AWS Partner Network (APN) Blog
Identity-as-a-Service Using Amazon Managed Blockchain for Invisible and Embedded Banking
By Dilip Rajendran, Head of Cloud COE (SEA) – Capgemini
By Vikas Nambiar, Sr. Partner Solution Architect – AWS
Capgemini |
The evolution of embedded banking and invisible banking have enabled third-party platforms and applications to embed services from financial organizations into their applications for improved customer experience. This has led businesses to implement solutions with different integrations and validation points, leading to complex setups with multiple third-party engagements.
This scenario becomes more complex when customer privacy, fraudulent document verification, cross-border verification, data breach prevention, and regulatory compliance requirements are added to the implementation.
To solve these overheads, organizations are investigating a centralized identity mechanism that scales as identity-as-a-service (IDaaS) solutions. Implementations that use blockchain solutions enables decentralized, API-based secure identity verification solutions, and are required for embedded and invisible banking, where a centralized IDaaS architectural pattern provides a single immutable identity for users.
In this post, we will explore how Capgemini assists organizations in implementing embedded and invisible banking by leveraging Amazon Managed Blockchain (AMB) to manage identities associated across business partners, and/or sub-units within a business itself.
Capgemini is an AWS Premier Tier Services Partner and Managed Services Provider (MSP) that’s at the forefront of innovation, partnering with companies to address a breadth of client opportunities across cloud, digital, and platforms.
Solution Overview
Before getting into the solution, it’s important to understand what embedded banking and invisible banking are, and the limitations with the existing processes.
- Embedded banking: Refers to the integration of financial services into non-financial products or services. This means that customers access financial services, such as lending or payment processing, without having to leave the platform or service they’re already using. An example is paying for something from the service’s application itself, without leaving the application to interact with your banking application.
- Invisible banking: Refers to the seamless integration of financial services into customers’ lives, such that banking becomes an invisible part of their daily routine. This mean customers actively manage their finances; an example is walking out of a grocery store after purchase without going through a checkout, but still paying for it as you walk out.
Figure 1 – Blockchain enables banks to simplify embedding their offerings.
Let’s take an example of a customer purchasing a car (via finance/loan) with an automotive dealership that has established partnerships with various banks to facilitate car loans for customers interested in purchasing vehicles through credit.
With the implementation of blockchain used to provide an IDaaS solution, the sequence of for loan approval and processing is illustrated in Figure 2, when a buyer visits a car dealer’s website or mobile application.
Figure 2 – Sequence diagram for financing a loan using blockchain.
In terms of customer interactions, the sequence above includes the following interactions:
- Buyer visits a car dealer’s website and selects a car.
- Buyer selects financing as their purchase method.
- Buyer is requested to provide a valid identity credentials from the buyer.
- Buyer uses their self-sovereign identity (SSI) to provide selective access to car dealer’s website.
- Car dealer’s website validates identity and authenticity of the issuer (also registering the buyer in their system/blockchain).
- Car dealer’s website requests additional credentials (salary slips, address proof, medical certificates) from the buyer’s SSI, as needed by the financial option selected.
- Car dealer’s website presents finance options and offers available from various banks.
- Buyer chooses an offer.
- Car dealer’s website forwards buyer credentials to the selected bank’s blockchain.
- Bank stores buyer’s information in its blockchain.
- Post-processing, car dealer’s website receives bank decision. Note that if the buyer is an existing customer of the bank, their profile (validated references, credit status) is available with the blockchain for validation, and approval is provided instantly.
- With the bank’s approval, car dealer’s website finalizes loan agreement, bill of sale, and vehicle registration documents.
- Car dealer’s website provides next available appointment for the buyer to visit the showroom.
- Buyer receives the car and ownership documents
With this mechanism, the buyer is a customer existing in the bank’s managed credentials, and any financing option from businesses that support integration with the bank’s blockchain makes the process more seamless. In this example, the buyer reuses their credentials in other sites.
This mechanism also enables a decentralized method to handle the identity of the buyer, dealer (member), issuer, and verifier.
Capgemini’s Solution Using Amazon Managed Blockchain
Amazon Managed Blockchain (AMB) is an AWS-managed blockchain that provides you with public blockchain nodes for Ethereum, Bitcoin, and Polygon. It also creates private blockchain networks with the Hyperledger Fabric framework.
Amazon Managed Blockchain is established by the bank using Hyperledger Fabric and the members (businesses) are added as peers. The business (for example, a car dealer) is a member of the blockchain network and has access to the references for validating the buyer’s profile for loan processing.
An end-to-end solution is built by leveraging Amazon API Gateway, AWS Step Functions, AWS Lambda, and the backend API’s running on Amazon Elastic Kubernetes Service (Amazon EKS) to provide a comprehensive solution, as shown in the subsequent diagram.
Figure 3 – IDaaS solution overview using Amazon Managed Blockchain.
This architecture provides features that are required to ensure information is securely and accurately verified, with minimal risk of fraud or error. The following AWS services are used to achieve the architecture:
- Amazon Managed Blockchain provides the required mechanism to configure and establish network consensus mechanism, member inclusions, node deployment, and a chain-code implementation. The following functionalities shall be provided with AMB:
- Document handling and verification
- Credit check status
- Amazon API Gateway provides API access for various businesses to interact with the backend services and avail the products from the bank.
- AWS Step Functions:
- Build, run, and visualization of the serverless workflows that orchestrate AWS services, any custom applications, and third-party APIs required specific to a bank’s requirements.
- Orchestration to validate if the buyer is an existing customer of the bank through validation of their customer ID in the blockchain.
- Amazon Relational Database Service (Amazon RDS) hosts data from the bank required to process the credit request.
- Amazon Elastic Kubernetes Service (Amazon EKS) is used to host the backend services required for:
- Loan processing
- Credit checks
- Any additional organization-specific processing requirements
- AWS Lambda provides for asynchronous serverless invocation when blockchain credentials are required for signing blockchain transactions.
- AWS Secrets Manager provides the platform that stores blockchain credentials required by AWS Lambda or Amazon EKS implementations.
- Amazon Elastic Compute Cloud (Amazon EC2) hosts the fabric client that provides API access to the blockchain to retrieve and/or update information in AMB.
- AWS Identity and Access Management (IAM) provides a mechanism to authenticate and authorize access to the network, which is required to ensure only authorized users access and modify the architecture.
- AWS Key Management Service (AWS KMS) is used to generate and manage the user’s private key for the blockchain network. This private key is essential for accessing the blockchain network and verifying the user’s identity.
Post-successful verification and credit check outcome, loan data and documentation hash with information for future validation is updated into the Amazon Managed Blockchain.
Conclusion
With Capgemini’s centralized identity-as-a-service mechanism leveraging Amazon Managed Blockchain, customers have overcome an otherwise complex setup that requires additional integration points to third-party systems.
The solution provides a seamless and convenient lending experience for buyers and an efficient lending process for businesses. It’s a cost-efficient, dynamically scalable platform that reduces operational maintenance and change management overheads for an organization
Furthermore, Amazon Managed Blockchain enables the solution to scales automatically to usage demands, meet security governance requirements, and provide for resilience and fault tolerance requirements. With its automation capabilities, the service enables Agile and DevOps delivery methodologies in the program’s development and operational lifecycle. This enable you to drive frequent, smaller, and faster changes with new features for end customers.
Reach out to Capgemini to learn how you can implement the solution and achieve operational excellence for your embedded and invisible banking implementations.
Capgemini – AWS Partner Spotlight
Capgemini is an AWS Premier Tier Services Partner and MSP that’s at the forefront of innovation to address a breadth of client opportunities across cloud, digital, and platforms.
Contact Capgemini | Partner Overview | AWS Marketplace | Case Studies