Why PostgreSQL meets fintech database demands
Fintech is disrupting the way monetary transactions are taking place around the world. They are making it easier for consumers to make payments in person and online, locally and internationally, for personal or business reasons.
Increasing the ease of transactions for consumers also increases the challenge of keeping those transactions secure, and ensuring privacy for all parties. Decisions about what technology to use are largely driven by the tight regulations being imposed on financial institutions.
Databases lie at the heart of these transactions.It is crucial that you understand the database technology you deploy and ensure it can provide you with regulatory compliance, and all the security features you require.
While there are many database options out there, I feel PostgreSQL is uniquely positioned to benefit fintech companies. Being open source is a major advantage, bringing transparency to the technology stack. Its liberal license provides huge flexibility allowing you to modify, fork, commercialise, and deploy on any platform you choose – whether on-premise, in the cloud, or a hybrid model. All this is why PostgreSQL is proving so popular with application developers, with this popularity continuing to increase.
But there are additional areas that are particularly important for the fintech industry including regulatory compliance, security, and performance. Many of these features have existed in PostgreSQL for quite some time, but the recent PostgreSQL 14 release builds on this stability and feature-richness.
Four out of six control objectives in the PCI DSS regulation concern data and how it is stored. GDPR lays emphasis on data localisation and consent. FATF is concerned about anti-money laundering/anti-terrorist financing (AML/ATF). Know your customer (KYC`0 is increasingly important. All these regulations focus on the data financial institutions collect and how this data is stored and managed.
PostgreSQL has some neat features that allow application developers to comply with these and other regulations. For example, the ability to shard data and distribute it using foreign data wrappers enables you to restrict data to specific geographies in order to comply with local laws, including GDPR. Authentication through SCRAM-SHA-256 and security at the column and row level allows for strong access control, which is a fundamental PCI DSS requirement.
Being able to harden your database to prevent cyberattacks and security breaches is a no-brainer. But security is not just about malicious attacks, it is also about ensuring that data can not be breached as a result of human error.
PostgreSQL offers a variety of features that allow you to harden your database to prevent such breaches. Multifactor authentication via valid client certificates, as well as native authentication using LDAP and RADIUS allow for multiple layers of checking access levels and login security. Industry-standard GSSAPI, SSL, and SSPI allow support for single sign-on, and data in motion along the database connection is encrypted. You can define roles, set limits to user and database connections, grant/revoke access to all tables, sequences, and functions, and assign permissions at the row and column level. All these measures will harden your database against data breaches and attacks.
Fintech is expected to execute monetary transactions in real-time. Instant payments, transfers, credits, etc are taken for granted. The speed of the entire application stack is of the essence. If the database at the core of this system isn’t performant, everything else falls apart.
PostgreSQL provides many features focused on performance. The latest release – version 14 – specially focuses on these features. I would broadly divide these features into four categories:
- Query parallelism – PostgreSQL’s support for query parallelism allows the system to engage multiple CPU cores in multiple threads to execute queries in parallel, thereby drastically improving performance.
- Distributed workloads – The community has started focusing on query parallelism for distributed workloads, allowing for parallel table scans and bulk inserts into foreign tables.
- Server core – Index handling, preventing bloat, and many other features in the core “just work”, they are completely transparent for the user and yet provide for increased performance.
- Special use cases – PostgreSQL 14 provides for some very interesting enhancements for specialised use cases, such as the ability to work in pipeline mode with libpq and replicating in-progress transactions.
Fintech companies have a unique set of challenges, which in turn place very specific demands on their database. I believe PostgreSQL is well-placed to meet these requirements, particularly given the new features introduced in version 14.
For further advice on getting the best out of your database, Percona, the open source database experts, would be happy to work with you, to ensure your PostgreSQL deployment is stable, secure, and performant.
By Umair Shahid, head of PostgreSQL, Percona