Category

Uncategorized

Why Security is Essential for our API Partners? Security 2.0 is all you need to know!

By | Uncategorized | No Comments

During current times of big cybercrimes and security hacks across the world, it is extremely important that your system is very secure. Especially, the industry that we work and the number of stakeholders like merchants, distributors, employees, etc involved, it is imperative for all DMT systems to be hack proof. As you scale your DMT business, your systems need to get more secure.

Current API Security System

Currently, we only ask for a static developer key for authentication and identification. We do communicate to our all API partners that their developer key is confidential and should not be shared with anyone. And only “developer_key” is not enough to secure the API call. There is a still some chance of a man in the middle attack. If the developer key gets compromised then anyone can misuse your credentials to do transactions. These security compromises can be catastrophic in remittance businesses. We have seen 2-3 such security compromises every 6 months for our API partners. Eko identifies these risks and has come with an improved API security system.

 

Security 2.0

We have introduced two new parameters in our API ecosystem which will improve the API security

  1. secret-key
  2. secret-key-timestamp

The above 2 parameters need to be passed in each API call and should be passed in the request header like developer_key.

 

 

How to generate the secret key?

Steps to generate the secret-key and secret-key-timestamp

  1. Encode key using base64 encoding technique
  2. Generate current date in milliseconds which will work as salt i.e. secret-key-timestamp
  3. Compute the signature by hashing salt and base64 encoded key using Hash-based message authentication code HMAC and SHA256
  4. Encode the signature using base64 encoding technique and use this as secret-key

Now IMPS is always available for all transactions on Connect!

By | Uncategorized | No Comments

Scheduled Transaction

 

A major pain point for our distributors, API partners and merchants was the unavailability of IMPS for certain recipient banks while remitting money. In such situations, we would compel our partners our partners to necessarily use NEFT. This severely affected the customer experience due to the time taken to reach the recipient. We wanted to give the luxury of immediate money remittance services to our end-customers at all times. This is the underlying motivation behind giving the capability to schedule transactions.

Even if a recipient bank IMPS is down, the merchant is shown IMPS as a payment mode and the transaction proceeds as usual. Except he/she is shown a message that their transaction will get scheduled and kept in a queue. A scheduler at the back-end will keep trying to push the transactions every 15 minutes. This process will keep recurring for approximately an hour (this time is configurable). After this, the scheduler stops and the merchant is notified about the transaction. The merchant now has three options:

  • Reschedule the transaction: The scheduler starts again and tries the same process for another hour.
  • Convert to NEFT: The transaction is pushed with NEFT as the payment mode.
  • Refund: The merchant can initiate a refund and return the money to the customer.

Image result for Money transfer

 

In case the merchant forgets to choose one of the three actions above, then the system auto-refunds the transaction after a maximum 24 hours. In this way, there are now transactions lying idle in Eko system.

The auto-refund feature further acts as a proxy to convey adoption of this feature. The higher the system auto refunds, the lower the adoption. Additionally, we are able to drive the adoption as we can also uniquely identify the auto-refund transactions and the merchants executing those transactions. This has helped us drive the numbers and support additional business volumes that were lost to us before.