The project was developed for my Honours Stage Project (dissertation) at the University of Hull and was built around my own experiences of banking with FinTech banks (like Monzo and Starling) both of which use enhanced merchant data to show friendlier names for merchants, such as instead of
POST OFFICE COUNTER LEEDS GBR showing
Post Office with a map and icon, they also allow customers to improve missing or incorrect data for a given merchant. This improves usability and makes unknown payments or fraudulent ones easier to spot.
When travelling to less frequently shopped at merchants or internationally, this results in the merchant’s names being unknown for these retailers until a suggestion is made and approved by customer services staff. Up Bank (an Australian FinTech bank) have identified ~112,000 merchants (source) that they’re confident have correct merchant data for. This project tries an alternate method of solving this problem by creating a crowdsourced wiki-esque platform to contribute and make suggestions for merchants.
Monzo’s system requires manual curation and business time, to build on that this proof-of-concept uses a trust system similar to Wikipedia’s trusted users. Making accurate suggestions which other users agree with will increase your account’s point score, however, making suggestions that are deemed incorrect or vandalism will result in your account losing the status. Users who keep a high scoring remain trusted and can immediately allow through other user’s suggestions.
The proof of concept has four main components; an API, an authorisation provider, a mobile app and a web interface. The API uses Serverless Framework with Lambda for a FaaS architecture with functions written in Node (useful for its fast cold-start times for requests).
Cognito was chosen to provide authorisation and authenticate merchant changes in the mobile app and on the web (with app authorisation passing tokens to the API). Trusted user status is implemented through Cognito user groups, as a user is assigned to and removed from a group based on their status changes.
Initially, the app was developed in Apple’s SwiftUI but due to bugs in the framework at the time with
NavigationLink, the app was rewritten in React Native so a proof-of-concept could be developed more quickly. The app allows users to view transactions from their Monzo account and suggest changes for the name, location and icon for these transactions which is then returned to our API and shared with other users of the platform.
The web interface was developed using React and allows users to view their suggestions, create new suggestions and vote on those by other users.
For pricing reasons, this proof of concept used the free tier of MySQL on Amazon RDS, however, if more widely deployed with a larger userbase it would use Aurora for its integration with the lambda, high performance and replication across regions.
Although Monzo uses Cassandra (a NoSQL database for everything in the bank) indexed to Elasticsearch, a relational database was more appropriate for my implementation as I’m not storing transaction data alongside my merchants. Although implementing ElasticSearch or MeiliSearch would make manual merchant searches faster and more accurate if more merchants were present in the system.
A change in regulation with SCA (Secure Customer Authentication) caused some issues in implementing Monzo’s API, as after 5 minutes access is limited to the previous 90 days. The app has to cache the historic transactions as soon as the user authenticates. With the current implementation, it wasn’t possible to integrate into bank app’s directly, the project is designed so it could be integrated directly through banks as a service that they proxy data from and return their customer suggestions to the API.
To make the product production-ready, I’d rebuild the infrastructure using Terraform instead of the manual stack creation I did in this implementation, this would make spinning up extra environments easier and the project easier to contribute to with far less manual configuration for VPC Security Groups and Cognito user access.
Automatic suggestion of merchants by looking them up against third-party services such as Google Places and Foursquare would be useful too. For a proof-of-concept, it was cost-prohibitive to implement these APIs, with Google Places costing almost $3 per 1000 autocompletes and then $17 per 1000 requests to fetch details for those businesses.