Reliable, Secure, Real-time Risk Profiling for Banks: A SOA-based Application

The Business Opportunity: Near-real-time Risk Profiling via a SOA-based Application

Each year, banks worldwide open 80,000 accounts—and close one in 600 of them because they are opened just to write bad checks. The average loss is $2,000. Preventing these losses and other new account risks is the job of an SOA-based application offered by a top technology provider to the banking industry.

Using internal and third-party information, the company's risk management division decided to offer an SaaS (software as a service) application that provides an integrated risk profiling service to banking applications—to support their account opening process. The automated risk profiles could help prevent opening fraudulent accounts and mitigate the risk of other problematic applicants as well. This was a business opportunity projected initially to bring in $200,000 in revenues a day.

But it required some powerful technology—Progress® Sonic ESB® and Progress® Actional® Web services and SOA management solutions--to meet the challenges of "extreme" transaction processing that the application would entail in order to differentiate itself from a competing product.

The new SOA-based application had to be "faster than the fraudsters," agile, and, at the same time, reliable. Criminals depend on speed and the latency in processing data, so they can quickly write bad checks. In general, the risk profile information would enable banks to tailor their account to applicants, offering various perks or restrictions depending on their risk.

The Technical Challenge: A SOA-based Application with Extreme Agility, Speed, and Reliability

The new SaaS SOA-based application included core services as well as a menu of optional data services. Banks could vary their choice of optional services to create a separate risk strategy or profile to meet the differing needs of each branch and each product line. Consequently, at the time of a particular transaction, the sequence of processing data services for each risk profiling transaction needed to be customized, dynamically.

In addition to having this agility, the application needed to be extremely fast, but reliable. Typical customer service-level agreements (SLAs) specified 10-second response times. The company wanted the infrastructure supporting the application to be able to handle 650 requests per second. Yet this speed and flexible processing had to be possible over diverse computing resources. Some services would execute on disparate internal company platforms including mainframes, legacy C applications, PL/SQL, and core banking applications. Others would be processed by third-party systems and data providers, across WANs, firewalls, and security domains.

Consequently, the company needed software that could provide visibility across a distributed, heterogeneous environment, monitoring transactions end–to-end to ensure that SLAs were met. And, of course, because of various privacy regulations and standards, security was paramount.

Assessing Risk across Distributed Systems

The company decided to adopt a service-oriented architecture (SOA) based on an enterprise service bus for integration and flexible service reuse. A proof of concept showed the business team that Progress Sonic ESB could provide the flexible workflows at an accelerated rate needed to serve its customers and Progress® Actional® for Active Policy Enforcement and Progress Actional® for SOA management® software could, respectively, enforce SOA security and monitor and manage SLAs across a distributed network as well as provide metrics and reports on issues.

Today, the resulting risk assessment application executes in stages: a generic bank identification service followed by applicant validation and authentication, Patriot Act compliance checking against the Office of Foreign Asset Control terrorist list, comparison to "derogatory" information (i.e., various databases on bounced checks and fraudulent accounts), and risk management.

Data sources include some state Bureaus of Motor Vehicles databases, the "derogatory" Early Warning database (information on closed, fraudulent bank accounts), U.S. Postal Service addresses, and the databases of the major credit bureaus. The risk management calculations use the company's proprietary analytics and modeling engine tailored to the custom rules for each bank or branch to produce final risk score.

A SOA-based Application Built for Speed and Agility

Sonic ESB serves as the integration backbone and conducts communications and dynamic service orchestration—with fault-tolerant clustering to ensure high-performance and continuous availability. Sonic ESB intelligent routing of services via itineraries enables the company to define the process common to all customers and then to define variations for different banks and branches. Sonic can then deploy any itinerary on the fly, in response to the particular transaction.

Guaranteeing SLA Performance and Safeguarding Security

To ensure reliable operations and support SLAs in its SOA-based application, the company deployed Actional for Sonic ESB management because it could provide end-to-end monitoring and management across Sonic ESB and connected systems. The company chose the product because it provided visibility across the entire distributed network, enabling SOA operators to see and understand where SLAs are failing and set up alerts—as opposed to being able only to manage operations centrally within each of the company's data centers.

Actional creates a flow map of an end-to-end transaction that shows all services and their dependencies for SLA monitoring. Based on user-configurable rules, when performance or availability issues threaten, Actional sends alerts. SOA operators can set alert thresholds to show slow downs, to proactively triage problems. When an alert occurs, they can then drill down to a flow map of the violating transaction and see statistics on performance and availability for each system in the process. With the map and the information, they can trace back the problem to its root cause, for quick remediation. They can also get reports on these metrics.

Actional's active policy enforcement capability helps to ensure the security of sensitive customer information, such as Social Security numbers, and compliance with the PCI security standard. Security policies are created and managed centrally and applied via digital credentials on the company's virtual private network (VPN) as a transaction travels from service to service. Security can be managed across the company's two data centers—as though it were one virtual system.

IT and Business Benefits

Today, Progress software enables the company to offer a differentiated product. Sonic ESB provides the flexible workflows at an accelerated rate needed to serve its customers. Actional enforces security and ensures reliable operations.

In the long-term, the software will provide additional benefits. Progress Actional can prioritize transactions based on customer, customer segment, region, etc. It will enable the company to align the SOA with business goals, for example, by giving priority service to key customers. The company also plans on adding services to its SOA-based application in the future, building on this platform. It is always looking at additional data sources, to try to cover as much of the U.S.as possible. With Sonic and Actional, adding data sources, some of which can be monetized, is easy, making it possible to know who is out there and who is high risk and low risk.