Neobank transformation with compliance and security in mind

The client had a mobile app that was designed for small business owners. Before our cooperation, the client used to outsource the development of its mobile app to other vendors. However, they needed a strong team that would take over the development completely and implement new features to improve the functionality for both the client and its customers. Additionally, the client needed to implement and support Open Banking, an API-driven platform that links financial services through Open Banking and is mandatory for financial institutions.

Our cooperation started in November 2018. N-iX mobile developers and QA engineers worked on backend development and extended the client’s testing capabilities. We were working on the client’s main product - a mobile application used by their customers. Soon, we took over the project and built it almost from scratch.

The N-iX team was also responsible for implementing Open Banking. We introduced a set of regulations that aim at more innovative and highly secure online and mobile payments as well as better consumer protection.

Mobile app. We received a base version of the app which was developed by the previous vendor. The mobile application was a portal that allowed users to access web pages. The entire API was initially written for the web version. Our task was to develop Android and iOS native apps.

Currently, about 70-80% of daily active users — over 50K — are mobile app users. Even if users want to log in to the web version, they need to use the mobile application from a trusted device, where the user generates a login key.

Together with our client, we pay a lot of attention to the application's security. Therefore, we implemented the following security measures:

• 24-hour fraud monitoring;
• Secure face and biometric ID;
• Ability to block cards from the app or online;
• Instant app notifications when money leaves the account.

In early 2021, the client announced their intent to become a neobank. Since then, we have added new features, such as cashback and deposits. Also, we added dashboards and simple user analytics, e.g., how much money the user spent by categories. The mobile apps allow its users to:

• Check account balance, track spending, and make payments seamlessly;
• Manage multiple cards, including foreign currency cards;
• Request PIN on the go.

Open Banking. The N-iX team was responsible for Open Banking implementation. Open Banking is a UK response to the EU PSD2 regulation, referring to the use of Open Banking API, a set of protocols enabling external providers to communicate with online banking systems and build software solutions around them. The N-iX team completed the following steps:

1. Integrated Open Banking components with the existing technology architecture.
2. Developed an API in line with the technical specifications and made it available for registered TPPs.
3. Ensured the system was running smoothly and made regular reports to the Financial Conduct Authority (FCA).

We used the FIS Payment Gateway, which enabled fast card authorization forwarding, accurate settlement file submission, secure data hosting, and instant financial reporting. The card payment and refund transactions from all of the multi-channel points of sale were managed through the PCI DSS accredited data centers.

Our team implemented Strong Customer Authentication (SCA) and introduced push notifications. With SCA, there is a mandatory step before authorization and capture authentication. This step helps protect customers by preventing fraud. To authenticate a payment, a customer responds to a prompt from their bank and provides additional information.

We used the Identity Guard for two-factor authentication. It allows generating the verification code with which users can log in to the account after entering their login and password.

Also, we have implemented 3DS 2.0, a fraud detection tool. It uses a process called risk-based authentication to determine whether or not a customer should be challenged for further cardholder authentication during the checkout process.

Visa reported, in a recent study on this type of risk-based authentication, that with 3DS2, 95% of transactions will be low risk, requiring no additional customer verification, and typically, less than 5% of transactions will require additional customer verification.

Also, we integrated with Snowdrop 2.0. It allows users to obtain merchant info, information on where and when the transaction was made.

Working closely with the client, we constantly improved the backend, fully developed and supported native Android and iOS apps with over 50K daily active users. To accelerate time-to-market, we developed an automation testing framework from scratch.

Successful implementation of Open Banking allowed the client to become a fully-fledged digital bank. We added many new features, for instance, cashback and deposits. Also, we added various analytics that enable users to quickly comprehend data and draw actionable insights that would otherwise go unnoticed.

The N-iX team drove the technology implementations to comply with the revised Payment Services Directive (PSD2) for EU countries.