Secure-by-design billing system

by Fabio Tranchitella September 14, 2019

The billing system is a critical component in any business, especially when real-time features are a strict requirement to ensure business continuity and congruence of transactions. Any compromise to availability, integrity, and authentication in the billing system makes a huge impact on the services provided by any Telco, and this is the reason why the security of this component is crucial for our business.

At Evosip we evaluated several commercial and open source billing platforms to be integrated with our software, and decided at the end to develop a custom billing system based on our own particular requirements: we aim to offer Platform-as-a-service VoIP solutions and it came naturally to extend the very same concept to this fundamental component of our software solution.

One of our top priorities in the early design stage was to develop a secure-by-design billing system which we could trust for our own VoIP platform as well as for our network of partners and customers.

As in standard VoIP business conditions, this component is internal and not exposed to public networks, the risk of the system to be attacked to steal information, introduce vulnerabilities and damage the behavior of software is rather limited, we focused on other aspects of software security we focused on while designing the billing platform for Evosip.

One of our top priorities in the early design stage was to develop a secure-by-design billing system which we could trust for our own VoIP platform as well as for our network of partners and customers.


Coming from the positive experience of developing a containerized microservices-based SIP Softswitch, designing Evosip to be Kubernetes-native and cloud-ready was an obvious choice for us.

We developed an ecosystem of small, easy to understand, easy to manage components connected through a distributed communication bus. Our state-of-the-art DevOps experts forged a load-balanced, resilient, auto-healing, potentially geographically distributed platform which monitors itself to ensure record-breaking availability and almost-zero downtime.

Our solution takes full advantage of the orchestration of containers allowing us to automatically scale up and down each component individually in order to manage traffic spikes without any impact on business continuity.

Data integrity

Data storage and retrieval is a raw nerve for any software engineering, especially when distributed systems join the battlefield. We decided to embrace NoSQL taking advantage of distributed databases to enable (geo) replication, sharding and load balancing potentially across multiple data centers and/or cloud providers.

The whole billing system has been designed to work atomically ensuring the system status is always consistent, reproducible and coherent. Asynchronous processing of not real-time, consolidation events, prioritization, and time-boxed tasks provided the basic tools to ensure lightning fast transaction processing without compromises.

Machine learning at our service

Our billing ecosystem of microservices, while growing at fast pace, results in complex but easy-to-manage systems where multiple software engineers can develop and evolve components independently from each other as the whole communication is based on a standard API across the communication bus. This event-based pattern offered perfect plug points to extend the billing systems with high value-added features as well as extra safety nets to improve the system stability and reliability.

We integrated machine learning tasks to auto-scale the system based on historical data, improve the anti-fraud system to predict unusual account activity, prevent DDoS by analyzing a common pattern of events and so on.


We strongly believe security is not something that is addressed as yet another feature of a billing platform, nor is it a specific milestone that occurs during project execution. We took into account security from the project inception and maintain it during all the development phases selecting the best technology stack to meet the business goals with the highest possible standards.

Fabio Tranchitella

15 years of experience in as software consultant, free software developer and advocate.