KodyPay: A Mobile Payment App Chooses IBM LinuxONE to Address Customer Security Concerns

Does this ever happen to you?  You’re in a line trying to buy something.  The line is long.  The line is slow.  You’re behind people who are purchasing multiple items.  The wait seems interminable.  And there you stand – becoming more and more displeased as your wait continues…

As you wait, do you ever think: “Why on earth do people still have to queue in the age of the smartphone?”  And then, as you look at the cash register slowly tabulating someone else’s purchase, do you think: “A store shouldn’t have to buy hardware to process payments – this should be done programmatically as a service.”

This is what Kodypay’s founder, 20-year-old Yoyo Chang, thought as he waited in a long line to purchase something.  And he decided to do something about it.

What Chang did was to create an electronic wallet built into a phone.  KodyPay, the name of Chang’s new company, has built a mobile application that can be used to order a product or service on-line — or by scanning a KodyPay sticker when entering an establishment (to identify the establishment to the application).  The user then selects items (food, goods, etc.), and places an order.  The order is prepared for pick-up or delivery to the buyer.  A transaction bill is issued, which the buyer approves and assigns to any of a number of payment methods.  When the transaction is completed, an electronic receipt is issued.  It’s that simple — the application has handled the ordering process, scheduled the delivery or pickup tabulated the bill and issued a receipt.

In short, Kodypay is a payment technology that connects mobile users to a wide variety of e-wallets, pay-later providers, and card-based payment systems.   It allows users to use their mobile devices as Mobile Point-of-Sale (MPOS) devices, connecting to the company’s backend application or with the company’s application program interface (API) running on a private enterprise server.  By so doing, transactions can be easily and securely (emphasis on “securely”) processed.  The application design is simple, and the process flow is logical – but the real beauty of this application is how it is hosted: it runs as a highly secured, protected cloud instance.

To understand what Kodypay is all about, read Bloomberg Wealth’s outstanding company/founder profile (search KodyPay).  The upshot of this article is that Kodypay was founded by a young management undergraduate, Yoyo Chang, at the University of York. It has received $2.3 million in angel financing, and it is set to go live within a month.  Its competitors include Resolute, IZettle and several other MPOS-focused startups.

While the Bloomberg article portrays the company as an interesting and ambitious start-up, the article also admits that Kodypay could be “just another payments app in a sea of apps.”  Surely, this could be true, but the article does not dig deeply into the KodyPay backend system design – an extremely secure, highly flexible, scalable, reliable and tremendously cost-effective server implementation that could be the company’s main differentiator.  The company’s backend system design could be the major differentiator that makes the company succeed.

The design effort

Young Mr. Chang recruited a Board of Directors, structured partnerships with payment companies and sought technical assistance as he proceeded to build his platform.  And, as he designed his process flow, he found that, in order to win the hearts and minds of his customers as well as his payment business partners, transactions would need to be highly secure (foolproof, unassailable, tightly controlled).  And then he had the good fortune to meet Ron Argent.

Argent is a 31-year information technology veteran with vertical expertise in the financial industry and government systems.  In 2015, Argent founded “Cognition Foundry,” a system design/integration provider that had the experience needed to help Chang design an enterprise-class, secure mobile transaction environment (Cognition Foundry takes a 5% equity stake in the start-ups the company chooses to engage with).

Argent and his team listened to Chang’s idea – and liked it!  Other companies, Argent knew, had designed or were in the process of designing similar mobile payment systems but  But what made Kodypay different was the company’s MPOS hardware angle.  By attacking the cost to process transactions and by making it possible to eliminate POS hardware, Chang’s idea could save retailers and food service providers up to 65% of the cost of processing transactions (hardware, installation and maintenance costs, networks and utilities). If Argent and his team could design an application that could execute KodyPay’s MPOS idea in a highly secure fashion, while also making it possible to replace a store or retailer’s POS hardware, Kodypay could become a real winner.

The backend: It’s a mainframe instance in a highly-secure cloud

Cognition Foundry chose to host the KodyPay service on cloud architecture.  But not just any cloud architecture. This architecture features an IBM LinuxONE running in the background.  The companies initially toyed with the idea of placing KodyPay within a public cloud running on Intel architecture – but decided against that idea.  Why?  Security.

IBM’s LinuxONE architecture is based on the company’s System Z mainframe technology.   System Z offers the industry’s highest security level (EAL Level 5+; and FIPS 140-2 Level 4) – which is one of the reasons that this architecture is so widely used in financial communities worldwide.

As for LinuxONE, security is engineered into the hardware using a feature known as “pervasive encryption.”  Pervasive encryption can be used to encrypt all data within the system environment – making that data impossible to unlock without a software key (secured and possessed by authenticated/authorized personnel).  By activating pervasive encryption, data, whether at rest (within the system’s environment on disk or in memory), or on-the-fly (traveling across a network), can be protected continuously.  (IBM’s Data Privacy Passports are used to provide end-to-end data protection/privacy services for data on-the-fly).

To further secure KodyPay data, the service runs within an IBM Secure Service Container (SSC) – a specialized, unassailable partition based on EAL Level 5+ procedures supported by the LinuxONE environment.  Within this container environment, KodyPay transactions can be isolated and run independently (not accessible though secure shell [SSH] through the operating system).  This prevents tampering by internal and external sources and protects transactions within multi-tenant environments (an application in one SSC cannot access an application in another SSC except through the use of a remote application program interface).  Containerization also allows for fast deployment (should KodyPay need to scale to ramp-up service).

LinuxOne can be accessed through the cloud – and can work cooperatively with other cloud architectures (in hybrid cloud configurations).  Cloud architecture provides access by users to KodyPay, simplifies interactions between KodyPay and its partners, and (with LinuxOne at the backend) provides a secure environment for processing transactions. (IBM’s hybrid cloud architecture is based on RedHat’s open container and Kubernetes technology).  Cloud architecture also allows for continuous operations (reliability) and also enables KodyPay to scale horizontally and vertically.  Containerization allows KodyPay to be moved to clouds in different countries.  Or KodyPay clients can run the KodyPay service on their own mainframe server.

Summary observations

The key to KodyPay’s success will be based on broad-based acceptance of its simple, reliable, and secure backend service.  The application has got to be simple – and the service it supplies (a transaction between a seller and a payment source) needs to be seamless (with the backend coordinating the services of many payment partners and sellers).  And, most of all, transactions will need to be secure.

By choosing to deploy on an IBM LinuxONE, KodyPay has taken the necessary step to address customer and partner security concerns.  The next step will come as the service gains greater acceptance.  Greater demand will drive the need for greater scale, for continuous service (high availability, resiliency), for disaster recovery – and a host of other “enterprise class” service levels.

Will KodyPay make it?  Basing its service on a technology that is known for providing the industry with the highest level of security is certainly a step in the right direction – and could prove to be a major differentiator.  Beyond server selection, application design and deployment, KodyPay will need to deliver on its promise to reduce costs related to POS hardware (deployment, operations, maintenance, physical hardware costs, etc.).

For retailers as well as food service providers, simplifying the checkout process without having to rely on a hardware device should not only reduce costs, but also improve customer satisfaction.

At present, the KodyPay application is already in place, the right platform has been chosen and the list of business payment partners is continuing to expand.  KodyPay is poised and ready to make its move.