In the super critical sphere of fin-tech web app development, there’s no room for mistakes. Find out in our case study of a Ruby on Rails US Lease Management System the best practices for dealing with systems where customers real money is at stake in every line of code, every piece of the infrastructure, and in every hour of the day.
When customer dollars are on the line, fin-tech projects require stringent scrutiny, diligence, know-how and best coding practices
If there’s one market where scrutiny and diligence are essential components of software development, then it’s hard to argue a more pressing case than fin-tech.
When customers’ money is at stake, one simple logic error can sink a system’s reputation.
Today’s article takes you through how we have been providing high quality, great value, Ruby on Rails development services and best coding practices to a US fin-tech startup, working on their complex Lease Management System. Take a look at how this project has been both very challenging and rewarding - with some hot tips on best practices for industry development.
Introducting a Lease Management System
Let’s say that you’d like to buy a new TV but you are still waiting for the next paycheck. Do you simply go without? One of the options to get an awesome purchase straight away, without having to wait until you have the funds in your bank account, is to lease to own it. This is done with payments spread over a certain amount of months - basically, to buy it on credit.
Our financial technology client created a platform of this type of leasing solution in the United States. The platform consists of two systems - one is directed at the merchants where customers buy the goods, and the second - the Lease Management System (LMS), is responsible for creating and managing leases and everything connected to customer payments during the leasing period.
The merchant system will book and store all the initial information from the leasing purchase and then pass it over to the LMS, which contains the calendar of scheduled payment installments, cash in-flows, delayed payments, early pay-ups etc.
Where iRonin fits in: developing, expanding, monitoring, alerting, repairing
The experts at iRonin have been working on this second software, the LMS, where two of the most important aspects are high availability and scalability. The more clients that came onboard the system, the more the system had to grow. As a result, a once desktop-only application had to be migrated to a web app development project, and new versions of the software needed to be deployed.
Our team has been actively taking part in the infrastructure migration, testing of new system versions, agile development of new features, scaling the system up, expanding the IT system architecture and providing feedback to user-centered design.
Since the system has been put in place, our main tasks revolve around monitoring and alerting, introducing zero downtime solutions for performance optimization, and repairing of occurring issues - all of which are helpful in creating even more bulletproof system. Integrity checks are run on a daily basis between the lease management system and external systems from which, for instance, information about taxes in each US state is fed. These checks allow us to notice *on the spot* any bugs or unusual behaviors and react immediately.
Where every cent counts, we rely on solid technologies
Our dream tech stack for this particular financial services software solution includes:
- Ruby on Rails - our favorite web application framework. Its development agility is a great choice for a fin-tech venture.
- PostgreSQL - for data storage, a battle tested relational database.
- Redis - an open-source in-memory data structure store, used as a database, cache and message broker.
- Sidekiq - which provides background jobs processing for Ruby.
- Elasticsearch - our robust search engine of choice.
- Kibana - a clever data visualization plug-in that pairs with Elasticsearch.
- Amazon Web Services - for cloud computing services and IT infrastructure hosting (both external and internal).
- HoneyBadger- a tool specially designed for Ruby on Rails developers that monitors exceptions and outages.
- NewRelic - helps us to monitor the web application and IT infrastructure performance.
- Amazon S3 - for data storage, which we love for its scalability.
Two teams, 8 hours of time difference and a single goal
Our team for the project consists of 5 senior engineers based in Poland, while most of our client’s programmers are in the US - that’s 8 hours of time difference! While you’d think that might be a hindrance, this time difference allows us to have 24/7 control over the lease system.
This means the iRonin squad can easily test new features during the off-peak night time in the US, when the system is not laden. During the night, background works and checks are being conducted and if something doesn’t add up, the iRonin team will notice it straight away and provide an immediate fix. This night monitoring is comfortable for us and very profitable for the client! When they wake up, everything is already up and running.
How to manage an intercontinental connection
We have been working remotely with US-based companies since iRonin’s inception, putting us in a brilliant position to continually fine-tune the methods of communication between distributed teams. To be constantly on the same page, we focus on clear communication during stand-ups and sign-offs about progress on tasks and overall system state.
We keep the communication channels open at all times on Slack, via video calls, project management systems (Jira, Pivotal) and emails. A few times a week, we all assemble for a global call on which we discuss current cases, future plans for product development or decisions on the system architecture.
Our voice is always valuable - our ideas are trusted by the client and (more importantly, some would say!) the client’s programmers. We are fully integrated with the US team and feel like a part of one family reaching to achieve the same goal.
Our communication isn’t limited only to the client’s team - we are talking directly to the developers of external 3rd party systems which speeds up the development process. A proactive approach is the key to the success here.
Challenges of a complex financial technology project
IT projects in fin-tech are very demanding. In any IT solutions-related venture, software logic errors hurt programmers and cause them a lot of effort to track and fix. In the financial technology sector bugs are even more damaging as they refer to the very sensitive matter - customers’ money.
The project is very complex, there are a lot of different functionalities, use cases and most importantly - edge cases. Some scenarios are hard to predict - for instance, if a user’s overdue payment is delayed because of 3rd party issues the company will not want to punish the user for this situation with extra fees. The system must be flexible to allow new edge cases to be handled smoothly.
Our tricks & tips for smooth development of a fin-tech IT system
Financial technology projects are not for the faint-hearted - where every cent matters, there is no place for a mistake, as mistakes are costly! So how do we make sure to avoid mistakes?
- Log, log and log again - log everything!
Audit logs are the key to performing a comprehensive postmortem if anything happens in the system. Log every user action, every component interaction, every database transaction, every error or issue. It’s far easier to debug things and find those missing cents when you have a clear view of what has happened in the system.
- Never modify the payment records
Instead, create new records that correct errors in the previous ones.
- Pay extra attention to smart testing practices
Every critical piece of code in this system is covered by tests.
- Perform all deployments during low-traffic hours
This was pretty easy for us with the iRonin team located in a different time zone! Our deployments for this project are always Zero Downtime and we make sure each is easily reversible. New features are firstly released to a small sample of customers, then we scale it up to the whole system.
- Keep all of the tools and libraries up to date
How to keep the system safe and secure
Being a fin-tech product, we need to be extra cautious with security.
Our security regime for the software includes:
- Strong password protection
- Encryption of all personal data, in the logs too
- Ensuring that no one can make production data dumps; the dumps can be requested - but sensitive information will either stay encrypted or will be modified by the database dump script
- Running periodic checks on security vulnerabilities in external libraries
- Conducting validation of files before processing them - checking their size, extension and type
- Adding security related HTTP headers in order to prevent attacks of a different form, like a Cross-Site Scripting attack
- For communicating with external systems we use UUIDs in data and URLs, instead of exposing sequential IDs which can lead to security risks
Best practices cheat sheet for fin-tech projects
Financial technology projects are no place for non-senior programmers. You need your best heads working on fin-tech projects.
Check out our cheat sheet to best practice rules to follow in order not to mess up critical financial data:
- Quick reporting of issues with prompt reactions
- Keep all audit logs
- Run constant integrity checks
- Be very accurate with data
- Never underestimate security
- Own and control the IT infrastructure
- Limit external access to the systems with VPNs
- Use the most secure hashing algorithms
- Encrypt sensitive data
- Keep sensitive data out of the logs
- Rate-limit incoming HTTP requests
- Sanitize user input
- Limit the number of simultaneous sessions per one account
- Never ever keep currency amounts as float - use integer amounts for total cents (ie. $12.44 stored as 1244)!
In fin-tech projects, soft skills matter too
Besides our technical expertise, the iRonin team has brought valuable soft skills and know-how to the project. There was a reason why the client wanted only top senior engineers to join the customer lease services venture! A lot of expertise in developing big systems, not only fin-tech ones, is required.
What’s excellent about senior engineers?
- Experience in smooth issue resolving - also with 3rd parties like external service providers
- Analytical thinking
- Attentiveness to details
- Responsibility for own actions
- Not-giving-up attitude
We’re proud to say our squad of senior engineers at iRonin have all these qualities in spades. The team finds tough issues and ambitious tasks an exciting challenge, and treats each as an opportunity to learn new things and develop fresh skills. What we also enjoy is the viable influence on the project and ability to see effects of our hard work almost every day - inspiring stuff!
Hire our top IT team for your financial technology project
Our vast experience, technical know-how, and useful soft skills have been paramount to performing for this interesting consumer leasing project. Our clients, an amazing financial technology company based in the US, appreciate us for our attentiveness to details, care for security, ability to quickly react to issues, great communication, and expertise in building scalable and efficient IT solutions. Our team is always full of ideas on IT system architecture and best coding practices, which helps to boost productivity and system performance. The time difference enables our team to respond to emergencies 24/7.
Do you have an upcoming, in-progress, or in need of an update financial technology venture? Then its time to get in contact with the iRonin team. Find out how we can help you to develop your innovative fin-tech app quickly and cost effectively - capitalizing on our know-how in fin-tech products with the best design, project development and coding practices.