Vehicle Fintech Startup Fortifies SaaS Security

About the Organization

Numadic is a pioneering automotive fintech Software-as-a-Service (SaaS) offering that simplifies the automation of vehicle identification, location, and transaction-related tasks. The Indian startup specializes in Wallet products and Transaction platforms, turning vehicles into contactless wallets and managing digital payments for services such as tolls, fuel, and food drive-throughs. Numadic is the first and only company to enable fully automated fuel payments in India, securely managing the systems that handle payments at fuel stations. Since its inception, Numadic has secured a total of $3.25 million in venture funding.

Credit: Photo by Fadhila Nurhakim on Unsplash
Credit: Photo by Fadhila Nurhakim on Unsplash

The Challenge

Numadic faced the intertwined challenges of centralizing password and machine credentials management for their productivity tools and their mission-critical SaaS offering.

In the early stage of prototyping, Numadic relied on a mix of individual open-source solutions like KeePass and the now unmaintained andOTP, along with unsecured methods such as email and WhatsApp for sharing passwords. These methods exposed them to substantial security risks and operational inefficiencies.

As the startup moved on with early adopters and scaled their team, securing and managing passwords for their SaaS infrastructure, which enables contactless digital payments in the automotive space, became increasingly vital. This infrastructure not only demanded stringent security and high scalability but also posed unique risks; compromising access to a productivity tool could potentially provide an intruder with a gateway to their sensitive SaaS infrastructure.

The absence of centralized control over password management became particularly acute with the shift to remote work during the COVID-19 pandemic. Absence of a secure, centralized password management system led to difficulties in the tracking and management of access rights.

In sum, this scenario highlighted the urgent need for a robust system capable of supporting both the security and scalability required to effectively manage their team’s productivity. Additionally, such a system is essential for securely managing the SaaS infrastructure that underpins Numadic’s software product offerings.

The Solution

Three years ago, Numadic chose Passbolt for its robust, self-hosted, open-source password management and sharing solution that could be customized to fit their specific needs, especially as a remote-first company post-COVID. Passbolt’s end-to-end encryption and two-factor authentication provided the necessary security, while the intuitive user interface made it easy for remote employees to onboard and use the system efficiently. Passbolt’s collaborative features and password generator further streamlined Numadic’s operations by organizing data in an easily accessible and secure manner.

As of today, Numadic adopted Passbolt to enhance the security and management of its productivity tools, but also of their complex SaaS portfolio, applying it across various segments of their client-facing services. Passbolt's robust password and machine credentials management system have been integral to the operation of Numadic's Wallet and Transactions platforms, which allow vehicles to utilize digital payment.

In the Wallet Products segment, Passbolt is used to manage credentials for Numadic's FASTag issuance plug-in for partners and banks, as well as their white-labeled web applications that enable the seamless sale of vehicle wallets. This also extends to the engagement products, where Passbolt secures the credentials used in Numadic's white-labeled Android & iOS apps, such as the NU Toll App. This app allows users to manage FASTags, recharge wallets, and manage tags securely. Moreover, Passbolt protects the management of credentials for the Toll Cost Calculator SDK and FASTag APIs, facilitating secure and efficient service management.

For the Transactions Platform, Numadic relies on Passbolt to handle the machine credentials and passwords that are crucial for supporting their system that collects vehicle payments contactlessly. This platform accommodates multiple use cases including Fuel Pay, EV Charge Pay, and drive-thru restaurant payments. Through Passbolt, Numadic ensures that all segments of their SaaS offering maintain high standards of security and efficiency.

The Results

The implementation of Passbolt marked a transformative phase in Numadic's operations. The centralization and secure management of passwords across both productivity tools and their SaaS infrastructure led to several significant improvements:

  1. Enhanced Security: With Passbolt’s robust and granular encryption as well as multi-factor authentication, Numadic significantly reduced the risk of unauthorized access, securing sensitive client transactions and internal communications. This elevated level of security is critical for maintaining trust in their contactless payment solutions within the automotive industry.
  2. Operational Efficiency: The intuitive interface and organizational features like folders and tags provided by Passbolt streamlined Numadic's password and secrets management processes. Employees could quickly retrieve necessary credentials without compromising security, significantly cutting down on time previously lost to inefficient password recovery methods.
  3. Scalability: As Numadic expanded its services and client base, Passbolt’s scalable solution effortlessly adapted to the growing number of team members and product users while the SaaS infrastructure requirements became increasingly complex. This scalability ensured that Numadic could continue to expand confidently without being hindered by technical limitations and security risks.
  4. Reduced Costs: By automating and centralizing password and machine credentials management, Numadic lowered the costs associated with maintaining and updating security protocols. The reduction in administrative overhead allowed them to allocate resources more efficiently, contributing directly to their bottom line.
  5. Improved Remote Collaboration: The shift to remote work, accelerated by the pandemic, was smoothly managed with Passbolt. The platform’s collaborative features ensured that remote teams could securely share and manage passwords and secrets, maintaining operational continuity and team productivity.
  6. Risk Mitigation: With centralized control over password access, Numadic mitigated the risk of data breaches significantly. The system’s audit trails and alert features provided the necessary oversight to detect and respond to potential security threats swiftly.

Overall, the adoption of Passbolt has empowered Numadic to not only secure their digital assets but also to enhance operational efficiency and scalability, key factors in their continued growth and success as a startup in the competitive auto fintech sector.