data is secure and can't be exposed;
- Creating a ‘Data Uploads’ dashboard in the client’s system for bank representatives to see a full history of their successful and failed report requests with a .csv file export option;
- Implementing a reliable request delivery system that acknowledges every successful/failed attempt to receive a report;
- Streamlining the notification system to be 100% responsive and alert customers in a timely manner about the status of their requests or if any action is needed from their end;
- Setting up encoding and decoding of .pdf report files to ensure a secure flow of sensitive information when storing it and sending it out;
- Implementing a gatekeeping logic for credit records without recent updates (the threshold is up for customers’ configuration) to confirm if the credit can be auto-terminated to avoid keeping outdated records in the system and marking individuals with false credit history;
- Cooperation with the client to create a parameter set that determines duplicate credit records and eliminates them to ensure a reliable database.
- 100% successful delivery rate of customers’ requests with correct input and elimination of incoming data feed kick-offs;
- An updated and reliable setup with the possibility for customers to send requests from their own systems lead to an increase in trust to our client’s services and more user satisfaction;
- Significant improvements in data quality and accuracy due to multiple safeguards preventing outdated, insufficient or incorrect data from being stored in the system;
- Improved communication with customers by notifying them about the requests status and by giving them the opportunity to have a look at their data uploads at any given time;
- Eliminating the issue with duplicate and falsely ongoing credits to make sure individuals in the system have their credit history in perfect order.
Even though the collaboration has already been more than fruitful, we have a few more goals to reach. Apart from the possibility of geographical expansion, we plan to make a transition of their portal to a more convenient system using Salesforce Lightning. We are also working on starting to store credit history not only for private individuals, but also for legal entities.
"Most impressive was the ability to quickly capture the issues and ideas brought forward and quick analytical abilities when issues needed to be localized. We were able to reduce incoming data feed kick-outs to near zero and provided a secured API to enhance the ability for data suppliers to provide data" – CEO, Financial Services Company