We have all had those phone calls where you need to provide sensitive information like your social security number or personal information. Many times these calls can be recorded and you just feel hesitant providing your information by blindly trusting the person on the other side. Other times, unsuspecting calls may even be a phishing attempt where the attacker fakes representing a company in order to gain access to critical information about a person.
We set out to find a more secure and seamless solution to this problem in order to avoid blind trust and subconscious thoughts on whether or not you should be confident in providing your information. To accomplish this, we created a platform to connect both companies (and their representatives) with their customers directly in a clean and modern environment. This is Phorma.
What it does
Phorma allows companies to request information from customers in a safe and secure manner, allowing the customer to understand more clearly what information gets encrypted and what data the representative will see. The idea here is that companies will need to register and verify themselves with our platform and can assign a list of representatives to sign up on the platform to be associated with their respective company. Once the representative is logged in, they can create a temporary "session" where they can select certain questions they need from the customer to fill out. Once the Phorma is created, a unique link is generated and sent to the customer to join. From there, the customer can fill out the questions, sensitive information, and data which will be encrypted client-side and uploaded to the Phorma servers where the company can access without a representative needing to read the sensitive information and instead, gets process in the company's databases directly.
How We built it
The client was built using react and tailwind css to create a modern and elegant UI for the representative and customer to interface with. In order to send the link to a customer with the session information, Twilio SMS messaging APIs were leveraged to dynamically create unique sessions where the representative and customer have their own links that cannot be interchanged. The backend was built using Node.js with Express.js for the API calls to our database. Firestore was used to store session information, forms, questions, and encrypted answers. This data was then relayed back to the representative's console in realtime using firebase react hooks to update the UI. The frontend was deployed onto Netlify and the backend on Heroku to seamlessly mesh the experience.
Our Rugged Approach
We wanted to reimagine what is meant to communicate directly with companies in a private manner. In addition, we wanted to help customers identify a possible phishing call and use Phorma as a medium for trust and confidence. Expanding on this, Phorma takes a cautious approach to shared data and information. In order to eliminate as much ambiguity as possible, customers can enter in their sensitive information from their own device. This gets rid of the need to say out loud this information and minimizes the possibility of an attacker getting their hands on recordings. Additionally, we aimed to provided client-side encryption in order to mitigate as much risk as possible. Another fundamental problem we thought of was how representatives would prove that they are with they company they say they are. With Phorma, companies are verified before hand and attackers are not able to create a verified page without registering with the platform.
Challenges We ran into
One of the main overall challenges was researching and deciding on an overall architecture to encrypt fields and how the flow of data would move through the client to database and back to client securely. This was our first time working with encryption and it really inspired up to think more deeply about possible edge cases regarding how a "breaker" could gain access to the system and building safeguards around that by referencing the rugged software approach.
Accomplishments that We're proud of
We were able to successfully create a platform where representatives and customers can interact with each other and send data seamlessly between the two.
What We learned
Our project revolved around solving common issues everyone faces by applying the rugged approach to the problem. By iterating over different ideas to come up with a solution that solved key issues in regards to security and safety of data, we were able to learn how to think like a breaker. Additionally we each learned some more about different technologies such as encryption, NodeJS, and twilio!
What's next for Phorma
Adding additional functionality and features such as an admin console to manually add representative with access and adding more defense measure would be ideal for the future of Phorma.