How POSB Pulled Off a Seamless, Secure, and Scalable Registration Experience with Gevme

About GDG Singapore:

POSB (Post Office Savings Bank) is one of Singapore’s oldest and most trusted banks, known for its strong community focus and as a key part of the DBS Group.

Headquarters

Singapore

Industry

Banking & Financial Services

Key Features Used

  • Multi-path registration logic

  • Role-based access and redemption

  • Real-time on-site enhancements

  • VAPT-compliant infrastructure

  • Live support and training

Event

POSB PAssion Run for Kids — a large-scale, family-focused charity run with thousands of participants and multiple registration paths. The 2024 edition saw over 6,500 registered runners, nearly 9,000 attendees at the carnival, and $1 million raised — all in support of over 948,000 children through 248 community programs.

Need

A secure, flexible registration and check-in system that could handle complexity without slowing things down

Use Cases

  • Multi-path registration journeys (kids, parents, groups, volunteers, sponsors)
  • Role-based data access and redemption systems
  • On-ground kit collection with real-time enhancements
  • Full VAPT compliance and granular access control
  • Live support, platform training, and on-the-fly changes

The Result

A purpose-built flow that scaled under pressure, passed enterprise-level security checks, and gave the POSB team full control without friction

Every year, the POSB PAssion Run for Kids draws thousands of families, children, and corporate teams together — for a good cause and a seriously packed race village. But what’s often invisible to attendees is the operational complexity underneath: data governance, layered participant flows, registration variations, on-site logistics, and an uncompromising bar for security (read: DBS-level).

POSB’s event team didn’t just need a platform. They needed an ecosystem that could manage volume without bottlenecks, handle edge cases intelligently, and meet the stringent technical requirements of a bank-grade system.

“Organizing the POSB PAssion Run for Kids 2024 presented us with a significant hurdle: navigating the rigorous DBS security assessment for our online registration, where time is always of the essence when organizing a large-scale event like this.”

“We required a partner who could handle complexity, prioritize security, and provide exceptional support, and Gevme’s team stepped up to the challenge.”

— Kate Wong, DBS

That’s where Gevme came in — as a fully configurable platform and a tightly aligned delivery partner. What followed was not a plug-and-play setup, but a live collaboration shaped by real needs, real pressure, and no margin for error.

The Challenge: One Platform, Many Stakeholders, Zero Leaks

From the outset, the challenge wasn’t scale — it was fragmentation. This was one event on the surface, but beneath that sat:

  • Parents registering children (with age validation and insurance requirements)
  • Adults signing up for different race categories
  • Volunteers entering via private codes
  • Corporate groups redeeming prepaid slots
  • Sponsors managing block allocations
  • DBS internal stakeholders who needed real-time visibility — but only into their slice of the pie

No two users could see the same thing. Flows had to split. Logic had to be enforced. And everything needed to be tracked, auditable, and compliant with DBS’s internal tech policies.

The system couldn’t rely on workarounds. It had to be built right.

Re-Architecting Registration Logic

Gevme’s core registration engine was extended, not just skinned, to support five parallel journeys. Each journey had its own:

  • Entry point (link, QR, or email)
  • Role detection
  • Field structure
  • Validation rules
  • Permissions layer

“Gevme meticulously translated our complex registration requirements into a user-friendly online form, making it easy for the public to register.”

— Kate Wong, DBS

A parent entering the portal to register two children would trigger age-based flows — some requiring mandatory insurance declarations.

A corporate HR manager redeeming 20 sponsor tickets would bypass payment entirely but enter a quota-controlled flow. A volunteer entering through an invitation code would see a different UI, with different confirmation logic.

None of these flows were connected at the surface. But under the hood, they sat on a unified database — partitioned by access rights and governed by scoped APIs. That made it possible to maintain a single source of truth while enforcing strict separation.

Smart Redemption: One Link, Scoped Control

For corporate and sponsor redemptions, POSB used a link-based redemption mechanism. Here’s why that mattered:

  • Each redemption link was a scoped access key — tied to a group and capped by a pre-defined quantity.
  • End participants filled in their own data, reducing the risk of error from bulk uploads or centralised entry.
  • Audit logs recorded who registered using which link, and at what time — building a full accountability trail.

This method decentralised the registration process while maintaining traceability, access control, and quota enforcement — without the messy friction of code sharing or manual overrides.

On-Site Redemptions That Scaled in Real-Time

Race weekend = thousands of participants arriving across three days for bib, tee, and goodie bag collection. Every delay compounds. Every queue costs.

The first iteration of the on-site module displayed participant data only after multiple taps, slightly slowing the scan-and-go process at peak hours. During test runs, POSB flagged this as a performance blocker.

Gevme reworked the UI in real-time:

  • Queues moved faster. Volunteers needed fewer clicks and less training.
  • All essential data — bib number, t-shirt size, bag type — displayed instantly upon scanning.
  • The update was prototyped overnight, UAT’d with the client the next day, and deployed mid-event — without taking the system offline.

This was product, ops, and client working as one integrated team — using field data to drive live software improvements.

Security: Beyond Compliance

Because POSB operates under the DBS group, the system had to meet bank-grade security standards. That meant no guesswork.

The deployment was subjected to a full Vulnerability Assessment and Penetration Test (VAPT), covering everything from injection vectors to role escalation attempts. Only after clearing this could the platform go live.

“Gevme’s team demonstrated a deep understanding of security best practices and worked closely with us to ensure full compliance.”

“Their expertise and proactive approach were instrumental in securing approval, allowing us to launch registration on time and without compromise.”

— Kate Wong, DBS

In parallel, access controls were tightened:

  • Role-based dashboards were deployed for each functional team (registration, volunteers, sponsors)
  • No data was exposed via lookup tools or external queries
  • Audit trails tracked every entry edit, redemption, and access event
  • Deferred check-ins were enabled without opening data to unauthorized roles

This wasn’t a SaaS form builder. It was an event-specific, compliance-ready operating system.

Training, UAT, and Real-Time Reinforcements

No platform solves problems alone. Execution comes down to people. Here’s how Gevme enabled POSB’s internal teams:

  • Platform walkthroughs ahead of go-live, tailored to each stakeholder group
  • Responsive UAT iterations, where client feedback led to feature enhancements (not just bug fixes)
  • Live support during event week — including chat, hotline, and on-ground readiness — to solve issues in minutes, not hours

“What truly set Gevme apart was their proactive support and dedication to our project. They were always available to answer questions, troubleshoot issues, and provide expert guidance. We wholeheartedly recommend Gevme to any organization seeking a reliable, efficient, and supportive registration partner.”

— Kate Wong, DBS

From Vendor to Tech Partner

By race day, POSB’s internal team had full command of the backend. They could trace every signup to its source, manage live entries, reassign kits, and generate reports for every stakeholder — without escalating requests to Gevme.

“The intuitive admin portal allowed us to easily track registrations, manage participant data, and generate custom reports with just a few clicks. This efficiency freed up our team to focus on other crucial aspects of event planning, ultimately contributing to the event’s overall success.”

— Kate Wong, DBS

That was the goal all along: not just to launch a registration page, but to hand over a system that POSB could run confidently and independently.

The event ran smoothly. So did the internal reviews. Discussions began shortly after about rolling out a dedicated instance — one that would give POSB even more autonomy, audit transparency, and deployment control for future events.

Looking Ahead: From Operational Readiness to Platform Ownership

POSB isn’t stopping here. For the next edition, the team is already planning:

  • Automated kit delivery, with address autofill via Singapore postal code lookup (leveraging previous GovTech integrations)
  • Custom reporting dashboards, scoped to internal audit requirements
  • Private instance deployment, to gain full autonomy over infrastructure and data isolation

The long game? To build a platform environment that doesn’t just enable events — but is fully owned, operated, and evolved internally with the same control and rigour expected from DBS.

Rewind: What Made the Difference

Area
What Worked
Data Security
VAPT-tested platform, access-level permissions, and interest in a dedicated server for future events
Customization
Conditional forms, role-based redemptions, additional data display, and complex logic handling
On-Site Ops
Custom enhancements to scanning flow and real-time product fixes based on feedback
Support
Hands-on platform training and on-ground support, leading to minimal friction on event days

Platform

Solutions

Resources

Company

Follow us

Got a question?

Data Retention Policy Update Notice

As part of our ongoing commitment to data privacy and security, we are updating our data retention policy. In alignment with our Data Protection Trustmark certification requirements, we have modified how long we retain customer data after subscription termination.
Key Change: Customer data will now be retained for 2 years after subscription termination (reduced from 5 years). This change takes effect from January 1, 2025.

For questions or to learn more, read the full notice.