Savemates.com business plan

6,991 views

Published on

An extensive business plan created for Savemates.com as part of our regulatory submission to the FCA

Published in: Business, Economy & Finance
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
6,991
On SlideShare
0
From Embeds
0
Number of Embeds
4,875
Actions
Shares
0
Downloads
66
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Savemates.com business plan

  1. 1. S A V E M A T E S Build savings, make money. With help from your mates. SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE 1 CONFIDENTIAL
  2. 2. CONTENTS • Overview • Market definition • Company Structure • Background to savings clubs • Governance - important processes • Demo • User Experience Flow • Our product - Savemates clubs • User Experience - Handling Defaults • The business vision - Positive personal finance • Anti-Money Laundering and Fraud Prevention Strategies • Marketing plan • Security and Technology Platform Overview • Competitors • Technical Architecture Overview • Team • Pay-in Process / Payment Flow • Financial projections • Pay-out Process / Payment Flow SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 Appendix: PAGE 2 CONFIDENTIAL
  3. 3. OVERVIEW WHAT IS SAVEMATES? • Savemates is a peer to peer savings and loan service. HOW DOES IT WORK? • Users pay in a pre-agreed monthly amount to We enable groups of trusted friends to create and manage ongoing monthly savings clubs that ensure • in at the start of the month, one member of the saving through shared social commitment. • their Savemates club. Once everyone has paid club gets the total balance paid out to them. This is repeated until everyone has had a payout. We think of it as ‘weightwatchers for savings’ We aim to build Savemates into a large, defendable consumer finance brand - the consumer champion at the heart of the P2P finance revolution. SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 • Payouts can be transferred to your bank account, or used to take advantage of one of our P2P Savings deals, typically earning 5% interest. PAGE 3 CONFIDENTIAL
  4. 4. CONSUMER FINANCE LANDSCAPE The consumer finance market in the UK is completely broken. Relationship between the big banks and their customers is 89% £8.9BN Customers are routinely mis-sold overly complex products that get them into further financial trouble - while bosses and bankers get ever bigger bonuses and public bailouts. TOTAL PPI MIS-SELLING COMPENSATION PAYOUTS TO BANKERS TO ACT IN THEIR INTEREST JANUARY 2013 (FURTHER £4BN EARMARKED SO FAR) Source - Which? consumer survey 2012 characterized by mistrust and hatred. OF CUSTOMERS DON’T TRUST Source - FSA HSBC £2.8BN MOST VALUABLE BANKING BRAND TOTAL FINES PAID BY HSBC IN 2012 FOR MIS-SELLING, Source - WPP Brandz survey 2012 MONEY LAUNDERING AND TERRORIST FINANCING Source - BBC SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE 4 CONFIDENTIAL
  5. 5. CONSUMER FINANCE LANDSCAPE To combat fear and uncertainty saving is on the rise . . . and P2P lending firms are growing off the back of it 8.09% 5% AVERAGE MONTHLY INCOME SAVED Q4 2012 GROWTH IN UK DEPOSITS 2102 (HIGHEST ON RECORD) 900 600 300 0 2006 2007 2008 2009 2010 2011 2012 Source - Mintel TOTAL P2P LOANS FROM U.S STARTUPS ‘LENDING CLUB’ AND ‘PROSPER’ Source - NS&I 2013 survey Source - Techcrunch £80Bn £111 £12.3Bn 5% TOTAL HOUSEHOLD SAVINGS 2012 AVERAGE MONTHLY SAVINGS AMOUNT PREDICTED SIZE OF BUSINESS P2P LENDING MARKET TYPICAL RETURN FOR ZOPA LENDERS Source - NS&I 2013 survey Source - NS&I 2013 SURVEY Source - NESTA report, 2013 Source - Zopa SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE 5 CONFIDENTIAL
  6. 6. BACKGROUND TO SAVINGS CLUBS • Savemates is based on an existing concept called a Rotating Savings LOCAL NAMES FOR ROSCAS and Credit Association (ROSCA). • “Tontine, Tibissiligbi, Pari, Song-taaba, Chilemba, Stockfair, Kutu, Kootu, Kongsi, Tontine, Hui, Main, Kut Kutunderrera, Throw a box, Boxi money, Syndicate, Tanda, Chit Funds, Cheetu, Khatta, Sanduk, Sandook Box, Savemates” ROSCAs are used all over the world, generally by poorer communities to build savings and financial independence. They have a huge variety of names - See box • Indeed, ROSCAs are generally the first step that money based societies take towards to banking. After ROSCAs comes Credit Unions (essentially ROSCAs with asymmetric payouts and interest on loans) SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE 6 CONFIDENTIAL
  7. 7. SAVEMATES Build savings, make money. With help from your mates. ELEVATOR PITCH: “Weightwatchers for saving” SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE 7 CONFIDENTIAL
  8. 8. DEMO PLEASE VISIT: www.savemates.com SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE 8 CONFIDENTIAL
  9. 9. WHY USE SAVEMATES TO SAVE? 1 2 3 SAVING IS HARD. SAVING IS BORING. SAVING IS POOR VALUE. SAVEMATES IS EASY. SAVEMATES IS FUN. SAVEMATES MAKES YOU MONEY. The temptation is always to skip a Compared to spending, saving is Current UK short term savings payment or use debt to bridge dull as ditchwater. accounts will earn you around 1% income gaps. Savemates helps overcome this by interest - and that’s if you managed to actually save something. Savemates helps overcome this providing fun and engaging social through a shared commitment, savings models including vote, Our Savemates P2P savings deals can and everything is automagic. shuffle and bid. earn you 5%+ on your pay-out. SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE 9 CONFIDENTIAL
  10. 10. THE SAVEMATES PRODUCTS 1 2 ? ? 3 4 ? ? ‘TURN’. ‘VOTE’. ‘SHUFFLE’. ‘BID’. GREAT FOR FAMILIES GREAT FOR COMMUNITY GROUPS GREAT FOR WORK COLLEAGUES GREAT FOR SMALL BUSINESSES The simplest Savemates A fun voting mechanic lets Payout order is random, A more complex product. group. Payouts are members pitch each other creating a fun shared event Members bid (high or low) ordered by the group why they should get the on pay day - but eventually in a monthly auction to creator. payout this month everyone wins. determine payout order. Fee: 1% on payouts Fee: 1% on payouts Fee: 1% on payouts Fee: 20% on rollover SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE 10 CONFIDENTIAL
  11. 11. THE VISION: POSITIVE PERSONAL FINANCE At the heart of the Savemates business lies a simple but powerful OUR BRAND mission - to make money a positive force in our customers lives. • • We will build the next great internet personal finance brand. • Savemates customers save together with people they trust and love who help them reach their goals • Savemates will be the consumer brand of choice at the heart of the P2P finance revolution, putting individuals and the people they love in control of • their financial lives. By building their savings can take control of their financial lives, and reduce their reliance on debt. • Again, ‘weightwatchers for savings’ is a valuable touchpoint - most the weight loss industry is • If they choose to make money from their savings through our P2P savings offers they’re then lending to real people and small characterized as dodgy and suspect claims. In contrast weightwatchers is a true community, with a proven weight loss method - and its fun! businesses, SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE 11 CONFIDENTIAL
  12. 12. MARKETING PLAN Primary segments • Families they have created. • Savemates marketing will mainly be done by our primary users asking their friends and families to join the groups • • Colleagues We will therefore focus our direct marketing efforts on influencing these primary users, who we believe to be influencers themselves. • We will also develop the Savemates brand as the voice of the consumer in the P2P finance landscape - offering content and support for savers and people looking to get back in control of their money. SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 Secondary segments • Existing cash ROSCA operators • Community groups Channels • Direct PR • Content marketing via Savemates brand • Digital advertising - Google Adwords and Facebook • Partner marketing - working with trusted partners PAGE 12 CONFIDENTIAL
  13. 13. COMPETITOR ANALYSIS Option: Save into a standard saving account Option: Unsecured personal loan Option: Join an existing ROSCAs Players Big Finance - HSBC, Lloyds, HBOS, Barclays etc Big Finance - HSBC, Lloyds, HBOS, Barclays etc Direct lenders Credit card co’s - First Capital, Virgin, Barclaycard etc Various - community level initiatives Strengths Trusted brands (debatable!) Convenient for existing customers Brand (debatable!) Ease of access Get your money tomorrow Already established Weaknesses No motivation to ensure saving Complex product portfolios Very poor interest rates General consumer hatred High interest rates Complex product portfolios General consumer hatred Organisational and business models not equipped for scale Cash systems unattractive to busy people Our advantage Get money quicker (for most users) Results - you will save + its fun Better rates if P2P saving offer taken up Non-Toxic Brand Low interest rates - essentially free Non-Toxic Brand Scale Brand Technology / Security SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE 13 CONFIDENTIAL
  14. 14. TEAM DANIEL MC ALEESE Daniel is Savemates Skilled Person and Compliance Advisor. He supports Nick with Savemate’s Compliance monitoring and AML and Fraud prevention activity. Daniel is an ex-regulator, and now NICK MARSH STEF LEWANDOWSKI PAUL BIRCH Nick is a Director of Savemates Stef is a Director of Savemates Paul is a Director of Ltd. and our CEO and CCO. Ltd. and our CTO. Savemates Ltd. and our angel supports several financial services companies with compliance investor. issues through his company Robinson Mack Ltd. MARTIN CAMPBELL Martin is Savemates marketing advisor. Previously he was head Nick is an experienced digital Stef is an experienced software product designer and engineer and technical Paul is an active angel investor of media at Zopa Ltd. Before that he designed financial products entrepreneur. architect. based in London and sits on for Virgin Direct and Aviva. He was previously Managing He was previously co-founder Director of Sidekick Studios, a and CTO of Aframe.com, a VC London based innovation agency, the boards of several high growth technology businesses. SIMON DEANE-JOHNS backed professional video He was previously co-founder Simon is Savemates general counsel. Previously he was chief and has designed products and startup. Prior to this he founded of Bebo.com which sold to legal advisor to Zopa Ltd and now advises several UK based services for Aviva and Barclays. and ran a digital agency. AOL in 2008 for $850M. financial services startups including Savemates. SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE 14 CONFIDENTIAL
  15. 15. HOW WE MAKE MONEY • There are four revenue streams in the Savemates business. ASSUMPTIONS USED TO BUILD OUR PROJECTIONS • • Fees. We charge 1% on all payouts for our simple products. Partner fees. We earn commission for referring customers to savings • Average group saves £1000 per month • 20% monthly growth rate in group numbers (softening after first year) products and other deals when they collect their payout. • • Data sales. We have unique data about our customers, including who they trust to advise them about money, when they have money to spend etc. SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 5% of payouts convert to partner product, earning 10% commission. • Data sales income not included PAGE 15 CONFIDENTIAL
  16. 16. PROJECTIONS Year 1 Year 2 Year 3 Year 4 Year 5 Total groups 1392 15,524 74,884 188,600 352,616 Total balance £1.39M £15.52M £74.88M* £188.6M £352.6M Income(1) £80, 271 £1,270,166 £8,064,677 £25,338,859 £51,688,819 Fixed costs(2) £148,625 £80,221 £509,348 £1,600,349 £3,264,557 Gross Profit -£68,354 £1,189,945 £7,555,329 £23,738,510 £48,424,262 Overheads(3) £211,000 £480,000 £1,500,000 £2,880,000 £3,240,000 Net profit -£279,354 £709,945 £6,055,329 £20,858,510 £45,184,262 Assumptions: Referral income generated from Y1,Q3. Transaction fee reduced to 0.1% Y1,Q4. International expansion end of Y3. * = 1% UK market (1) Commission fee @1%, Referral fees @ 10% on 5% of payouts / (2) Transaction fees @ 2,9% for first 6M, then 0.1% / (3) Salaries, marketing, development SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE 16 CONFIDENTIAL
  17. 17. APPENDIX 1. Company Structure 2. Governance - Important processes 3. User Experience Flow 4. User Experience - Handling Defaults 5. Anti-Money Laundering and Fraud Prevention Strategies 6. Risk management and Compliance 7. Security and Technology System Overview 8. Technical Architecture Overview 9. Pay-in Process / Payment Flow 10.Pay-out Process / Payment Flow SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE 17 CONFIDENTIAL
  18. 18. COMPANY STRUCTURE Board of Directors Nicholas Marsh, Stef Lewandowski, Paul Birch Chief Executive Officer Nicholas Marsh Chief Technology Officer Stef Lewandowski Marketers Developers SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 Chief Compliance Officer Nicholas Marsh Advisory Committee Martin Campbell, Simon DeaneJohns Skilled Person / Compliance Advisor Daniel Mc Aleese PAGE 18 CONFIDENTIAL
  19. 19. GOVERNANCE - IMPORTANT PROCESSES Software development processes. Hiring and HR processes. Compliance processes. Savemates is a digital business, and our customers access our Our entire engineering team is based in the UK. We Alongside our software development processes, which service exclusively through our website. That’s why we take request personal information from all our permanent involve our CCO, we also have the following compliance DOCUMENTS our software development processes very seriously. staff and contractors and conduct background checks processes in place: For more details on our internal We use a mixture of best practice Agile and Scrum project and request references before they join our team. • Daily payments reconciliation and review processes and governance model please • A monthly compliance meeting with all senior refer to the following documents: management methods. The team has daily standup meetings to raise issues, and every two weeks we review progress as a We have clear disciplinary procedures in pace in the whole group (‘sprint review) and decide on which features to event of misconduct which are outlined in our HR develop next (sprint planning). manual, which is required reading for all Savemates We version our software using Git, so all commits are fully developers and employees. auditable and connected to individual developers GitHub OTHER marketing and engineering staff and our skilled person • Savemates HR manual All permanent staff are given Anti-Money-Laundering • Savemates Compliance Manual training • • • Savemates software Any changes to the transaction manager authorized by development internal wiki CCO and CTO. accounts. No developers have access to production data, and Much more additional information can be found in our all changes to the transaction manager must be personally Compliance Manual, which is required reading for all authorized by the CTO and CCO. Savemates developers and employees. More information: http://en.wikipedia.org/wiki/Agile_software_development http://en.wikipedia.org/wiki/Scrum_(development) http://en.wikipedia.org/wiki/Git_(software) SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE 19 CONFIDENTIAL
  20. 20. USER EXPERIENCE - OVERVIEW Joining as a first user and creating a group Joining as an invited user Paying-in • • • First time users join Savemates by clicking the ‘create • They are then prompted to enter account information (name, email, profile photo, password) which creates a user account and allows them to create a group. • • Application asks the Transaction Manager Application to Please see the following slides On the page they can then see the amounts debit the cards of all group members with the correct for more detail, or review the and who else has been invited • MORE DETAIL group page group’ button on savemates.com. When the pay-in date is reached the Group Manager amounts Invited users get an email with a link to the They click join, and then add their debit card • This is then passed on to our payment gateway Stripe, who details for the pay-in, their bank account process the transaction and deposit the funds into our shuffle) • They then choose the type of group (turn based or details for the pay-out and their address. client money account They then specify the pay-in amount for the group • At this point the Savemates risk and the number of members • management application checks their details, They then add the people they want to join the group and if they have a low risk score they join the by providing a name, email and profile photo • • group 23) Visual description of UX page 22 • How we handle defaults page 23 / 24‘ • Our AML process - page 24 They then customize the invite for the people they Activating a group Paying out Finally, to create the group and send their invite they • • When enough approved users have joined • the group the first user receives an email pay-out gets an email notification with a link to the pay-out account details for the pay-out and their address. asking them to activate the group page At this point the Savemates risk management • On the page they can click ‘activate’ • • This then sends emails to all group members • • Technical process for payout - page 32/33 On the page they click a button that says ‘get pay-out’ application checks their details, and if they have a low Technical process for payin - page 30/31 When the pay-out date is reached the user receiving the add their debit card details for the pay-in, their bank • • If it is unsuccessful our default process begins (see page want to join the group • savemates.com If the transaction is successful the user gets an email notification. • process yourself at We will then manually transfer the funds from our client risk score their group is created and invitations sent SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 and begins the first pay-in process. money account to their bank account within 24 hours PAGE 20 CONFIDENTIAL
  21. 21. USER EXPERIENCE - FLOW Create group and join Group Admin Create account name, email, address, debit card, bank details Create group Standard User System Activate Invite friends Get invite AML / Fraud check Pay-in Activate group Create account name, email, address, debit card, bank details AML / Fraud check Email Notification Email Notification Email Notification Pay-out Pay-in via Debit card or Direct Debit Email Notification Visit page to get payout ID request (in some cases) Get pay-out Pay-out via bank transfer or Direct Debit Internal check - Risk Score External check - Credit check, Sanctions list SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE 21 CONFIDENTIAL
  22. 22. USER EXPERIENCE - HANDLING DEFAULTS We expect the default rate to be very low for several reasons: • Trust between group members. Customers cannot join groups with people they don’t know, and equally they cannot invite members they don’t know. This means that all group DEFAULT MESSAGING / OPTIONS Once a user has been ejected from a group and their account blacklisted Savemates simply reduces the number of members in the group by one, and the pay-out amount members should know what they are getting into, and our messaging will be very clear that they should not join groups they cannot afford. • goes down by the value of one users pay-in. At this point we send each member of the group an email with a message outlining their options. Social pressure. The whole Savemates concept relies on social pressure from people you • not had a payout. We send a message that explains how much their pay-out know and love to ensure that saving is prioritised! • Forgiveness. However, because group members know each other, if there is a legitimate amount will be reduced by. • to the defaulting user if they so wish. • will be reduced by, and how much they should request from the defaulting user if 72 hours. If this second attempt fails we will notify the group of the late payment. After 72 send the remaining group members a message with their options (see box). If the defaulting user has had a payout and the user we are emailing has not had a payout. We send a message that explains how much their pay-out amount When a user does default we will first notify the user, and try and re-debit the account after hours we will try and debit again. If this fails, we will eject the user, blacklist their account and If the defaulting user has had not a payout and the user we are emailing has had a payout. We send a message that explains how much they should pay back reason for the default (say, loosing a job) the group members will forgive the default, as they understand the personal circumstances. If the defaulting user has not had a payout and the user we are emailing has they so wish. • If the defaulting user has had a payout and the user we are emailing has had a payout. We send a message that explains how much everyone elses payout amount will be reduced by. SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE 22 CONFIDENTIAL
  23. 23. USER EXPERIENCE FLOW - DEFAULTS 72 hours User contacted via email User System 72 hours Debit attempted Debit fails SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 Group contacted via email Debit attempted Debit fails Individual members sent email with options Debit attempted Debit fails User removed from group and blacklisted Group payout reduced PAGE 23 CONFIDENTIAL
  24. 24. ANTI-MONEY LAUNDERING AND FRAUD PREVENTION STRATEGIES To prevent Savemates being used for fraudulent activity we have the following controls in place: • Automatic checking of all accounts against HM Treasury sanctions list • Separate Risk Management Application reviews each new user and new group and monitors activity for non-standard behavior using a proprietary algorithm which assigns a risk score to each user and group. Example factors we monitor include users joining multiple groups with the same debit card, new groups with high pay-in and pay-out amounts, groups with suspicious social profile data, etc. This algorithm is continually refined, and actively developed by our engineers and CCO. • In the event of an edge case being detected by the Risk Management Application we request a scan of UK passport which is reviewed manually before before we payout • Pay-in limited to £250 per month per user per group • Groups limited to 10 members, thus limiting monthly payout to £2500 maximum • Average 30 days delay from pay-in to pay-out (funds held in Client Monies Account) • Users cannot sign up without a UK debit card and its registered UK address • Users can only receive pay-outs into UK bank accounts • We keep complete, encrypted records of every user interaction and transaction with the system • Our CCO works closely with our CTO to actively update our AML and fraud prevention strategies SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE 24 CONFIDENTIAL
  25. 25. RISK MANAGEMENT AND COMPLIANCE Risk: Loss/change of clearing bank • Response: Our service oriented architecture makes it easy for us to Risk: Credit Risk • change providers Risk: Loss of top clients • Response: While Savemates may lose some important clients at any Response:There is no credit risk as no credit or financing will be offered • by Savemates. All clients will need to have cleared funds on deposit. Response: The business can operate from any location providing there is secure internet access and access to printing facilities. Savemates has Risk: Liquidity risk produced a disaster recovery plan. Response: With minimum overheads, the firm will have little liquidity Risk: Compliance Risk risk should revenues decrease substantially • time, it is Savemates strategy to gather a large number of clients so that • its revenue generation is evenly spread out, whereby it will not be Risk: Operational Risk materially reliant on a small number of clients for the majority of its • Response: Savemates will ensure full compliance with the rules and regulations of the appropriate regulatory authorities. Savemates has Risk: Managing Client Risk Response: As all services are provided online and bank accounts are retained the services of Robinson Mack Ltd; regulatory consultants, to held separately, there is minimum operational risk save for I.T problems income and thus being adversely affected should it lose some clients. advise on all regulatory issues and provide training on an ongoing basis. (see disaster recovery plan) Response: As we will not be giving clients any investment advice, the Risk: Key Person Risk clients will need to effectively manage their own risk. • Risk: Systems Risk/Disaster Recovery Plan • Risk: Conflict of Interest • Response: Savemates does not envisage any potential conflicts with its Response: As Savemates will be providing online services only, clients clients. Employees of Savemates may open a Savemates account but no can continue to trade should anything happen to key individuals at conflict arise that may disadvantage other clients in any way. Response: There is no transactional counter-party risk as Savemates is Savemates. Savemates will endeavour to replace any key staff as quickly Notwithstanding the above, Savemates has an independence policy of just providing the online faclity. as possible. disclosing any material conflicts of interest to clients and any other third Risk: Counter-Party Risk • party. SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE 25 CONFIDENTIAL
  26. 26. SECURITY AND TECHNOLOGY SYSTEM OVERVIEW - 3RD PARTY SERVICES Heroku.com Amazon Web Services Stripe.com Savemates applications are hosted on the Heroku web Heroku is built on Amazon Web Services (AWS) EU Savemates uses Stripe.com to process debit card platform. Heroku is a cloud application platform owned by based infrastructure. transactions. FURTHER READING For more information on AWS security please visit: salesforce.com https://aws.amazon.com/security AWS data centre operations have been accredited Stripe uses a form of tokenized encryption and embedded The Heroku platform inherently protects customers from under: forms that means Savemates never stores or handles threats by applying security controls at every layer from • ISO 27001 actual debit card data. Stripe is a certified PCI Level 1 For more information on Heroku physical to application, isolating customer applications and • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously service provider with US and UK operations. security please visit: data, and with its ability to rapidly deploy security updates without customer interaction or service interruption. SAS 70 Type II) • PCI Level 1 • ISMA Moderate https://policy.heroku.com/security For more information on Stripe security please visit: https://stripe.com/help/security DISASTER RECOVERY PROCEDURE We use the above web-scale services for a reason. The Platform as a Service architectures used by AWS and Heroku means that we cannot experience an unrecoverable disaster, with the exception of a simultaneous total physical attack on both availability zones of AWS EU data centers, which are in two different locations within Europe. With that exception excluded, we will always have complete records in our databases of every transaction and group stored on the AWS / Heroku infrastructure, and we keep a full version history of every commit/ change to the application on Github.com (a $100M backed version control system) which also runs on AWS infrastructure. SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE 26 CONFIDENTIAL
  27. 27. SECURITY AND TECHNOLOGY SYSTEM OVERVIEW The Savemates system architecture pattern conforms to industry best practice of Service Oriented Architecture and clear separation of concerns and data. See the following slide for a technical architecture diagram. Our system has the following characteristics: • We conform to PCI design principles • We use only a small number of well managed 3rd party services (see previous slide) • We conduct regular penetration testing of our application by third party services • We operate a need to know information policy, with only our CTO and CCO having access to production data via SSH keys provided by Heroku and admin interfaces via secure passwords and white listed IPs • All data is securely transmitted over SSL • All data in transaction manager database encrypted with AES 256Bit encryption • We keep full, encrypted records of every transaction, including full transaction history, and logs of all actions during admin user session against admin accounts for five years. • We only use simulation data on staging and development services and there is no developer access to production database SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE 27 CONFIDENTIAL
  28. 28. TECHNICAL ARCHITECTURE OVERVIEW Version 1 - First Risk App 6-12 months Admin App Manual Savemates online banking User bank account Token auth. Token SSL £ over SSL auth. Sales website Group Manager Application over SSL Transaction Manager Application Pay-out Savemates Client Monies Account Token auth. over SSL • SSL schedules • • SSL Basic user info/ID, • Pay-out bank account details Audit-able transaction history of all pay-ins and pay-outs group membership £ Stripe Tokens • Groups and payment Stripe Pay-in User debit card Encrypted SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE 28 CONFIDENTIAL
  29. 29. TECHNICAL ARCHITECTURE OVERVIEW Version 2 - 6 months + Risk App (requires bank API access) Token Savemates Client Monies Account SSL auth. Sales website Group Manager Application • SSL Transaction Manager Application • SSL Basic user info/ID, Stripe Tokens • Pay-out bank account details • Groups and payment schedules • over SSL Audit-able transaction history of Unknown? Bank API / Direct Debits £ User bank account all pay-ins and pay-outs group membership Encrypted SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE 29 CONFIDENTIAL
  30. 30. PAY IN PROCESS / PAYMENT FLOW Version 1 - First 6-12 months Token auth. auth. over over SSL Group Manager Application Token SSL Savemates user IDs + amounts Transaction Manager Application Stripe user tokens + amounts Transaction status SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 Transaction status User debit card Stripe Debit £ card charge Savemates Client Monies Account PAGE 30 CONFIDENTIAL
  31. 31. PAY IN PROCESS / PAYMENT FLOW Version 2 - 6 months + (requires bank API access) Token Unknown auth. over SSL Group Manager Application Savemates user IDs + amounts Transaction Manager Application Direct Debit Charge Transaction Transaction status SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 User bank account auth? status Bank API £ Charge Savemates Client Monies Account PAGE 31 CONFIDENTIAL
  32. 32. PAY OUT PROCESS / PAYMENT FLOW Version 1 - First 6-12 months User bank account Token Manual process auth. auth. over SLL / bank over SSL Group Manager Application Token over SSL website Savemates user IDs + amounts Transaction Manager Application Account number, sort code + amount Transaction SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 Online banking for Savemates Client Monies Account Barclays data status Admin App £ services PAGE 32 CONFIDENTIAL
  33. 33. PAY OUT PROCESS / PAYMENT FLOW Version 2 - 6 months + (requires bank API access) Token Unknown auth. Group Manager Application user IDs + amounts Transaction Manager Application Direct Debit Charge Transaction Bank API Charge Savemates Client Monies Account Transaction status SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 £ auth? over SSL Savemates User bank account Status PAGE 33 CONFIDENTIAL

×