Airplane for fintech: sensitive workflows, data protection, fraud investigation, and more

Building a product that interacts with financial systems and institutions tends to require a number of manual operational workflows. As a result, fintech and insurtech companies invest a significant amount of engineering effort into building internal workflows and processes for support, ops, risk, compliance, and other teams. This is why these companies often dedicate some percentage of their headcount to developing internal tools.

One challenge is building internal tools while accounting for security and compliance requirements. To do this, engineers at fintech companies have to invest a ton of time in figuring out the right way to architect internal tools in a way that supports permissions, approval flows, audit logs, and other safety controls.

Additionally, internal tools often lag behind customer-facing product to begin with because engineers are focused on optimizing the company's core offering.

Airplane offers a solution by enabling engineers to transform code into enterprise-grade internal apps in just minutes that anyone on your team can use safely.

Why fintech companies choose Airplane

Fintech companies can better serve their customers when they have a system to handle the complicated and manual operations that are essential to conducting business. Airplane enables them to operate more efficiently by:

  • Making it easy to set up granular role-based permissions and approval flows around sensitive tasks
  • Enabling support, risk, ops, compliance, analysts, customer success, and other non-engineers to safely run operations that were previously engineering-only
  • Eliminating the time that developers spend on running recurring eng-heavy operations and managing infra for internal tools
  • Limiting the level of interruptions that developers experience so they can move more quickly against product roadmaps

Use cases

  • Repetitive, manual tasks
  • Operationally sensitive workflows
  • PII and data protection
  • Fraud investigation and anti corruption
  • Multi-step, human-in-the-loop workflows
  • Customer or merchant onboarding
  • More use cases

Repetitive, manual tasks

Without internal tools in place, manual operations and repetitive transactions can become a huge bottleneck for fintech companies. These include things like:

  • Add a credit to an account
  • Look up accounts with late payments
  • Locate the status of a monthly deposit
  • Process a refund to a merchant via Stripe

Typically these issues come in through the customer success, support, or ops teams but require engineers to get involved every time to either directly write queries against a DB or hit a combination of internal and external APIs depending on the transaction.

Let's say there's a REST API endpoint or a JS or Python script that encapsulates the logic to add a credit to an account. Instead of having an engineer manually run a script or hit an endpoint using something like Postman, you can deploy this script to Airplane in a couple of minutes, and Airplane will automatically add a UI, let you specify input validation rules, permissions, and more. What used to be a manual task involving a ping to the engineering team is now an app that anyone can use in Airplane.

Since things like adding money to an account may be sensitive, you can also include an approval step requiring another person to confirm before the operation actually executes. We'll talk more about approval flows for sensitive operations in the next section.

The below is an example of a task to issue a credit where manager approval is required for credits above $100.

Operationally sensitive workflows

Some of the many manual, repetitive tasks that fintech companies encounter tend to be more operationally sensitive in nature. Here are some examples of common sensitive tasks that can be automated using Airplane:

  • Billing operations such as moving money between accounts, issuing a refund to a merchant, or updating an account's billing information
  • Bulk actions where tasks such as "charge $X to all accounts with criteria from this lookup" could result in significant cleanup if done incorrectly
  • GDPR or CCPA-related data operations which are often highly sensitive due to their irreversible nature and record-keeping requirements
  • Deleting a user, a transaction, an account, an environment, or any other piece of sensitive data

Broad access to these operations could result in accidental deletions of data, unintentional config changes, and erroneous transactions. This is why engineers tend to run these operations themselves and often become a bottleneck for the rest of the organization. Airplane makes it easy to safely share these operations more broadly.

You can layer group-based permissions, approval flows, input validation rules, notifications, and audit logs on top of tasks to ensure sensitive operations are done in a safe way.

Granular permissions

Since each task in Airplane represents a single, unique operation, you can specify at a very granular level which groups and users should have access to view, request, or run certain tasks.

Create groups in Airplane and specify who has access to which tasks:

Approval flows

Create approval flows so sensitive tasks have separate groups that are allowed to request and/or approve them. You can send requests to specified groups directly on Slack. A member of the group can then execute the request or reject it from Slack.

Here are a few examples of common workflows at fintech companies that would benefit from approval flows:

  • Transferring money to a merchant
  • Issuing refunds above a certain threshold
  • Overriding a payment / transaction
  • Clearing delinquent or late payments

Requesting a task to transfer money to a merchant might look something like the below in Airplane. Let's say we want to lock down money transfers so they require manager approvals. I can send my task request to individual approvers or to groups.

I've requested the task and set reviewers as Ravi Parikh, Joshua Ma, and the Support Managers group. They can receive notifications in a couple different ways.

Notifications can be received and approved directly from Slack:

Approvers can also receive email notifications or access requests from their emails and their Airplane inboxes.

Email:

Airplane Inbox:

Safety and audit logs

Airplane is also SOC 2 compliant and you can self-host Airplane agents within your own VPC. Additionally, every operation is recorded in an audit log.

For example, let's say a customer believes they were double charged for something on the account. An audit trail can help determine when the billing task was run and who can best be contacted to help sort out the issue.

In the example below, you can use logs to see every time someone ran our task from above "Transfer Money to Merchant."

PII and data protection

Personal finance information such as credit card information, SSNs, or anything else that can be tied back to personal identity are considered PII (Personally Identifiable Information) and must be treated carefully.

Airplane can be used to limit who at your organization has access to PII. Depending on the organization, training and certifications are required for those handling PII and with Airplane you can ensure that your team can contribute without putting your customers' PII at risk.

For example, your ops team can use Airplane tasks to pull specific customer transactions and confirm payments without having access to credit card information or SSNs. Many companies use Airplane to give their ops or support team access to a constrained set of job-related SQL queries, rather than general database access, to protect PII.

You can also use Airplane to run a Python or JS script that makes a request and then sanitizes data to display only what's necessary to an end user. The below task allows you to pull a sanitized version of a payment confirmation (without credit card details) using a transaction ID.

Fraud investigation and anti corruption

Since fintech companies often have to monitor hundreds or thousands of transactions daily, workflows that enables them to detect fraud, flag users, and clear false alarms are critical. New review processes are time-consuming to spin up and keep up to date because there are so many cases that it's hard to build one system that covers all of them without a heavy resource investment.

With Airplane, you can write scripts to detect patterns of malicious behavior, create schedules for running checks, and automate notifications that are sent to you in case fraud is detected.

You can also use Airplane to look up all the customers, accounts, or transactions that have been flagged and to mark a customer as cleared or fraudulent.

Here are some specific examples:

  • Run a daily check for patterns of malicious behavior and build a report
  • Look up all flagged transactions tied to an account
  • Clear a specific transaction that was marked fraudulent
  • Notify me when a user has been flagged

Here's an example of a 3-step runbook (multi-step workflow created from stitching together single operations) to help track fraudulent transactions.

First, it looks up all transactions that were flagged as fraudulent using a SQL query. Then, there's a task to generate a fraud report. Finally, it sends a Slack notification with details.

Multi-step, human-in-the-loop workflows

Pricing workflows are another common set of operations fintech companies that are involved in alternative assets or act as marketplaces utilize.  Companies like Alt and Opendoor buy and sell bespoke assets like baseball cards, small businesses, or houses. Pricing analysts at these companies go through a multi-step process to look at different qualities of the asset and determine a price.

Since these processes often contain multiple steps that span across many different teams, they require a lot of leg work. For example, data scientists help build the forecasting model while pricing analysts help with risk evaluation and tracking historical trends. The diligence team is responsible for taking the process from open to closing the deal.

Airplane can help alleviate the burden by simplifying the process, acting as a source of truth housing all operations centrally, and by safely automating various steps.

Companies using this type of workflow tend to iterate on their pricing model frequently so having a tool like Airplane that lets them change parameters and workflow logic easily saves them an enormous amount of time.

Customer or merchant onboarding

At many enterprise fintech companies with manual onboarding processes, the customer success or implementation teams need to execute a series of tasks to bring on a new customer. Typical onboarding tasks include:

  • Migrate the customer's historical data, e.g. transaction history or bank statements
  • Importing holdings from one financial services provider to another
  • Set up account permissions and payment reminders
  • Create a new account and set initial account metadata
  • Set up billing and notifications
  • Set their account plan and turn on/off features
  • Setup integrations with third-party tools

By executing these operations through Airplane, you save your company time and money that would've been spent on building out custom internal tools. Additionally, your company's customer success manager can now own the full onboarding process without intervention from engineers on the more eng-heavy tasks.

A task to import an account's transaction history with a previous provider may look something like the below:

More use cases

In addition to the above, Airplane is also an effective solution for:

  • Account admin and user management: updating a user's email address, making a user an admin, extending a free trial period
  • Scheduled tasks: running daily reports, setting up scheduled syncs of data, importing information at a specific cadence
  • Data / system hygiene: running specific tests though Airplane and notifying of system or operational failures
  • Feature flagging: turning features on and off without manual code changes or configuration updates
  • Broader access to use SQL queries safely: limiting the number of devs who have access to prod DBs and instead granting analysts, customer success managers, and other engineers access to specific common SQL queries via Airplane

Demo

Here's a 3-min walk-through of the entire task creation process for issuing a Stripe refund:

Airplane can help save your fintech company time and money by eliminating the investment on manual and repetitive operations, spinning up internal tools that are time-consuming to get right, and worrying about permissions, auth, and approval flows around sensitive operations.

If you liked anything you read or think Airplane would be a good fit for your business, say hello via chat or email hello@airplane.dev. Signing up takes about 30 seconds and you can check out our docs for more information.

Share this article: Link copied to clipboard!

You might also like...