Scala, Akka and Cassandra bring “Fast Data” advantage to global solution provider’s identity verification platform
Targeting the Global Identity Problem
Global cyber crime is now estimated to be costing companies $455B every year. Fraudsters continue to exploit new opportunities, whilst businesses keep throwing more money at the problem. Recent studies show that in addition to the increasing Compound Annual Growth Rate (CAGR) of fraud, the merchant revenue lost per dollar of fraud is growing as well (a key metric in the "true cost of fraud").
Paycasso, a provider of market leading software that simply and effectively verifies the identity of consumers engaged in mobile, online or in-branch transactions, is leading the charge against fraud with a three-factor authentication platform that helps merchants greatly improve identity verification success rates. The company provides its solutions to companies across a broad spectrum of industry sectors including: global corporate consulting - PwC; financial services - IG; consumer products - Philip Morris International. These companies deploy the Paycasso product suite (VeriSure™, InstaSure™, IdentiSure™ and DocuSure™) to mitigate the corporate and consumer risks associated with impersonation fraud and identity theft during both an initial on-boarding or registration process and subsequent customer account access.
The Challenge: Bring Fast Data to Three-Factor Authentication
The security industry has been talking about the possibility of multi-factor authentication systems (that use multiple “keys” to establish identity) for nearly a decade but with the recent convergence of stronger keys with rich data (like facial recognition) combined with a standardisation of NFC-chips and other biometric-based identification cards this has now become a reality.
The opportunity for the security industry is to better triangulate someone’s identity using more reliable forms of identification. The challenge is that consumer convenience still rules––and high speed authentication is mandatory for any identity solution that hopes to be adopted in a commercial situation, such as airport check-ins, bank account creation, and a whole spectrum of other scenarios where identity verification is critical.
Three years ago, Paycasso saw a major business opportunity to take a new approach to three-factor authentication to market––combining mobile devices, consumer biometrics (facial recognition), and Government issued photo identity documents. The company sought a rapid prototype that would work on mobiles and computers, backed by a stack that would be extremely reliable, yet minimize processing time.
Paycasso’s Reactive Stack With Scala, Akka and Cassandra at the Core
Jan Machacek, CTO at Paycasso, led the team that built the stack that today powers Paycasso's three-factor authentication at companies like PwC, IG and Philip Morris International.
How it Works
Paycasso’s identity and access verification solutions combine biometric computer vision with document and fraud detection algorithms to give its enterprise clients confidence that customers are who they say they are. Just as important to its clients is the consumer experience. If a process is complicated and time consuming, new potential customers will simply stop and go elsewhere. Paycasso's applications are effectively ‘black box’ components that integrate within existing systems, driving highly complex processes within just a few simple user-directed steps. Infographic screens support the user in completing these steps which include: capturing an image of their ID; accessing biometric and other data contained on eChips (embedded in many global IDs); and capturing a short video of their face. This process is accomplished without specific additional hardware and is compatible with both desktop and mobile devices. Paycasso's systems automatically capture the personal data from the ID, determine the authenticity of the ID, and compare all the captured facial images (live video, photo on the ID and the facial image from the eChip) to determine the probability of authenticity of the documents and the probability of the match between the facial images.
What’s remarkable about Paycasso’s solution is that the typical verification for this type of process historically required an in-person visit by the consumer and human judgement by the personnel of the company to evaluate the ID's authenticity, along with the completion of registration or application forms. These processes are prone to inconsistency and error, with variable degrees of scrutiny and diligence. Paycasso’s solutions can accomplish this verification in less than 30 seconds from wherever the user is located. Because consumer convenience is critical to business, time-to-verification has become a key metric for enterprises wading into the world of multi-factor authentication, where Paycasso has found major competitive advantage based on the fast data advantages of the combination of technologies in its stack.
What’s in the Stack
Scala - Scala was chosen for its flexibility and richness. Scala allowed Paycasso to implement the most challenging portions of the system whilst maintaining excellent quality and clarity of the codebase. Scala enabled the engineering team to make the most of Akka and the other powerful libraries in its ecosystem.
Akka - Paycasso used many features of Akka, including Akka HTTP (formerly Spray), Akka Persistence and Akka Cluster Sharding. The Paycasso system used Apache Cassandra as the journal and snapshot store, Akka HTTP for the endpoints which receive the streaming data from the client applications, Akka Persistence ensures the reliability of the biometric and forensic computer vision code. Finally, Akka Cluster and Akka Cluster Sharding ensure that the system is available and responsive under varying load—a must given the sensitive nature of the information Paycasso's processes.
Apache Cassandra - Paycasso’s journals and snapshots are stored in Apache Cassandra, a highly-scalable, decentralized NoSQL database. The journals and snapshots are an essential component in CQRS/ES systems, and they provide the backing for elastic cluster scaling.
RabbitMQ - RabbitMQ, part of the Reactive Streams initiative, is a cluster-friendly, decoupled, highly-scalable message broker. Paycasso utilizes RabbitMQ to stream the video frames from the Akka core to the components that perform the biometric and forensic computer vision operations. RabbitMQ decouples the JVM and the native processes, simplifies elasticity, and provides good monitoring support.
Why Paycasso Went With a Reactive Stack
For the new fast-data pipeline stack to succeed, the system had to work with many components in native code—mostly C++ code compiled to platform-native binaries, according to Machacek. The reactive nature of all aspects of the system ensures consistency and architectural clarity. On the JVM, Akka and Scala (supported by Apache Cassandra) are the natural choice; RabbitMQ forms the bridge between the JVM world and the native binaries that implement the vision code. Most importantly, this architecture fully supports streaming, which is crucial in processing the video of the user’s face captured during the matching process.
The Reactive Stack makes the new system possible. It is responsive and reliable, giving the users and clients the confidence in its architecture and implementation. With the Reactive Stack, video frame data can be analysed as it arrives in a stream. Machacek said he could not have met the performance, resilience and responsiveness requirements using any other approach.
I was tempted to say it wouldn’t be possible,” he said. “I had to architect a system that could process frames from a video stream as they arrived; performing rather complex calculations on each frame. Moreover, the video contains very sensitive information: user’s identity documents and their faces. Finally, even though the computation the system performs is very complex, the users expect an answer immediately. All this meant that the Reactive Stack, particularly Scala and Akka, was the best option.Jan MachacekCTO, Paycasso
One of the first things considered during the evolution of the early prototypes was how to ensure that the C++ code, compiled to platform-native binaries, fitted into the message-passing nature of the core of the system. Paycasso decided to use RabbitMQ as a broker between the Akka system and the native components, with the necessary bindings to Akka as well as C++ it brought the elasticity and reliability needed but crucially, it facilitated a consistent approach in every aspect of the system. Because the system processes very sensitive information, it must be resilient and responsive. To achieve this, Paycasso used CQRS/ES, as implemented in Akka Persistence and Akka Cluster Sharding. This provided the required resilience, responsiveness, and elasticity but also encouraged good programming practices with immutable data structures, making it easier to reason about the underlying nature of distributed systems.
The architecture of the system makes it possible for Paycasso to expand the capabilities of the existing system. The stack encourages good architecture practices, and the frameworks and libraries in the Reactive Stack allow the engineering teams to apply the same good practices to the implementation.
Inspired by this story? Contact us to learn more about what Lightbend can do for your organization.