F5 Case Studies Bangladesh Post Office's Digital Transformation with F5 for Secure Mobile E-Wallet App
Edit This Case Study Record
F5 Logo

Bangladesh Post Office's Digital Transformation with F5 for Secure Mobile E-Wallet App

F5
Application Infrastructure & Middleware - Event-Driven Application
Robots - Wheeled Robots
Buildings
National Security & Defense
Traffic Monitoring
Transportation Simulation
Cybersecurity Services
System Integration
The Bangladesh Post Office, a public sector enterprise, was determined to support the ‘Digital Bangladesh’ initiative by launching a digital wallet for instant money transfer. The wallet was expected to cater to a wide audience, including individuals without bank accounts. The challenge was to develop a highly robust, feature-rich, and easy-to-use application that enables secure money transfers. The app was a late entrant to the space, competing against established e-wallet applications in Bangladesh, which meant it had to be designed and function seamlessly. The requirements of the application included 24/7 availability and high-level security. The Post Office needed a tool that could reroute incoming requests from Telecom operators to their app servers, improving the app usage experience. Given the financial applications of the tool, safeguarding the application was vital, requiring protection against application layer attacks, Denial of Service (DoS) attacks, Bot traffic, and data breaches to steal user credentials.
Read More
The Bangladesh Post Office is a public sector enterprise that is focused on greater financial inclusion for the citizens of Bangladesh. As part of the 'Digital Bangladesh' initiative, the Post Office was determined to launch a digital wallet for instant money transfer between individuals who don’t have bank accounts. The Post Office caters to a wide audience and was targeting the development of a highly robust, feature-rich, and easy-to-use application that enables secure money transfers. The app was a late entrant to the space, competing against some of the more established e-wallet applications in Bangladesh.
Read More
After evaluating various options, The Bangladesh Post Office decided to proceed with F5 Networks’ comprehensive solutions, including F5 Advanced Web Application Firewall. The deployment included the physical placement of F5 appliances near the core switches, connected to both, the Demilitarized Zone (DMZ) and the Core Switch; and a Virtual Route Domain each for the DMZ and the core. F5 Advanced Web Application Firewall (WAF) was used to protect the mobile and web applications from application layer attacks, malicious bot traffic, Layer 7 Denial-of-Service (DoS) attacks, and to distinguish mobile and bot traffic. F5 Advanced WAF also provided real-time password encryption for their e-wallet web application. An F5 BIG-IP Local Traffic Manager was used to provide load balancing capabilities for their DMZ and core servers, including Uniform Resource Identifier (URI) based load balancing. All of these were deployed in conjunction to create a secure and smooth application that could cater to large volumes of traffic.
Read More
With F5, the Bangladesh Post Office was able to deliver a digital financial system with continuous uptime, seamless load balancing, and advanced threat protection to provide citizens with a consistent and reliable user experience. The F5 BIG-IP LTM ensured incoming traffic was accurately diverted between the DMZ and the core using virtual route domains. This was achieved by replacing Bangladesh Post Office’s existing HA Proxy servers, which was expected to route the requests coming from Telecom operators to their app server with BIG-IP LTM. With F5 Advanced WAF, the Post Office successfully deployed a setup capable of protecting the app from Level 7 DoS attacks and application layer attacks, including the OWASP Top 10. With stress-based detection and an Anti-Bot Mobile SDK, the mobile wallet was capable of differentiating traffic coming to the app from Bots, delivering a premium experience each time. Security of the application was also enhanced by real-time encryption of user credentials like passwords, ensuring that users were never at risk.
Ensured 24/7 app availability
Improved app security and in-app data security
100% processing and re-routing of incoming traffic
Download PDF Version
test test