Clurgo logo

Payments Processing

Enhancing UX/UI and strengthening security in MoneyGram’s point-of-sale solution

Is your financial infrastructure secure?

Cybercrime is on the rise around the world and digital payments are the number one target. Aside from the financial impact, the reputational damage of a cybersecurity breach can be immense, impacting your customers, your workforce, and your shareholders.

MoneyGram's Challenge

The company's system was prompting its users to reenter their credentials at seemingly random intervals. This raised both security and user experience concerns that were far reaching.

Users grew frustrated with having to continually reenter their credentials even after seemingly brief intervals. As it would turn out, the underlying technical issue was complex.

The point-of-sale system was connected to multiple background services. Each of those services had a different session length, meaning the amount of time after which the service required reauthentication. Consequently, each service was forcing users to reauthenticate on the main system but from the user's perspective it just looked like the main system kept asking for the same credentials.

Figure 1 illustrates the asynchronous lockout process. Each time a user activated a new service, the system sent a proxy to the token management system to validate the bearer token for that service. If the token was absent (meaning the session had expired), the user was required to sign in again.

User experience was one problem, but there was an even more insidious threat. When a user was signed out due to an expired service session, other service sessions remained running. Therefore, a hacker could conceivably use a backdoor to exploit the still active services while the authorized user was signed out.

Clurgo's Solution

Lack of congruence among service sessions is not an uncommon problem among complex enterprise infrastructures. This challenge can be mitigated by distributed architectures and multiple bearer tokens.

A distributed system is an array of applications loosely connected with each other. This segmentation allows bearer tokens with varying session lengths to coexist in the system without adversely affecting its security and operation. However, MoneyGram was using an integrated architecture in which major elements were unified under a single system umbrella. This made the session length mismatch problem more pronounced.

To fix this mismatch, we introduced two essential architectural modifications (Fig. 2). First, we updated the proxy server to cache each user's sessions. Second, we incorporated the cached sessions into request headers sent to the token management system for validation. This way, the token management system knew it did not have to initiate a signout simply because one of the services timed out.

Fig. 1: Original request flow

Results & Benefits

  • Our session management solution resulted in a far better user experience and improved security. Users did not need to log in multiple times per session and remained in control of the authentication. In the words of a key MoneyGram executive: “Clurgo helped secure our centralized agent system. Our mutual work resulted in seamless user experiences with the highest level of security.”

Do you have a business need related to service architecture, security improvement, or financial applications?

Contact our expert

See similiar

Clurgo logo

Subscribe to our newsletter

© 2014 - 2024 All rights reserved.