From vision to reality: BinX partners with AWS and TC2 to create a secure, scalable Neobank

BinX is the first Hungarian-owned neobank launched in June 2024, backed by domestic private capital. It operates entirely on a digital platform, with no physical branches and all services are provided online or through mobile apps, similar to Revolut or Wise.  

However, due to its unique model, customers’ accounts are managed by the Hungarian National Bank itself, guaranteeing full collateral security at all times. Targeted at small and medium-sized enterprises in Hungary, it has a close relationship with the largest Hungarian online invoicing service, számlázz.hu, with more than 700,000 customers, who can access additional services within BinX.  

“Since BinX was founded, it has been a top priority for us to create a stable, reliable and easily scalable system that will be able to serve the rapidly growing ecosystem over the long term, of which BinX itself is a building block.  

In addition to scalability and availability, security and compliance are key challenges for the financial sector. That’s why it was important for us to work with a partner that is fully compliant with various industry standards and regulations, including the European Banking Authority (EBA) guidelines.  

In the life of a startup, scalability is important not only to serve rapidly growing or even “exploding” business usage needs, but also to ensure that the start-up costs associated with these needs are based on usage.   

AWS has a broad portfolio of managed services, including artificial intelligence, database management, security services, automation systems, which greatly support rapid time to market and its sustainable, cost-optimized management.  

It is not often that a start-up company can create a potentially high-impact financial system as a greenfield investment with almost guaranteed success.   

When it does happen, it is both a major challenge and a huge opportunity, with all its advantages and disadvantages.  

With these considerations in mind, the decision was made that the only possible but perfect choice for BinX was AWS cloud services.  

The year 2020 will be remembered not only for the founding of BinX, but also for the first outbreak of Covid. In this situation, demand for cloud architects exploded abroad, and it became almost impossible to quickly build an affordable, professional team of your own. So we reached out to our AWS contact, who referred us to their local partner, TC2.   

From the first contact on the phone, the collaboration was perfect. We were able to find a dynamic, growing team with solid experience who understood our challenges and needs from the very first moment. With these in mind, they are able to deliver a solution that not only meets, but exceeds the stringent industry requirements. Part of TC2’s strength is the collaborative thinking they bring to the depth of the problems, and part of it is the professional project management and design practice they deliver from the first steps of the solution journey, from High Level Design and Low Level Design to the live system.” added Tamás Hadnagy, Operations Director of BinX Zrt.  

Project preparation  

The strict requirements of the Hungarian National Bank also impose heavy demands on domestic financial institutions in the IT field. In 2021, at the start of the project, BinX took these into account and formulated important requirements for the IT architecture to be built, broken down into areas. Some of the most important requirements were: 

Security  

Data protection: Ensure that the personal and financial data of neobank customers are protected. Encryption is required for both data storage and data transmission. 

Access control: Strong access control processes and technical tools are needed to ensure that only authorized persons have access to critical systems and information.  

Threats: Protection against external and internal threats must be provided, with appropriate use and configuration of firewalls, intrusion detection systems (IDS/IPS), and regular security audits must be supported.  

Reliability  

Risk management: incorporate various risk management strategies into system selection and design to minimize the potential for loss of banking services.  

Uptime: Building on this, high availability SLAs (Service Level Agreements) can be defined and delivered to ensure that banking services are almost always available to customers.  

Redundancy: redundant systems, components, services and data centres should be used. Backup solutions are also needed to prevent and quickly recover from failures.  

Performance 

Scalability: The planned Microservice-based architecture should be flexible and scalable to handle a growing customer base and transaction growth.  

Performance Optimization: Ensure that the performance of the complete architecture is optimal, i.e. it can change automatically as scalability is required, to provide customers with fast and efficient service.  

Taking into account the above and all other requirements, BinX had no doubt that it should choose one of the public cloud providers. In the end, they chose AWS for its wide global reach, robust security solutions and innovative services, including its much-needed analytics and predictive capabilities.   

For the joint work, BinX chose TC2, Hungary’s leading AWS partner with the most competencies and the only Migration Competency Partner qualification on the domestic market to date.  

Project and architecture  

BinX and TC2 worked together in several phases. It involved both assessing business needs and gathering technical requirements. The implementation of the planned architecture was carried out in several iterations. On the one hand, taking advantage of the opportunities offered by the cloud to select the most efficient solution for the task based on small Proof of Concept mini projects, and on the other hand, service enhancements that were released in AWS were incorporated during the project.   

During the work, we were continously focusing on the security and compliance requirements, while at the same time we were keeping in mind the ease of operation. The design and development was done in accordance with the recommendations of the AWS Well-Architected Framework. 

From the very beginning, the project has been focusing on automation, cost-efficiency and reliability, so the very first building blocks were Infrastructure-as-Code (IaC) based, which slowly boiled down to a robust GitOps-based operation.  

The first and largest element of the architecture is a Landing Zone, which includes multiple accounts and the organization around them, based on AWS recommendations, a carefully designed distributed network architecture with multiple layers of protection and security services. The careful design and configuration of the network was particularly important, as BinX need to be in constant contact with Giro, Viber and Swift using various VPN solutions. The network not only has AWS but also Fortinet elements, and their integration was seamlessly handled by the Amazon Gateway Load Balancer.   

Other important elements of the architecture are the services running the Microservice-based core banking solution and the services built around it. One such service is the Elastic Kubernetes Service (EKS), which can scale both the pods of each Microservice and the nodes of the cluster depending on the load. Data is stored in Aurora, a high-availability and high-performance relational database service powered by Amazon’s own engine.   

The AWS Managed Streaming for Apache Kafka (MKS) service was selected for asynchronous communication between microservices, increasing the flexibility, scalability and reliability of applications. And for process control and scheduling, AWS Managed Apache Airflow is used for reliability. 

AWS security services, both compliance-enabling and active protection elements have been introduced, such as AWS Config, SecurityHub, GuardDuty and elements of the Forti product family. In addition, a robust monitoring system including log management has been built, in addition to CloudWatch, the core AWS solution, using managed Prometheus, Grafana and OpenSearch services.  

Countless other elements could be listed, from Elasticache to Lambda to AWS’ own Backup service. The end result is that BinX and the TC2 team have worked together over the last few years to create an architecture built on the flexibility and security provided by AWS that ensures modular, scalable and reliable business services, to the utmost satisfaction of customers and therefore BinX.   

What next?  

Life does not stop. The BinX neobank service was officially launched, customers are signing up and the customer base is growing.   

TC2 will continue to stand by BinX, both in providing operational support, continuous optimization and proactive support, and in opening up new areas and introducing new services. 

 “Our partnership has always been based on fairness, openness and honesty, which we have managed to maintain throughout our almost 4 years of cooperation.  

The operation of the established system has been internalised to a significant extent, step by step, over the last few years, but TC2 continues to support us in L2, L3, as well as in the design of new systems and continues to play an active role in the redesign of old ones.   

Thanks to the AWS basics and thorough design, we have managed to put together a system with TC2 that has an extremely high fault tolerance, requires very little manual intervention and is fully compliant with the requirements of the times” – summarized Tamás Hadnagy on the success of the joint project.