This Guidance shows how payment institutions can use new data types, streaming data, data lakes, and machine learning (ML) on AWS to make rapid credit decisions, reach new consumers, and deliver on customer expectations of multiple payment options.
Please note: [Disclaimer]
Architecture Diagram
Step 1
Customer selects an item for purchase and prepares to check out.
Step 2
The request is routed to a separate page which takes the user through the BNPL flow. This web page can be built using AWS Amplify, which is tightly integrated with Amazon Cognito for new customers to sign up, and existing customers to sign in.
Step 3
New authenticated customers are verified by sending a notification to their devices using Amazon Pinpoint.
Step 4
Authenticated clients make API calls to AWS AppSync using valid JWT tokens generated by Amazon Cognito.
Step 5
AWS AppSync uses resolvers to make direct calls to different microservices. HTTP resolvers connect to REST endpoints of the user service. An AWS Lambda resolver directs calls to the credit service in a virtual private cloud (VPC).
Step 6
The communication between the resolvers and the HTTP endpoints are protected with temporary AWS Identity and Access Management (IAM) credentials based on assumed IAM roles. The JSON Web Token (JWT) specific to the authenticated user is also forwarded to each microservice.
Step 7
A Lambda function is invoked to access the private service hosted in a VPC through AWS PrivateLink. PrivateLink provides private connectivity between the credit service VPC and Lambda on the private AWS network. All services are secured in a way that only the main AWS AppSync API is granted access.
Step 8
The credit service is hosted in AWS Fargate containers in a private VPC, and payment information is persisted in Amazon DynamoDB.
Step 9
Customer requests are evaluated against their pseudo credit rating using a service from the Amazon SageMaker elastic inference and provided a near real-time decision.
Step 1
Customer selects an item for purchase and prepares to check out.
Step 2
The request is routed to a separate page which takes the user through the BNPL flow. This web page can be built using AWS Amplify, which is tightly integrated with Amazon Cognito for new customers to sign up, and existing customers to sign in.
Step 3
New authenticated customers are verified by sending a notification to their devices using Amazon Pinpoint.
Step 4
Authenticated clients make API calls to AWS AppSync using valid JWT tokens generated by Amazon Cognito.
Step 5
AWS AppSync uses resolvers to make direct calls to different microservices. HTTP resolvers connect to REST endpoints of the user service. An AWS Lambda resolver directs calls to the credit service in a virtual private cloud (VPC).
Step 6
The communication between the resolvers and the HTTP endpoints are protected with temporary AWS Identity and Access Management (IAM) credentials based on assumed IAM roles. The JSON Web Token (JWT) specific to the authenticated user is also forwarded to each microservice.
Step 7
A Lambda function is invoked to access the private service hosted in a VPC through AWS PrivateLink. PrivateLink provides private connectivity between the credit service VPC and Lambda on the private AWS network. All services are secured in a way that only the main AWS AppSync API is granted access.
Step 8
The credit service is hosted in AWS Fargate containers in a private VPC, and payment information is persisted in Amazon DynamoDB.
Step 9
Customer requests are evaluated against their pseudo credit rating using a service from the Amazon SageMaker elastic inference and provided a near real-time decision.
Well-Architected Pillars
The AWS Well-Architected Framework helps you understand the pros and cons of the decisions you make when building systems in the cloud. The six pillars of the Framework allow you to learn architectural best practices for designing and operating reliable, secure, efficient, cost-effective, and sustainable systems. Using the AWS Well-Architected Tool, available at no charge in the AWS Management Console, you can review your workloads against these best practices by answering a set of questions for each pillar.
The architecture diagram above is an example of a Solution created with Well-Architected best practices in mind. To be fully Well-Architected, you should follow as many Well-Architected best practices as possible.
-
Operational ExcellenceRead the Operational Excellence whitepaper
This Guidance can be scripted using an AWS CloudFormation template. To integrate and deploy changes, use a source control system to manage code and other artifacts, such as version-controlled CloudFormation templates of your infrastructure. When responding to incidents and events, you can send logs directly from your application to Amazon CloudWatch using the CloudWatch Logs API, or send events using AWS SDK and Amazon EventBridge.
-
SecurityRead the Security whitepaper
For secure authentication and authorization, IAM roles are in place for all service interactions in the environments. All data is fully encrypted in transit and in storage. AWS services provide HTTPS endpoints using TLS for communication, thus providing encryption in transit when communicating with the AWS APIs.
-
ReliabilityRead the Reliability whitepaper
To support a highly available network, all components scale automatically; account limits should be clearly defined for the supported product range. To adapt to changes in demand, the solution is modular and can scale with user adoption.
-
Performance EfficiencyRead the Performance Efficiency whitepaper
Serverless architectures help to provision the exact resources that the workload needs. Strategies for storage lifecycle management and ensuring auto capacity scaling are used for ingestion and read and write access patterns. To meet the requirements of scaling, traffic and data access patterns, serverless architectures help to provision the exact resources that the workload needs.
-
Cost OptimizationRead the Cost Optimization whitepaper
This Guidance is designed to be fully optimized for cost, using only resources where necessary and only accessing data using the services appropriate for the business need.
-
SustainabilityRead the Sustainability whitepaper
By using managed services and dynamic scaling, you minimize the environmental impact of the backend services. This Guidance uses technologies that support data and access storage patterns that need to be monitored. Doing so ensures that assets, such as data, are stored in the optimum solution based on the read and write access patterns, with close attention to scaling of compute resources closely aligned to the demand.
Implementation Resources
A detailed guide is provided to experiment and use within your AWS account. Each stage of building the Guidance, including deployment, usage, and cleanup, is examined to prepare it for deployment.
The sample code is a starting point. It is industry validated, prescriptive but not definitive, and a peek under the hood to help you begin.
Related Content
How AWS is supporting Buy Now Pay Later (BNPL)
Disclaimer
The sample code; software libraries; command line tools; proofs of concept; templates; or other related technology (including any of the foregoing that are provided by our personnel) is provided to you as AWS Content under the AWS Customer Agreement, or the relevant written agreement between you and AWS (whichever applies). You should not use this AWS Content in your production accounts, or on production or other critical data. You are responsible for testing, securing, and optimizing the AWS Content, such as sample code, as appropriate for production grade use based on your specific quality control practices and standards. Deploying AWS Content may incur AWS charges for creating or using AWS chargeable resources, such as running Amazon EC2 instances or using Amazon S3 storage.
References to third-party services or organizations in this Guidance do not imply an endorsement, sponsorship, or affiliation between Amazon or AWS and the third party. Guidance from AWS is a technical starting point, and you can customize your integration with third-party services when you deploy the architecture.