Savemates is a peer-to-peer savings platform that allows users to create savings clubs with friends and family. Members contribute a set monthly amount, with one member receiving the total pot each month on a rotating basis until all members have received a payout. Savemates aims to make saving social and gamify the process. The business plan outlines Savemates' products, vision to make money a positive force for consumers, marketing strategy focused on word-of-mouth, and financial projections forecasting profitability within three years as the number of savings clubs grows exponentially through viral adoption.
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Savemates.com business plan
1. S
A V
E M A
T
E
S
Build savings, make money.
With help from your mates.
SAVEMATES.COM BUSINESS PLAN, VERSION 1.0
PAGE 1
CONFIDENTIAL
2. CONTENTS
•
Overview
•
Market definition
•
Company Structure
•
Background to savings clubs
•
Governance - important processes
•
Demo
•
User Experience Flow
•
Our product - Savemates clubs
•
User Experience - Handling Defaults
•
The business vision - Positive personal finance
•
Anti-Money Laundering and Fraud Prevention Strategies
•
Marketing plan
•
Security and Technology Platform Overview
•
Competitors
•
Technical Architecture Overview
•
Team
•
Pay-in Process / Payment Flow
•
Financial projections
•
Pay-out Process / Payment Flow
SAVEMATES.COM BUSINESS PLAN, VERSION 1.0
Appendix:
PAGE 2
CONFIDENTIAL
3. OVERVIEW
WHAT IS SAVEMATES?
•
Savemates is a peer to peer savings and loan service.
HOW DOES IT WORK?
•
Users pay in a pre-agreed monthly amount to
We enable groups of trusted friends to create and
manage ongoing monthly savings clubs that ensure
•
in at the start of the month, one member of the
saving through shared social commitment.
•
their Savemates club. Once everyone has paid
club gets the total balance paid out to them. This
is repeated until everyone has had a payout.
We think of it as ‘weightwatchers for savings’
We aim to build Savemates into a large, defendable
consumer finance brand - the consumer champion at
the heart of the P2P finance revolution.
SAVEMATES.COM BUSINESS PLAN, VERSION 1.0
•
Payouts can be transferred to your bank
account, or used to take advantage of one of our
P2P Savings deals, typically earning 5%
interest.
PAGE 3
CONFIDENTIAL
4. CONSUMER FINANCE LANDSCAPE
The consumer finance market in the UK is
completely broken. Relationship between
the big banks and their customers is
89% £8.9BN
Customers are routinely mis-sold overly
complex products that get them into further
financial trouble - while bosses and bankers
get ever bigger bonuses and public bailouts.
TOTAL PPI MIS-SELLING COMPENSATION PAYOUTS TO
BANKERS TO ACT IN THEIR INTEREST
JANUARY 2013 (FURTHER £4BN EARMARKED SO FAR)
Source - Which? consumer survey 2012
characterized by mistrust and hatred.
OF CUSTOMERS DON’T TRUST
Source - FSA
HSBC £2.8BN
MOST VALUABLE BANKING BRAND
TOTAL FINES PAID BY HSBC IN 2012 FOR MIS-SELLING,
Source - WPP Brandz survey 2012
MONEY LAUNDERING AND TERRORIST FINANCING
Source - BBC
SAVEMATES.COM BUSINESS PLAN, VERSION 1.0
PAGE 4
CONFIDENTIAL
5. CONSUMER FINANCE LANDSCAPE
To combat fear and uncertainty saving is on the rise . . . and P2P lending firms are growing off the back of it
8.09% 5%
AVERAGE MONTHLY INCOME SAVED Q4
2012 GROWTH IN UK DEPOSITS
2102 (HIGHEST ON RECORD)
900
600
300
0
2006
2007
2008
2009
2010
2011
2012
Source - Mintel
TOTAL P2P LOANS FROM U.S STARTUPS ‘LENDING CLUB’ AND ‘PROSPER’
Source - NS&I 2013 survey
Source - Techcrunch
£80Bn £111 £12.3Bn 5%
TOTAL HOUSEHOLD SAVINGS 2012
AVERAGE MONTHLY SAVINGS AMOUNT
PREDICTED SIZE OF BUSINESS P2P LENDING MARKET
TYPICAL RETURN FOR ZOPA LENDERS
Source - NS&I 2013 survey
Source - NS&I 2013 SURVEY
Source - NESTA report, 2013
Source - Zopa
SAVEMATES.COM BUSINESS PLAN, VERSION 1.0
PAGE 5
CONFIDENTIAL
6. BACKGROUND TO SAVINGS CLUBS
•
Savemates is based on an existing concept called a Rotating Savings
LOCAL NAMES FOR ROSCAS
and Credit Association (ROSCA).
•
“Tontine, Tibissiligbi, Pari,
Song-taaba, Chilemba,
Stockfair, Kutu, Kootu,
Kongsi, Tontine, Hui, Main,
Kut Kutunderrera, Throw a
box, Boxi money, Syndicate,
Tanda, Chit Funds, Cheetu,
Khatta, Sanduk, Sandook
Box, Savemates”
ROSCAs are used all over the world, generally by poorer communities
to build savings and financial independence. They have a huge variety
of names - See box
•
Indeed, ROSCAs are generally the first step that money based societies
take towards to banking. After ROSCAs comes Credit Unions
(essentially ROSCAs with asymmetric payouts and interest on loans)
SAVEMATES.COM BUSINESS PLAN, VERSION 1.0
PAGE 6
CONFIDENTIAL
7. SAVEMATES
Build savings, make money.
With help from your mates.
ELEVATOR PITCH:
“Weightwatchers for saving”
SAVEMATES.COM BUSINESS PLAN, VERSION 1.0
PAGE 7
CONFIDENTIAL
9. WHY USE SAVEMATES TO SAVE?
1
2
3
SAVING IS HARD.
SAVING IS BORING.
SAVING IS POOR VALUE.
SAVEMATES IS EASY.
SAVEMATES IS FUN.
SAVEMATES MAKES YOU MONEY.
The temptation is always to skip a
Compared to spending, saving is
Current UK short term savings
payment or use debt to bridge
dull as ditchwater.
accounts will earn you around 1%
income gaps.
Savemates helps overcome this by
interest - and that’s if you managed to
actually save something.
Savemates helps overcome this
providing fun and engaging social
through a shared commitment,
savings models including vote,
Our Savemates P2P savings deals can
and everything is automagic.
shuffle and bid.
earn you 5%+ on your pay-out.
SAVEMATES.COM BUSINESS PLAN, VERSION 1.0
PAGE 9
CONFIDENTIAL
10. THE SAVEMATES PRODUCTS
1
2
?
?
3
4
?
?
‘TURN’.
‘VOTE’.
‘SHUFFLE’.
‘BID’.
GREAT FOR FAMILIES
GREAT FOR COMMUNITY GROUPS
GREAT FOR WORK COLLEAGUES
GREAT FOR SMALL BUSINESSES
The simplest Savemates
A fun voting mechanic lets
Payout order is random,
A more complex product.
group. Payouts are
members pitch each other
creating a fun shared event
Members bid (high or low)
ordered by the group
why they should get the
on pay day - but eventually
in a monthly auction to
creator.
payout this month
everyone wins.
determine payout order.
Fee: 1% on payouts
Fee: 1% on payouts
Fee: 1% on payouts
Fee: 20% on rollover
SAVEMATES.COM BUSINESS PLAN, VERSION 1.0
PAGE 10
CONFIDENTIAL
11. THE VISION: POSITIVE PERSONAL FINANCE
At the heart of the Savemates business lies a simple but powerful
OUR BRAND
mission - to make money a positive force in our customers lives.
•
•
We will build the next great internet personal
finance brand.
•
Savemates customers save together with people they trust and love
who help them reach their goals
•
Savemates will be the consumer brand of choice at
the heart of the P2P finance revolution, putting
individuals and the people they love in control of
•
their financial lives.
By building their savings can take control of their financial lives, and
reduce their reliance on debt.
•
Again, ‘weightwatchers for savings’ is a valuable
touchpoint - most the weight loss industry is
•
If they choose to make money from their savings through our P2P
savings offers they’re then lending to real people and small
characterized as dodgy and suspect claims. In
contrast weightwatchers is a true community, with
a proven weight loss method - and its fun!
businesses,
SAVEMATES.COM BUSINESS PLAN, VERSION 1.0
PAGE 11
CONFIDENTIAL
12. MARKETING PLAN
Primary segments
•
Families
they have created.
•
Savemates marketing will mainly be done by our primary
users asking their friends and families to join the groups
•
•
Colleagues
We will therefore focus our direct marketing efforts on
influencing these primary users, who we believe to be
influencers themselves.
•
We will also develop the Savemates brand as the voice of
the consumer in the P2P finance landscape - offering
content and support for savers and people looking to get
back in control of their money.
SAVEMATES.COM BUSINESS PLAN, VERSION 1.0
Secondary segments
•
Existing cash ROSCA operators
•
Community groups
Channels
•
Direct PR
•
Content marketing via Savemates brand
•
Digital advertising - Google Adwords and Facebook
•
Partner marketing - working with trusted partners
PAGE 12
CONFIDENTIAL
13. COMPETITOR ANALYSIS
Option: Save into a standard saving account
Option: Unsecured personal loan
Option: Join an existing ROSCAs
Players
Big Finance - HSBC, Lloyds, HBOS, Barclays etc
Big Finance - HSBC, Lloyds, HBOS, Barclays etc
Direct lenders Credit card co’s - First Capital, Virgin, Barclaycard
etc
Various - community level initiatives
Strengths
Trusted brands (debatable!)
Convenient for existing customers
Brand (debatable!)
Ease of access
Get your money tomorrow
Already established
Weaknesses
No motivation to ensure saving
Complex product portfolios
Very poor interest rates
General consumer hatred
High interest rates
Complex product portfolios
General consumer hatred
Organisational and business models not
equipped for scale
Cash systems unattractive to busy people
Our advantage
Get money quicker (for most users)
Results - you will save + its fun
Better rates if P2P saving offer taken up
Non-Toxic Brand
Low interest rates - essentially free
Non-Toxic Brand
Scale
Brand
Technology / Security
SAVEMATES.COM BUSINESS PLAN, VERSION 1.0
PAGE 13
CONFIDENTIAL
14. TEAM
DANIEL MC ALEESE
Daniel is Savemates Skilled Person and Compliance Advisor. He
supports Nick with Savemate’s Compliance monitoring and AML
and Fraud prevention activity. Daniel is an ex-regulator, and now
NICK MARSH
STEF LEWANDOWSKI
PAUL BIRCH
Nick is a Director of Savemates
Stef is a Director of Savemates
Paul is a Director of
Ltd. and our CEO and CCO.
Ltd. and our CTO.
Savemates Ltd. and our angel
supports several financial services companies with compliance
investor.
issues through his company Robinson Mack Ltd.
MARTIN CAMPBELL
Martin is Savemates marketing advisor. Previously he was head
Nick is an experienced digital
Stef is an experienced software
product designer and
engineer and technical
Paul is an active angel investor
of media at Zopa Ltd. Before that he designed financial products
entrepreneur.
architect.
based in London and sits on
for Virgin Direct and Aviva.
He was previously Managing
He was previously co-founder
Director of Sidekick Studios, a
and CTO of Aframe.com, a VC
London based innovation agency,
the boards of several high
growth technology businesses.
SIMON DEANE-JOHNS
backed professional video
He was previously co-founder
Simon is Savemates general counsel. Previously he was chief
and has designed products and
startup. Prior to this he founded
of Bebo.com which sold to
legal advisor to Zopa Ltd and now advises several UK based
services for Aviva and Barclays.
and ran a digital agency.
AOL in 2008 for $850M.
financial services startups including Savemates.
SAVEMATES.COM BUSINESS PLAN, VERSION 1.0
PAGE 14
CONFIDENTIAL
15. HOW WE MAKE MONEY
•
There are four revenue streams in the Savemates business.
ASSUMPTIONS USED TO BUILD OUR
PROJECTIONS
•
•
Fees. We charge 1% on all payouts for our simple products.
Partner fees. We earn commission for referring customers to savings
•
Average group saves £1000 per month
•
20% monthly growth rate in group numbers
(softening after first year)
products and other deals when they collect their payout.
•
•
Data sales. We have unique data about our customers, including who
they trust to advise them about money, when they have money to spend
etc.
SAVEMATES.COM BUSINESS PLAN, VERSION 1.0
5% of payouts convert to partner product,
earning 10% commission.
•
Data sales income not included
PAGE 15
CONFIDENTIAL
16. PROJECTIONS
Year 1
Year 2
Year 3
Year 4
Year 5
Total groups
1392
15,524
74,884
188,600
352,616
Total balance
£1.39M
£15.52M
£74.88M*
£188.6M
£352.6M
Income(1)
£80, 271
£1,270,166
£8,064,677
£25,338,859
£51,688,819
Fixed costs(2)
£148,625
£80,221
£509,348
£1,600,349
£3,264,557
Gross Profit
-£68,354
£1,189,945
£7,555,329
£23,738,510
£48,424,262
Overheads(3)
£211,000
£480,000
£1,500,000
£2,880,000
£3,240,000
Net profit
-£279,354
£709,945
£6,055,329
£20,858,510
£45,184,262
Assumptions: Referral income generated from Y1,Q3. Transaction fee reduced to 0.1% Y1,Q4. International expansion end of Y3. * = 1% UK market
(1) Commission fee @1%, Referral fees @ 10% on 5% of payouts / (2) Transaction fees @ 2,9% for first 6M, then 0.1% / (3) Salaries, marketing, development
SAVEMATES.COM BUSINESS PLAN, VERSION 1.0
PAGE 16
CONFIDENTIAL
17. APPENDIX
1. Company Structure
2. Governance - Important processes
3. User Experience Flow
4. User Experience - Handling Defaults
5. Anti-Money Laundering and Fraud Prevention Strategies
6. Risk management and Compliance
7. Security and Technology System Overview
8. Technical Architecture Overview
9. Pay-in Process / Payment Flow
10.Pay-out Process / Payment Flow
SAVEMATES.COM BUSINESS PLAN, VERSION 1.0
PAGE 17
CONFIDENTIAL
18. COMPANY STRUCTURE
Board of Directors
Nicholas Marsh, Stef Lewandowski, Paul Birch
Chief
Executive
Officer
Nicholas Marsh
Chief
Technology
Officer
Stef Lewandowski
Marketers
Developers
SAVEMATES.COM BUSINESS PLAN, VERSION 1.0
Chief
Compliance
Officer
Nicholas Marsh
Advisory Committee
Martin Campbell, Simon DeaneJohns
Skilled Person /
Compliance
Advisor
Daniel Mc Aleese
PAGE 18
CONFIDENTIAL
19. GOVERNANCE - IMPORTANT PROCESSES
Software development processes.
Hiring and HR processes.
Compliance processes.
Savemates is a digital business, and our customers access our
Our entire engineering team is based in the UK. We
Alongside our software development processes, which
service exclusively through our website. That’s why we take
request personal information from all our permanent
involve our CCO, we also have the following compliance
DOCUMENTS
our software development processes very seriously.
staff and contractors and conduct background checks
processes in place:
For more details on our internal
We use a mixture of best practice Agile and Scrum project
and request references before they join our team.
•
Daily payments reconciliation and review
processes and governance model please
•
A monthly compliance meeting with all senior
refer to the following documents:
management methods. The team has daily standup meetings
to raise issues, and every two weeks we review progress as a
We have clear disciplinary procedures in pace in the
whole group (‘sprint review) and decide on which features to
event of misconduct which are outlined in our HR
develop next (sprint planning).
manual, which is required reading for all Savemates
We version our software using Git, so all commits are fully
developers and employees.
auditable and connected to individual developers GitHub
OTHER
marketing and engineering staff and our skilled person
•
Savemates HR manual
All permanent staff are given Anti-Money-Laundering
•
Savemates Compliance Manual
training
•
•
•
Savemates software
Any changes to the transaction manager authorized by
development internal wiki
CCO and CTO.
accounts. No developers have access to production data, and
Much more additional information can be found in our
all changes to the transaction manager must be personally
Compliance Manual, which is required reading for all
authorized by the CTO and CCO.
Savemates developers and employees.
More information:
http://en.wikipedia.org/wiki/Agile_software_development
http://en.wikipedia.org/wiki/Scrum_(development)
http://en.wikipedia.org/wiki/Git_(software)
SAVEMATES.COM BUSINESS PLAN, VERSION 1.0
PAGE 19
CONFIDENTIAL
20. USER EXPERIENCE - OVERVIEW
Joining as a first user and creating a group
Joining as an invited user
Paying-in
•
•
•
First time users join Savemates by clicking the ‘create
•
They are then prompted to enter account information
(name, email, profile photo, password) which creates a
user account and allows them to create a group.
•
•
Application asks the Transaction Manager Application to
Please see the following slides
On the page they can then see the amounts
debit the cards of all group members with the correct
for more detail, or review the
and who else has been invited
•
MORE DETAIL
group page
group’ button on savemates.com.
When the pay-in date is reached the Group Manager
amounts
Invited users get an email with a link to the
They click join, and then add their debit card
•
This is then passed on to our payment gateway Stripe, who
details for the pay-in, their bank account
process the transaction and deposit the funds into our
shuffle)
•
They then choose the type of group (turn based or
details for the pay-out and their address.
client money account
They then specify the pay-in amount for the group
•
At this point the Savemates risk
and the number of members
•
management application checks their details,
They then add the people they want to join the group
and if they have a low risk score they join the
by providing a name, email and profile photo
•
•
group
23)
Visual description of UX page 22
•
How we handle defaults page 23 / 24‘
•
Our AML process - page
24
They then customize the invite for the people they
Activating a group
Paying out
Finally, to create the group and send their invite they
•
•
When enough approved users have joined
•
the group the first user receives an email
pay-out gets an email notification with a link to the pay-out
account details for the pay-out and their address.
asking them to activate the group
page
At this point the Savemates risk management
•
On the page they can click ‘activate’
•
•
This then sends emails to all group members
•
•
Technical process for payout - page 32/33
On the page they click a button that says ‘get pay-out’
application checks their details, and if they have a low
Technical process for payin - page 30/31
When the pay-out date is reached the user receiving the
add their debit card details for the pay-in, their bank
•
•
If it is unsuccessful our default process begins (see page
want to join the group
•
savemates.com
If the transaction is successful the user gets an email
notification.
•
process yourself at
We will then manually transfer the funds from our client
risk score their group is created and invitations sent
SAVEMATES.COM BUSINESS PLAN, VERSION 1.0
and begins the first pay-in process.
money account to their bank account within 24 hours
PAGE 20
CONFIDENTIAL
21. USER EXPERIENCE - FLOW
Create group and join
Group
Admin
Create
account name, email,
address, debit
card, bank
details
Create
group
Standard
User
System
Activate
Invite
friends
Get invite
AML / Fraud
check
Pay-in
Activate
group
Create
account name, email,
address, debit
card, bank
details
AML / Fraud
check
Email
Notification
Email
Notification
Email
Notification
Pay-out
Pay-in via
Debit card or
Direct Debit
Email
Notification
Visit page to
get payout
ID request
(in some
cases)
Get pay-out
Pay-out via
bank
transfer or
Direct Debit
Internal check - Risk Score
External check - Credit check, Sanctions list
SAVEMATES.COM BUSINESS PLAN, VERSION 1.0
PAGE 21
CONFIDENTIAL
22. USER EXPERIENCE - HANDLING DEFAULTS
We expect the default rate to be very low for several reasons:
•
Trust between group members. Customers cannot join groups with people they don’t
know, and equally they cannot invite members they don’t know. This means that all group
DEFAULT MESSAGING / OPTIONS
Once a user has been ejected from a group and their account blacklisted Savemates
simply reduces the number of members in the group by one, and the pay-out amount
members should know what they are getting into, and our messaging will be very clear that
they should not join groups they cannot afford.
•
goes down by the value of one users pay-in. At this point we send each member of
the group an email with a message outlining their options.
Social pressure. The whole Savemates concept relies on social pressure from people you
•
not had a payout. We send a message that explains how much their pay-out
know and love to ensure that saving is prioritised!
•
Forgiveness. However, because group members know each other, if there is a legitimate
amount will be reduced by.
•
to the defaulting user if they so wish.
•
will be reduced by, and how much they should request from the defaulting user if
72 hours. If this second attempt fails we will notify the group of the late payment. After 72
send the remaining group members a message with their options (see box).
If the defaulting user has had a payout and the user we are emailing has not
had a payout. We send a message that explains how much their pay-out amount
When a user does default we will first notify the user, and try and re-debit the account after
hours we will try and debit again. If this fails, we will eject the user, blacklist their account and
If the defaulting user has had not a payout and the user we are emailing has
had a payout. We send a message that explains how much they should pay back
reason for the default (say, loosing a job) the group members will forgive the default, as
they understand the personal circumstances.
If the defaulting user has not had a payout and the user we are emailing has
they so wish.
•
If the defaulting user has had a payout and the user we are emailing has
had a payout. We send a message that explains how much everyone elses payout amount will be reduced by.
SAVEMATES.COM BUSINESS PLAN, VERSION 1.0
PAGE 22
CONFIDENTIAL
23. USER EXPERIENCE FLOW - DEFAULTS
72 hours
User
contacted
via email
User
System
72 hours
Debit
attempted
Debit fails
SAVEMATES.COM BUSINESS PLAN, VERSION 1.0
Group
contacted
via email
Debit
attempted
Debit fails
Individual members
sent email with
options
Debit
attempted
Debit fails
User
removed
from group
and
blacklisted
Group payout reduced
PAGE 23
CONFIDENTIAL
24. ANTI-MONEY LAUNDERING AND FRAUD
PREVENTION STRATEGIES
To prevent Savemates being used for fraudulent activity we have the following controls in place:
•
Automatic checking of all accounts against HM Treasury sanctions list
•
Separate Risk Management Application reviews each new user and new group and monitors activity for non-standard behavior using a proprietary algorithm which assigns a
risk score to each user and group. Example factors we monitor include users joining multiple groups with the same debit card, new groups with high pay-in and pay-out
amounts, groups with suspicious social profile data, etc. This algorithm is continually refined, and actively developed by our engineers and CCO.
•
In the event of an edge case being detected by the Risk Management Application we request a scan of UK passport which is reviewed manually before before we payout
•
Pay-in limited to £250 per month per user per group
•
Groups limited to 10 members, thus limiting monthly payout to £2500 maximum
•
Average 30 days delay from pay-in to pay-out (funds held in Client Monies Account)
•
Users cannot sign up without a UK debit card and its registered UK address
•
Users can only receive pay-outs into UK bank accounts
•
We keep complete, encrypted records of every user interaction and transaction with the system
•
Our CCO works closely with our CTO to actively update our AML and fraud prevention strategies
SAVEMATES.COM BUSINESS PLAN, VERSION 1.0
PAGE 24
CONFIDENTIAL
25. RISK MANAGEMENT AND COMPLIANCE
Risk: Loss/change of clearing bank
•
Response: Our service oriented architecture makes it easy for us to
Risk: Credit Risk
•
change providers
Risk: Loss of top clients
•
Response: While Savemates may lose some important clients at any
Response:There is no credit risk as no credit or financing will be offered
•
by Savemates. All clients will need to have cleared funds on deposit.
Response: The business can operate from any location providing there
is secure internet access and access to printing facilities. Savemates has
Risk: Liquidity risk
produced a disaster recovery plan.
Response: With minimum overheads, the firm will have little liquidity
Risk: Compliance Risk
risk should revenues decrease substantially
•
time, it is Savemates strategy to gather a large number of clients so that
•
its revenue generation is evenly spread out, whereby it will not be
Risk: Operational Risk
materially reliant on a small number of clients for the majority of its
•
Response: Savemates will ensure full compliance with the rules and
regulations of the appropriate regulatory authorities. Savemates has
Risk: Managing Client Risk
Response: As all services are provided online and bank accounts are
retained the services of Robinson Mack Ltd; regulatory consultants, to
held separately, there is minimum operational risk save for I.T problems
income and thus being adversely affected should it lose some clients.
advise on all regulatory issues and provide training on an ongoing basis.
(see disaster recovery plan)
Response: As we will not be giving clients any investment advice, the
Risk: Key Person Risk
clients will need to effectively manage their own risk.
•
Risk: Systems Risk/Disaster Recovery Plan
•
Risk: Conflict of Interest
•
Response: Savemates does not envisage any potential conflicts with its
Response: As Savemates will be providing online services only, clients
clients. Employees of Savemates may open a Savemates account but no
can continue to trade should anything happen to key individuals at
conflict arise that may disadvantage other clients in any way.
Response: There is no transactional counter-party risk as Savemates is
Savemates. Savemates will endeavour to replace any key staff as quickly
Notwithstanding the above, Savemates has an independence policy of
just providing the online faclity.
as possible.
disclosing any material conflicts of interest to clients and any other third
Risk: Counter-Party Risk
•
party.
SAVEMATES.COM BUSINESS PLAN, VERSION 1.0
PAGE 25
CONFIDENTIAL
26. SECURITY AND TECHNOLOGY SYSTEM
OVERVIEW - 3RD PARTY SERVICES
Heroku.com
Amazon Web Services
Stripe.com
Savemates applications are hosted on the Heroku web
Heroku is built on Amazon Web Services (AWS) EU
Savemates uses Stripe.com to process debit card
platform. Heroku is a cloud application platform owned by
based infrastructure.
transactions.
FURTHER READING
For more information on AWS security
please visit:
salesforce.com
https://aws.amazon.com/security
AWS data centre operations have been accredited
Stripe uses a form of tokenized encryption and embedded
The Heroku platform inherently protects customers from
under:
forms that means Savemates never stores or handles
threats by applying security controls at every layer from
•
ISO 27001
actual debit card data. Stripe is a certified PCI Level 1
For more information on Heroku
physical to application, isolating customer applications and
•
SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously
service provider with US and UK operations.
security please visit:
data, and with its ability to rapidly deploy security updates
without customer interaction or service interruption.
SAS 70 Type II)
•
PCI Level 1
•
ISMA Moderate
https://policy.heroku.com/security
For more information on Stripe security
please visit:
https://stripe.com/help/security
DISASTER RECOVERY PROCEDURE
We use the above web-scale services for a reason. The Platform as a Service architectures used by AWS and Heroku means that we cannot experience an unrecoverable
disaster, with the exception of a simultaneous total physical attack on both availability zones of AWS EU data centers, which are in two different locations within Europe. With
that exception excluded, we will always have complete records in our databases of every transaction and group stored on the AWS / Heroku infrastructure, and we keep a full
version history of every commit/ change to the application on Github.com (a $100M backed version control system) which also runs on AWS infrastructure.
SAVEMATES.COM BUSINESS PLAN, VERSION 1.0
PAGE 26
CONFIDENTIAL
27. SECURITY AND TECHNOLOGY
SYSTEM OVERVIEW
The Savemates system architecture pattern conforms to industry best practice of Service Oriented Architecture and clear
separation of concerns and data. See the following slide for a technical architecture diagram.
Our system has the following characteristics:
•
We conform to PCI design principles
•
We use only a small number of well managed 3rd party services (see previous slide)
•
We conduct regular penetration testing of our application by third party services
•
We operate a need to know information policy, with only our CTO and CCO having access to production data via SSH keys
provided by Heroku and admin interfaces via secure passwords and white listed IPs
•
All data is securely transmitted over SSL
•
All data in transaction manager database encrypted with AES 256Bit encryption
•
We keep full, encrypted records of every transaction, including full transaction history, and logs of all actions during admin user
session against admin accounts for five years.
•
We only use simulation data on staging and development services and there is no developer access to production database
SAVEMATES.COM BUSINESS PLAN, VERSION 1.0
PAGE 27
CONFIDENTIAL
28. TECHNICAL ARCHITECTURE OVERVIEW
Version 1 - First
Risk
App
6-12 months
Admin
App
Manual
Savemates
online
banking
User bank
account
Token auth.
Token
SSL
£
over SSL
auth.
Sales
website
Group Manager
Application
over SSL
Transaction Manager
Application
Pay-out
Savemates
Client Monies
Account
Token
auth. over
SSL
•
SSL
schedules
•
•
SSL
Basic user info/ID,
•
Pay-out bank account details
Audit-able transaction history of
all pay-ins and pay-outs
group membership
£
Stripe Tokens
•
Groups and payment
Stripe
Pay-in
User debit
card
Encrypted
SAVEMATES.COM BUSINESS PLAN, VERSION 1.0
PAGE 28
CONFIDENTIAL
29. TECHNICAL ARCHITECTURE OVERVIEW
Version 2 - 6 months +
Risk
App
(requires bank API access)
Token
Savemates
Client Monies
Account
SSL
auth.
Sales
website
Group Manager
Application
•
SSL
Transaction Manager
Application
•
SSL
Basic user info/ID,
Stripe Tokens
•
Pay-out bank account details
•
Groups and payment
schedules
•
over SSL
Audit-able transaction history of
Unknown?
Bank API /
Direct Debits
£
User bank
account
all pay-ins and pay-outs
group membership
Encrypted
SAVEMATES.COM BUSINESS PLAN, VERSION 1.0
PAGE 29
CONFIDENTIAL
30. PAY IN PROCESS / PAYMENT FLOW
Version 1 - First 6-12 months
Token
auth.
auth. over
over SSL
Group Manager
Application
Token
SSL
Savemates
user IDs +
amounts
Transaction Manager
Application
Stripe user
tokens
+ amounts
Transaction
status
SAVEMATES.COM BUSINESS PLAN, VERSION 1.0
Transaction
status
User debit
card
Stripe
Debit
£
card
charge
Savemates
Client Monies
Account
PAGE 30
CONFIDENTIAL
31. PAY IN PROCESS / PAYMENT FLOW
Version 2 - 6 months + (requires bank API access)
Token
Unknown
auth.
over SSL
Group Manager
Application
Savemates
user IDs +
amounts
Transaction Manager
Application
Direct Debit
Charge
Transaction
Transaction
status
SAVEMATES.COM BUSINESS PLAN, VERSION 1.0
User bank
account
auth?
status
Bank
API
£
Charge
Savemates
Client Monies
Account
PAGE 31
CONFIDENTIAL
32. PAY OUT PROCESS / PAYMENT FLOW
Version 1 - First 6-12 months
User bank
account
Token
Manual process
auth.
auth.
over SLL / bank
over SSL
Group Manager
Application
Token
over SSL
website
Savemates
user IDs +
amounts
Transaction Manager
Application
Account number,
sort code +
amount
Transaction
SAVEMATES.COM BUSINESS PLAN, VERSION 1.0
Online banking for
Savemates Client
Monies Account
Barclays data
status
Admin
App
£
services
PAGE 32
CONFIDENTIAL
33. PAY OUT PROCESS / PAYMENT FLOW
Version 2 - 6 months + (requires bank API access)
Token
Unknown
auth.
Group Manager
Application
user IDs +
amounts
Transaction Manager
Application
Direct Debit
Charge
Transaction
Bank
API
Charge
Savemates
Client Monies
Account
Transaction
status
SAVEMATES.COM BUSINESS PLAN, VERSION 1.0
£
auth?
over SSL
Savemates
User bank
account
Status
PAGE 33
CONFIDENTIAL