Updated: Oct 23
Scenario: The customer should be able to access all his/her bank accounts on the app, the balances, recent transactions etc. Banks do not expose a customer’s information through APIs so the hard way to access it is through the customer’s bank credentials handling the captchas and 2 factor authentications.
The Ask: Create a service that can mimic the customer to access their bank accounts, while never asking or storing the user’s bank credentials on the servers. The customer should be in complete control of the experience and should be able to see and act on the messages from the bank while the proxy is accessing the account in the background.
Solution: A headless browser is used to create a customer proxy that can mimic the user in the background. The app acts as the frontend and provides a uniform interface to all banks, while the proxy accesses the bank account on behalf of the customer. The captchas and the 2 factor authentication challenges are made visible to the user and their responses are relayed to the proxy. The headless browser chosen was lightweight with the data parser built in to extract the relevant information and sent to the app. A cluster was created to handle thousands of browsing sessions concurrently with IP rotation and keeping the cluster dynamically scalable to operate cost effectively.