Savemates Business Plan

Db1f7d2e17690904435c71e9b581a431?s=47 Nick Marsh
December 12, 2013

Savemates Business Plan

An extensive business plan created for Savemates.com as part of our regulatory submission to the FCA

Db1f7d2e17690904435c71e9b581a431?s=128

Nick Marsh

December 12, 2013
Tweet

Transcript

  1. CONFIDENTIAL SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE S A V

    E M A T E S Build savings, make money. With help from your mates. 1 S A V E M A T E S
  2. CONFIDENTIAL SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE CONTENTS • Overview

    • Market definition • Background to savings clubs • Demo • Our product - Savemates clubs • The business vision - Positive personal finance • Marketing plan • Competitors • Team • Financial projections 2 Appendix: • Company Structure • Governance - important processes • User Experience Flow • User Experience - Handling Defaults • Anti-Money Laundering and Fraud Prevention Strategies • Security and Technology Platform Overview • Technical Architecture Overview • Pay-in Process / Payment Flow • Pay-out Process / Payment Flow
  3. CONFIDENTIAL SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE OVERVIEW • Savemates

    is a peer to peer savings and loan service. We enable groups of trusted friends to create and manage ongoing monthly savings clubs that ensure saving through shared social commitment. • We think of it as ‘weightwatchers for savings’ • We aim to build Savemates into a large, defendable consumer finance brand - the consumer champion at the heart of the P2P finance revolution. 3 • Users pay in a pre-agreed monthly amount to their Savemates club. Once everyone has paid in at the start of the month, one member of the club gets the total balance paid out to them. This is repeated until everyone has had a payout. • Payouts can be transferred to your bank account, or used to take advantage of one of our P2P Savings deals, typically earning 5% interest. WHAT IS SAVEMATES? HOW DOES IT WORK?
  4. CONFIDENTIAL SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE CONSUMER FINANCE LANDSCAPE

    The consumer finance market in the UK is completely broken. Relationship between the big banks and their customers is characterized by mistrust and hatred. Customers are routinely mis-sold overly complex products that get them into further financial trouble - while bosses and bankers get ever bigger bonuses and public bailouts. 4 TOTAL PPI MIS-SELLING COMPENSATION PAYOUTS TO JANUARY 2013 (FURTHER £4BN EARMARKED SO FAR) Source - FSA £8.9BN OF CUSTOMERS DON’T TRUST BANKERS TO ACT IN THEIR INTEREST Source - Which? consumer survey 2012 89% £2.8BN TOTAL FINES PAID BY HSBC IN 2012 FOR MIS-SELLING, MONEY LAUNDERING AND TERRORIST FINANCING Source - BBC HSBC MOST VALUABLE BANKING BRAND Source - WPP Brandz survey 2012
  5. CONFIDENTIAL SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE CONSUMER FINANCE LANDSCAPE

    To combat fear and uncertainty saving is on the rise . . . and P2P lending firms are growing off the back of it 5 AVERAGE MONTHLY INCOME SAVED Q4 2102 (HIGHEST ON RECORD) Source - NS&I 2013 survey 8.09% TOTAL HOUSEHOLD SAVINGS 2012 Source - NS&I 2013 survey £80Bn 2012 GROWTH IN UK DEPOSITS Source - Mintel 5% 0 300 600 900 2006 2007 2008 2009 2010 2011 2012 TOTAL P2P LOANS FROM U.S STARTUPS ‘LENDING CLUB’ AND ‘PROSPER’ Source - Techcrunch £12.3Bn PREDICTED SIZE OF BUSINESS P2P LENDING MARKET Source - NESTA report, 2013 AVERAGE MONTHLY SAVINGS AMOUNT Source - NS&I 2013 SURVEY £111 TYPICAL RETURN FOR ZOPA LENDERS Source - Zopa 5%
  6. CONFIDENTIAL SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE LOCAL NAMES FOR

    ROSCAS BACKGROUND TO SAVINGS CLUBS • Savemates is based on an existing concept called a Rotating Savings and Credit Association (ROSCA). • ROSCAs are used all over the world, generally by poorer communities to build savings and financial independence. They have a huge variety of names - See box • Indeed, ROSCAs are generally the first step that money based societies take towards to banking. After ROSCAs comes Credit Unions (essentially ROSCAs with asymmetric payouts and interest on loans) 6 “Tontine, Tibissiligbi, Pari, Song-taaba, Chilemba, Stockfair, Kutu, Kootu, Kongsi, Tontine, Hui, Main, Kut Kutunderrera, Throw a box, Boxi money, Syndicate, Tanda, Chit Funds, Cheetu, Khatta, Sanduk, Sandook Box, Savemates”
  7. CONFIDENTIAL SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE SAVEMATES “Weightwatchers for

    saving” 7 Build savings, make money. With help from your mates. ELEVATOR PITCH:
  8. CONFIDENTIAL SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE DEMO 8 www.savemates.com

    PLEASE VISIT:
  9. CONFIDENTIAL SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE WHY USE SAVEMATES

    TO SAVE? SAVING IS HARD. SAVEMATES IS EASY. The temptation is always to skip a payment or use debt to bridge income gaps. Savemates helps overcome this through a shared commitment, and everything is automagic. 9 SAVING IS BORING. SAVEMATES IS FUN. Compared to spending, saving is dull as ditchwater. Savemates helps overcome this by providing fun and engaging social savings models including vote, shuffle and bid. SAVING IS POOR VALUE. SAVEMATES MAKES YOU MONEY. Current UK short term savings accounts will earn you around 1% interest - and that’s if you managed to actually save something. Our Savemates P2P savings deals can earn you 5%+ on your pay-out. 1 2 3
  10. CONFIDENTIAL SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE THE SAVEMATES PRODUCTS

    10 ‘TURN’. GREAT FOR FAMILIES The simplest Savemates group. Payouts are ordered by the group creator. Fee: 1% on payouts ‘VOTE’. GREAT FOR COMMUNITY GROUPS A fun voting mechanic lets members pitch each other why they should get the payout this month Fee: 1% on payouts ‘SHUFFLE’. GREAT FOR WORK COLLEAGUES Payout order is random, creating a fun shared event on pay day - but eventually everyone wins. Fee: 1% on payouts ‘BID’. GREAT FOR SMALL BUSINESSES A more complex product. Members bid (high or low) in a monthly auction to determine payout order. Fee: 20% on rollover 1 2 4 3 ? ? ? ?
  11. CONFIDENTIAL SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE THE VISION: POSITIVE

    PERSONAL FINANCE • At the heart of the Savemates business lies a simple but powerful mission - to make money a positive force in our customers lives. • Savemates customers save together with people they trust and love who help them reach their goals • By building their savings can take control of their financial lives, and reduce their reliance on debt. • If they choose to make money from their savings through our P2P savings offers they’re then lending to real people and small businesses, 11 • We will build the next great internet personal finance brand. • Savemates will be the consumer brand of choice at the heart of the P2P finance revolution, putting individuals and the people they love in control of their financial lives. • Again, ‘weightwatchers for savings’ is a valuable touchpoint - most the weight loss industry is characterized as dodgy and suspect claims. In contrast weightwatchers is a true community, with a proven weight loss method - and its fun! OUR BRAND
  12. CONFIDENTIAL SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE MARKETING PLAN Primary

    segments • Families • Colleagues Secondary segments • Existing cash ROSCA operators • Community groups Channels • Direct PR • Content marketing via Savemates brand • Digital advertising - Google Adwords and Facebook • Partner marketing - working with trusted partners 12 • Savemates marketing will mainly be done by our primary users asking their friends and families to join the groups they have created. • We will therefore focus our direct marketing efforts on influencing these primary users, who we believe to be influencers themselves. • We will also develop the Savemates brand as the voice of the consumer in the P2P finance landscape - offering content and support for savers and people looking to get back in control of their money.
  13. CONFIDENTIAL SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE COMPETITOR ANALYSIS 13

    Option: Save into a standard saving account Option: Unsecured personal loan Option: Join an existing ROSCAs Players Big Finance - HSBC, Lloyds, HBOS, Barclays etc Big Finance - HSBC, Lloyds, HBOS, Barclays etc Direct lenders - Credit card co’s - First Capital, Virgin, Barclaycard etc Various - community level initiatives Strengths Trusted brands (debatable!) Convenient for existing customers Brand (debatable!) Ease of access Get your money tomorrow Already established Weaknesses No motivation to ensure saving Complex product portfolios Very poor interest rates General consumer hatred High interest rates Complex product portfolios General consumer hatred Organisational and business models not equipped for scale Cash systems unattractive to busy people Our advantage Get money quicker (for most users) Results - you will save + its fun Better rates if P2P saving offer taken up Non-Toxic Brand Low interest rates - essentially free Non-Toxic Brand Scale Brand Technology / Security
  14. CONFIDENTIAL SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE TEAM 14 STEF

    LEWANDOWSKI Stef is a Director of Savemates Ltd. and our CTO. Stef is an experienced software engineer and technical architect. He was previously co-founder and CTO of Aframe.com, a VC backed professional video startup. Prior to this he founded and ran a digital agency. NICK MARSH Nick is a Director of Savemates Ltd. and our CEO and CCO. Nick is an experienced digital product designer and entrepreneur. He was previously Managing Director of Sidekick Studios, a London based innovation agency, and has designed products and services for Aviva and Barclays. DANIEL MC ALEESE Daniel is Savemates Skilled Person and Compliance Advisor. He supports Nick with Savemate’s Compliance monitoring and AML and Fraud prevention activity. Daniel is an ex-regulator, and now supports several financial services companies with compliance issues through his company Robinson Mack Ltd. MARTIN CAMPBELL Martin is Savemates marketing advisor. Previously he was head of media at Zopa Ltd. Before that he designed financial products for Virgin Direct and Aviva. SIMON DEANE-JOHNS Simon is Savemates general counsel. Previously he was chief legal advisor to Zopa Ltd and now advises several UK based financial services startups including Savemates. PAUL BIRCH Paul is a Director of Savemates Ltd. and our angel investor. Paul is an active angel investor based in London and sits on the boards of several high growth technology businesses. He was previously co-founder of Bebo.com which sold to AOL in 2008 for $850M.
  15. CONFIDENTIAL SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE HOW WE MAKE

    MONEY • There are four revenue streams in the Savemates business. • Fees. We charge 1% on all payouts for our simple products. • Partner fees. We earn commission for referring customers to savings products and other deals when they collect their payout. • Data sales. We have unique data about our customers, including who they trust to advise them about money, when they have money to spend etc. 15 • Average group saves £1000 per month • 20% monthly growth rate in group numbers (softening after first year) • 5% of payouts convert to partner product, earning 10% commission. • Data sales income not included ASSUMPTIONS USED TO BUILD OUR PROJECTIONS
  16. CONFIDENTIAL SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE PROJECTIONS 16 Year

    1 Year 2 Year 3 Year 4 Year 5 Total groups 1392 15,524 74,884 188,600 352,616 Total balance £1.39M £15.52M £74.88M* £188.6M £352.6M Income(1) £80, 271 £1,270,166 £8,064,677 £25,338,859 £51,688,819 Fixed costs(2) £148,625 £80,221 £509,348 £1,600,349 £3,264,557 Gross Profit -£68,354 £1,189,945 £7,555,329 £23,738,510 £48,424,262 Overheads(3) £211,000 £480,000 £1,500,000 £2,880,000 £3,240,000 Net profit -£279,354 £709,945 £6,055,329 £20,858,510 £45,184,262 Assumptions: Referral income generated from Y1,Q3. Transaction fee reduced to 0.1% Y1,Q4. International expansion end of Y3. * = 1% UK market (1) Commission fee @1%, Referral fees @ 10% on 5% of payouts / (2) Transaction fees @ 2,9% for first 6M, then 0.1% / (3) Salaries, marketing, development
  17. CONFIDENTIAL SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE APPENDIX 17 1.

    Company Structure 2. Governance - Important processes 3. User Experience Flow 4. User Experience - Handling Defaults 5. Anti-Money Laundering and Fraud Prevention Strategies 6. Risk management and Compliance 7. Security and Technology System Overview 8. Technical Architecture Overview 9. Pay-in Process / Payment Flow 10.Pay-out Process / Payment Flow
  18. CONFIDENTIAL SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE COMPANY STRUCTURE 18

    Board of Directors Nicholas Marsh, Stef Lewandowski, Paul Birch Chief Compliance Officer Nicholas Marsh Chief Technology Officer Stef Lewandowski Developers Chief Executive Officer Nicholas Marsh Advisory Committee Martin Campbell, Simon Deane- Johns Marketers Skilled Person / Compliance Advisor Daniel Mc Aleese
  19. CONFIDENTIAL SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE GOVERNANCE - IMPORTANT

    PROCESSES 19 Software development processes. Savemates is a digital business, and our customers access our service exclusively through our website. That’s why we take our software development processes very seriously. We use a mixture of best practice Agile and Scrum project management methods. The team has daily standup meetings to raise issues, and every two weeks we review progress as a whole group (‘sprint review) and decide on which features to develop next (sprint planning). We version our software using Git, so all commits are fully auditable and connected to individual developers GitHub accounts. No developers have access to production data, and all changes to the transaction manager must be personally authorized by the CTO and CCO. More information: http://en.wikipedia.org/wiki/Agile_software_development http://en.wikipedia.org/wiki/Scrum_(development) http://en.wikipedia.org/wiki/Git_(software) OTHER DOCUMENTS For more details on our internal processes and governance model please refer to the following documents: • Savemates HR manual • Savemates Compliance Manual • Savemates software development internal wiki Hiring and HR processes. Our entire engineering team is based in the UK. We request personal information from all our permanent staff and contractors and conduct background checks and request references before they join our team. We have clear disciplinary procedures in pace in the event of misconduct which are outlined in our HR manual, which is required reading for all Savemates developers and employees. Compliance processes. Alongside our software development processes, which involve our CCO, we also have the following compliance processes in place: • Daily payments reconciliation and review • A monthly compliance meeting with all senior marketing and engineering staff and our skilled person • All permanent staff are given Anti-Money-Laundering training • Any changes to the transaction manager authorized by CCO and CTO. Much more additional information can be found in our Compliance Manual, which is required reading for all Savemates developers and employees.
  20. CONFIDENTIAL SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE USER EXPERIENCE -

    OVERVIEW 20 Joining as a first user and creating a group • First time users join Savemates by clicking the ‘create group’ button on savemates.com. • They are then prompted to enter account information (name, email, profile photo, password) which creates a user account and allows them to create a group. • They then choose the type of group (turn based or shuffle) • They then specify the pay-in amount for the group and the number of members • They then add the people they want to join the group by providing a name, email and profile photo • They then customize the invite for the people they want to join the group • Finally, to create the group and send their invite they add their debit card details for the pay-in, their bank account details for the pay-out and their address. • At this point the Savemates risk management application checks their details, and if they have a low risk score their group is created and invitations sent Paying-in • When the pay-in date is reached the Group Manager Application asks the Transaction Manager Application to debit the cards of all group members with the correct amounts • This is then passed on to our payment gateway Stripe, who process the transaction and deposit the funds into our client money account • If the transaction is successful the user gets an email notification. • If it is unsuccessful our default process begins (see page 23) Paying out • When the pay-out date is reached the user receiving the pay-out gets an email notification with a link to the pay-out page • On the page they click a button that says ‘get pay-out’ • We will then manually transfer the funds from our client money account to their bank account within 24 hours MORE DETAIL Please see the following slides for more detail, or review the process yourself at savemates.com • Visual description of UX - page 22 • How we handle defaults - page 23 / 24‘ • Our AML process - page 24 • Technical process for pay- in - page 30/31 • Technical process for pay- out - page 32/33 Joining as an invited user • Invited users get an email with a link to the group page • On the page they can then see the amounts and who else has been invited • They click join, and then add their debit card details for the pay-in, their bank account details for the pay-out and their address. • At this point the Savemates risk management application checks their details, and if they have a low risk score they join the group Activating a group • When enough approved users have joined the group the first user receives an email asking them to activate the group • On the page they can click ‘activate’ • This then sends emails to all group members and begins the first pay-in process.
  21. CONFIDENTIAL SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE USER EXPERIENCE -

    FLOW 21 Create account - name, email, address, debit card, bank details Invite friends Get invite Create account - name, email, address, debit card, bank details Activate group Pay-in via Debit card or Direct Debit Pay-out via bank transfer or Direct Debit Email Notification Email Notification Email Notification Visit page to get payout Create group Email Notification Create group and join Activate Pay-in Pay-out Group Admin Standard User System AML / Fraud check AML / Fraud check ID request (in some cases) Get pay-out Internal check - Risk Score External check - Credit check, Sanctions list
  22. CONFIDENTIAL SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE USER EXPERIENCE -

    HANDLING DEFAULTS 22 We expect the default rate to be very low for several reasons: • Trust between group members. Customers cannot join groups with people they don’t know, and equally they cannot invite members they don’t know. This means that all group members should know what they are getting into, and our messaging will be very clear that they should not join groups they cannot afford. • Social pressure. The whole Savemates concept relies on social pressure from people you know and love to ensure that saving is prioritised! • Forgiveness. However, because group members know each other, if there is a legitimate reason for the default (say, loosing a job) the group members will forgive the default, as they understand the personal circumstances. When a user does default we will first notify the user, and try and re-debit the account after 72 hours. If this second attempt fails we will notify the group of the late payment. After 72 hours we will try and debit again. If this fails, we will eject the user, blacklist their account and send the remaining group members a message with their options (see box). Once a user has been ejected from a group and their account blacklisted Savemates simply reduces the number of members in the group by one, and the pay-out amount goes down by the value of one users pay-in. At this point we send each member of the group an email with a message outlining their options. • If the defaulting user has not had a payout and the user we are emailing has not had a payout. We send a message that explains how much their pay-out amount will be reduced by. • If the defaulting user has had not a payout and the user we are emailing has had a payout. We send a message that explains how much they should pay back to the defaulting user if they so wish. • If the defaulting user has had a payout and the user we are emailing has not had a payout. We send a message that explains how much their pay-out amount will be reduced by, and how much they should request from the defaulting user if they so wish. • If the defaulting user has had a payout and the user we are emailing has had a payout. We send a message that explains how much everyone elses pay- out amount will be reduced by. DEFAULT MESSAGING / OPTIONS
  23. CONFIDENTIAL SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE USER EXPERIENCE FLOW

    - DEFAULTS 23 User contacted via email Group contacted via email Debit fails Debit attempted Debit attempted Debit fails Debit attempted Debit fails User removed from group and blacklisted 72 hours 72 hours Individual members sent email with options User System Group pay- out reduced
  24. CONFIDENTIAL SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE ANTI-MONEY LAUNDERING AND

    FRAUD PREVENTION STRATEGIES 24 To prevent Savemates being used for fraudulent activity we have the following controls in place: • Automatic checking of all accounts against HM Treasury sanctions list • Separate Risk Management Application reviews each new user and new group and monitors activity for non-standard behavior using a proprietary algorithm which assigns a risk score to each user and group. Example factors we monitor include users joining multiple groups with the same debit card, new groups with high pay-in and pay-out amounts, groups with suspicious social profile data, etc. This algorithm is continually refined, and actively developed by our engineers and CCO. • In the event of an edge case being detected by the Risk Management Application we request a scan of UK passport which is reviewed manually before before we payout • Pay-in limited to £250 per month per user per group • Groups limited to 10 members, thus limiting monthly payout to £2500 maximum • Average 30 days delay from pay-in to pay-out (funds held in Client Monies Account) • Users cannot sign up without a UK debit card and its registered UK address • Users can only receive pay-outs into UK bank accounts • We keep complete, encrypted records of every user interaction and transaction with the system • Our CCO works closely with our CTO to actively update our AML and fraud prevention strategies
  25. CONFIDENTIAL SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE RISK MANAGEMENT AND

    COMPLIANCE 25 Risk: Loss/change of clearing bank • Response: Our service oriented architecture makes it easy for us to change providers Risk: Loss of top clients • Response: While Savemates may lose some important clients at any time, it is Savemates strategy to gather a large number of clients so that its revenue generation is evenly spread out, whereby it will not be materially reliant on a small number of clients for the majority of its income and thus being adversely affected should it lose some clients. Risk: Managing Client Risk • Response: As we will not be giving clients any investment advice, the clients will need to effectively manage their own risk. Risk: Counter-Party Risk • Response: There is no transactional counter-party risk as Savemates is just providing the online faclity. Risk: Credit Risk • Response:There is no credit risk as no credit or financing will be offered by Savemates. All clients will need to have cleared funds on deposit. Risk: Liquidity risk • Response: With minimum overheads, the firm will have little liquidity risk should revenues decrease substantially Risk: Operational Risk • Response: As all services are provided online and bank accounts are held separately, there is minimum operational risk save for I.T problems (see disaster recovery plan) Risk: Key Person Risk • Response: As Savemates will be providing online services only, clients can continue to trade should anything happen to key individuals at Savemates. Savemates will endeavour to replace any key staff as quickly as possible. Risk: Systems Risk/Disaster Recovery Plan • Response: The business can operate from any location providing there is secure internet access and access to printing facilities. Savemates has produced a disaster recovery plan. Risk: Compliance Risk • Response: Savemates will ensure full compliance with the rules and regulations of the appropriate regulatory authorities. Savemates has retained the services of Robinson Mack Ltd; regulatory consultants, to advise on all regulatory issues and provide training on an ongoing basis. Risk: Conflict of Interest • Response: Savemates does not envisage any potential conflicts with its clients. Employees of Savemates may open a Savemates account but no conflict arise that may disadvantage other clients in any way. Notwithstanding the above, Savemates has an independence policy of disclosing any material conflicts of interest to clients and any other third party.
  26. CONFIDENTIAL SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE SECURITY AND TECHNOLOGY

    SYSTEM OVERVIEW - 3RD PARTY SERVICES 26 Heroku.com Savemates applications are hosted on the Heroku web platform. Heroku is a cloud application platform owned by salesforce.com The Heroku platform inherently protects customers from threats by applying security controls at every layer from physical to application, isolating customer applications and data, and with its ability to rapidly deploy security updates without customer interaction or service interruption. Stripe.com Savemates uses Stripe.com to process debit card transactions. Stripe uses a form of tokenized encryption and embedded forms that means Savemates never stores or handles actual debit card data. Stripe is a certified PCI Level 1 service provider with US and UK operations. FURTHER READING For more information on AWS security please visit: https://aws.amazon.com/security For more information on Heroku security please visit: https://policy.heroku.com/security For more information on Stripe security please visit: https://stripe.com/help/security Amazon Web Services Heroku is built on Amazon Web Services (AWS) EU based infrastructure. AWS data centre operations have been accredited under: • ISO 27001 • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II) • PCI Level 1 • ISMA Moderate DISASTER RECOVERY PROCEDURE We use the above web-scale services for a reason. The Platform as a Service architectures used by AWS and Heroku means that we cannot experience an unrecoverable disaster, with the exception of a simultaneous total physical attack on both availability zones of AWS EU data centers, which are in two different locations within Europe. With that exception excluded, we will always have complete records in our databases of every transaction and group stored on the AWS / Heroku infrastructure, and we keep a full version history of every commit/ change to the application on Github.com (a $100M backed version control system) which also runs on AWS infrastructure.
  27. CONFIDENTIAL SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE SECURITY AND TECHNOLOGY

    SYSTEM OVERVIEW 27 The Savemates system architecture pattern conforms to industry best practice of Service Oriented Architecture and clear separation of concerns and data. See the following slide for a technical architecture diagram. Our system has the following characteristics: • We conform to PCI design principles • We use only a small number of well managed 3rd party services (see previous slide) • We conduct regular penetration testing of our application by third party services • We operate a need to know information policy, with only our CTO and CCO having access to production data via SSH keys provided by Heroku and admin interfaces via secure passwords and white listed IPs • All data is securely transmitted over SSL • All data in transaction manager database encrypted with AES 256Bit encryption • We keep full, encrypted records of every transaction, including full transaction history, and logs of all actions during admin user session against admin accounts for five years. • We only use simulation data on staging and development services and there is no developer access to production database
  28. CONFIDENTIAL SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE TECHNICAL ARCHITECTURE OVERVIEW

    28 Group Manager Application Transaction Manager Application Sales website • Groups and payment schedules • Basic user info/ID, group membership • Stripe Tokens • Pay-out bank account details • Audit-able transaction history of all pay-ins and pay-outs Token auth. over SSL Encrypted Version 1 - First 6-12 months User bank account Savemates Client Monies Account Savemates online banking £ SSL SSL Admin App User debit card Stripe £ Pay-in Pay-out Token auth. over SSL Token auth. over SSL Manual Risk App SSL
  29. CONFIDENTIAL SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE TECHNICAL ARCHITECTURE OVERVIEW

    29 Version 2 - 6 months + (requires bank API access) User bank account Savemates Client Monies Account Bank API / Direct Debits Unknown? £ Group Manager Application Transaction Manager Application Sales website • Groups and payment schedules • Basic user info/ID, group membership • Stripe Tokens • Pay-out bank account details • Audit-able transaction history of all pay-ins and pay-outs Token auth. over SSL Encrypted SSL SSL Risk App SSL
  30. CONFIDENTIAL SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE PAY IN PROCESS

    / PAYMENT FLOW 30 User debit card Savemates Client Monies Account Savemates user IDs + amounts Group Manager Application Transaction Manager Application Stripe £ Transaction status Version 1 - First 6-12 months Debit card charge Stripe user tokens + amounts Transaction status Token auth. over SSL Token auth. over SSL
  31. CONFIDENTIAL SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE PAY IN PROCESS

    / PAYMENT FLOW 31 User bank account Savemates Client Monies Account Group Manager Application Transaction Manager Application Bank API £ Charge Direct Debit Charge Version 2 - 6 months + (requires bank API access) Savemates user IDs + amounts Transaction status Transaction status Token auth. over SSL Unknown auth?
  32. CONFIDENTIAL SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE Online banking for

    Savemates Client Monies Account PAY OUT PROCESS / PAYMENT FLOW 32 User bank account Group Manager Application Transaction Manager Application £ Admin App Version 1 - First 6-12 months Savemates user IDs + amounts Transaction status Token auth. over SSL Barclays data services Token auth. over SSL Account number, sort code + amount Manual process over SLL / bank website
  33. CONFIDENTIAL SAVEMATES.COM BUSINESS PLAN, VERSION 1.0 PAGE PAY OUT PROCESS

    / PAYMENT FLOW 33 User bank account Savemates Client Monies Account Group Manager Application Transaction Manager Application Bank API £ Charge Direct Debit Charge Transaction Status Version 2 - 6 months + (requires bank API access) Savemates user IDs + amounts Token auth. over SSL Transaction status Unknown auth?