Creating customer proxies to enable easy access to all banking services

Banks generally do not expose a customer’s information through APIs, mainly due to security concerns. As a result, the hard way for customers to access their information is through their banking credentials involving captchas and 2 factor authentication. Banking customers should be able to access all their bank accounts on their banking app, including balances, recent transactions and the like. However this can be challenging when user security should be of primary importance in banking.

91social was tasked with creating a service that could mimic the customer to access their bank accounts, while never asking for or storing the user’s bank credentials on the servers. The customer should be in complete control of the experience and should be able to see and act on the messages from the bank while the proxy is accessing the account in the background.

A headless browser was used to create a customer proxy that could mimic the user in the background. The app acts as the frontend and provides a uniform interface to all banks, while the proxy accesses the bank account on behalf of the customer. The captchas and the 2 factor authentication challenges are made visible to the user and their responses are relayed to the proxy. The headless browser chosen was lightweight with the data parser built in to extract the relevant information and send to the app. A cluster was created to handle thousands of browsing sessions concurrently with IP rotation, keeping the cluster dynamically scalable to operate cost effectively.