Multi-Factor Authentication-as-a-Service (AaaS) Transaction Broker

Devising an exquisite ID verification app with zero points of exposure
Customer location
  • Sweden Sweden
Project Duration
  • 6 months

Client and Business Goals

The client is a Sweden-headquartered business delivering white-label digital security tools internationally to finance, banking, and lending companies, electronic ID providers, mobile carriers, payment and IoT networking enterprises.

The client was looking to design a next-gen security logic as an all-in-one alternative to compromisable SMS codes, one-time passwords, hardware tokens, and authenticator apps. The solution was supposed to be supersonic, intuitive, and bulletproof in the face of identity fraud and data phishing, skimming, and hijacking.

In an attempt to handle the project all by themselves, the client’s team created a Java-powered Azure-hosted MVP. Yet, the deliverables’ quality turned out to be far below the shareholders’ expectations. Originally meant for withstanding all sorts of risks, even when connecting unprotected public networks, the rolled out version showed poor response time, security, and scalability. 

This is where the client made up their mind to hand over the project to an expert engineering team. Having delivered tens of security layers for the risk-sensitive legal and insurance sectors, Symfa came in to put the development on the right rails.


The major client’s concern was to ensure a low response time for the distantly located European and Asian customers. Due to the risk of high ping between the detached client-server, establishing a unified data center was out of the question.  

Another difficulty to master was enabling advanced reliability and scalability for the service to swiftly process and store mission-critical data while tackling explosive user growth. The Symfa team came up with a “two birds, one stone” solution, which was Azure Service Fabric. 

Picked for the ability to finesse packaging of undefeatable and flexible microservice architectures, the distributed platform helped smoothly scale the solution’s modules. Through the Resource Groups, we’ve automated the infrastructure deployment within the Microsoft data centers around the globe. 

To totally shut down the potential reliability issues, we’ve implemented two disparate Service Buses, while protecting all the connection strings via the Azure Key Vault.


The team helped revamp the flawed prototype into a power-added transaction broker easily integrating with individual customer mobile devices or enterprise servers to authorize transactions. Through their personal accounts, users can securely approve or block transactions without compromising any data whatsoever. 

The service is tailored to comply with the stringent digital safety standards for heavily regulated domains. With no need to install any costly hardware, customers are free to add more features and customize the workflows to their business needs.

The major system modules

  • Service Fabric clusters
    A couple of modules each comprising two apps, with one cluster nesting a dedicated IdentityServer4 application
  • .Net Core MVC app
    Serves as an administration panel, stores data on an MS SQL base
  • .Net Core MVC sites
    A couple of demo pages
  • SignalR hub test clients
    A WinForms app and a JavaScript client launched from the .Net Core MVC app
  • iOS & Android mobile apps
    Intended to authenticate devices through the server and get an access and communication token


  • Private API-enabled JSON Web Token authentication
  • SignalR-powered transaction arrival notifications
  • CallBack Service-based client-server communication
  • Virtual Machines-powered load balancing
  • Traffic & resource management
  • SendGrid-based emailing
  • Service Bus-backed push notification
  • Access token issuance & validation through ID Server
  • Gateways-enabled SSL request encryption
  • Azure Blob Storage for imaging footage 
  • Azure Redis-enabled data hashing 
  • QR codes generation

Tech highlights

  • Multi-layer asymmetric encryption
  • Passwordless multi-factor authentication
  • Proof of authority
  • Out-of-band separation
  • Integration with ChargeBee & Twilio


  • .NET
  • Microsoft Azure
  • Twillo


Symfa wrapped up the case by removing all the progress bottlenecks the client asked to deal with. With purpose-driven R&D-based upgrades, the service security rocks.

The due diligence demonstrated the solution’s extensive market potential and a well-calculated competitive benchmarking edge. Happy with the result, the client started ideating on new commercial opportunities and engaged the team into yet another development stage.

Latest projects


Contact us

Our team will get back to you promptly to discuss the next steps