This document discusses best practices for developing FinTech apps. It covers fundamental practices like ensuring information security and compliance with PCI DSS standards, eliminating vulnerabilities, integrating fraud detection using machine learning, maintaining proper testing coverage, and using microservices architecture. It also discusses current FinTech trends like the increasing use of blockchain, artificial intelligence, and quantum computing. Finally, it provides examples of projects completed by Zymr, including developing a mobile commerce solution and a digital payments risk management platform.
4. Information Security:
FinTech Apps need to comply with information security. The security mechanisms should be strong with
multi-factor authentication, password security practices, and in compliance with ‘The Payment Card Industry
Data Security Standard’ (PCI DSS). For ensuring the compliance, FinTech businesses have two choices - build
their own tools or rely on third parties whose services specialize in identity management.
Fundamental Practices
5. Eliminate OWASP Vulnerabilities:
Before putting the plan of building a FinTech app finally into action, the development team has to scrutinize the
list of OWASP (Open Web Application Security Project) 10 vulnerabilities through open source or proprietary tools.
Fundamental Practices
6. OWASP Vulnerabilities:
❏ Injection
❏ Broken Authentication
❏ Sensitive Data Exposure
❏ XML External Entities (XEE)
❏ Broken Access Control
❏ Security Misconfiguration
❏ Cross-Site Scripting
❏ Insecure Deserialization
❏ Using Components with Known Vulnerabilities
❏ Insufficient Logging and Monitoring
7. Financial Monitoring:
By integrating with third parties, FinTech needs to prevent activities like smurfing, and money laundering. It keenly
monitors and looks out for the suspicious transactions. To get a hold over such illegal activities, FinTechs have to
establish the identity of their customers. They can either write their own code, integrate with third parties, or can
associate with compliance agencies. Examples are mobile and biometric identity authentication apps,
blockchain-based KYC, and trade transactions solutions, etc.
Fundamental Practices
8. Fraud Detection:
It is important to detect fraudulent activities. Machine learning is a prominent tool to detect the pattern of fraud
behavior and for that machine learning system like ‘Generative Adversarial Network’ (GAN) is used. Based on a
zero-sum game, a generator network deliberately creates fake data, while a discriminator network identifies
between fake and authentic datasets. Both of them learn from each other in order to improve the results
overtime.
Fundamental Practices
9. Create an API Call:
If you are unable to make idempotent API calls, you can create an API call with a specific ID. In such a scenario, if
an API server fails, another one can back it up. Even when that failed server once recovers, the transactions will
not pass twice.
Fundamental Practices
10. Stay Agile with APIs:
While designing APIs, you need to be cautious about the confidential tech details. Do not indulge in
auto-incrementing of IDs in records. In case of errors, don’t reveal the tech details, as the attackers may use it
against you. APIs bring in the element of automation, flexibility and swiftness in the workflow.
Fundamental Practices
11. Microservices Architecture:
In a microservices architecture, a request passes via different nodes in the network. It is advisable to generate a
unique ID since the inception. So that we can trace it easily from the very start. It provides benefits like improved
fault isolation, ease of understanding, and it removes the vendor or technology lock-in.
Fundamental Practices
12. Microservices Areas:
Today, 68% of the organizations are interested in microservices architecture. Hence, You need to ensure that each
services should cover one functionality. Not all at once, but organizations have to gradually replace the
monolithic architecture by adding new microservices. The design of microservices should be able to withstand
faults.
Fundamental Practices
13. Test Coverage:
Refactoring can be cumbersome and have consequences, so before going ahead with that you need a good
automatic test coverage. Test coverage takes care of the quality of the test. It can help in minimizing errors &
bugs, time to market, and lastly the releases can be more frequent.
Fundamental Practices
14. Deployment of Services:
Continuous integration and delivery manages the deployment of multiple services. Docker helps in making the
microservices portable by manifesting standardization, while Kubernetes helps in automating deployments, load
balancing, orchestration of containers and scaling the resources, etc. FinTech app development teams need to
ensure over seamless logging and monitoring mechanisms.
Fundamental Practices
15. Maintaining Financial Ledger:
FinTech developers need to pay more attention to Financial ledgers. Atomicity, Consistency, Isolation, Durability
(ACID) databases can be used to write those ledgers. Through ACID properties, consistency is maintained in the
database with a guaranteed validity.
Fundamental Practices
16. Legal Purview of FinTech:
Licencing is an essential aspect in FinTech which can’t be ignored. Different types of FinTech are liable to different
licences, which is an utmost important regulatory formality. Certain bodies are looking after financial regulations
like Swiss Financial Market Supervisory Authorities (FINMA) in Switzerland.
Fundamental Practices
18. Blockchain:
The most obvious yet significant reason of involving blockchain in FinTech app development is security. As the
biggest challenge in financial transactions is trust. Blockchain is cost effective and ensures safety. As it involves
blocks, a company can easily track the entire life cycle of the financial transactions.
Current FinTech Trends
19. Artificial Intelligence:
AI includes machine learning, natural language processing, general intelligence, which delivers personalized
content, increases app productivity, leads to automated reasoning, and helps in image recognition. The ultimate
goal is to provide customers an exquisite user experience.
Current FinTech Trends
20. Quantum Computing:
It is based on Quantum theory. Quantum computing can exponentially increase the speed of transactions,
resolve scalability issues, lower down the processing cost and keep the financial transactions secure. It can
detect unusual patterns in order to identify fraudulent activities.
Current FinTech Trends
21. Our Work:
FinTech
Group Mobile Digital-Commerce Solution
Context: A major European multinational telecommunications conglomerate was seeking to monetize and enhance
subscriber loyalty.
Solution: Zymr helped them develop a new Groupon-like digital commerce experience in order to increase the
stickiness of their customer base.
Value: The company was able to add a new stream of revenue, increase their marketplace competitiveness, and attract
100,000+ new subscribers in the initial European country rolled out.
Current FinTech Trends
22. Our Work:
FinTech
Digital Payments Risk Management Platform
Context: A Fortune-50 FinTech client, which processes millions of B2B transactions per month, needed to upgrade their
legacy compliance platform to scale their business.
Solution: Zymr helped them build a next-generation cloud-native microservices platform enhanced by
machine-learning and rules-based analysis.
Value: The client was able to scale their risk operations to handle tens of billions of dollars of digital commerce
transactions annually.
Current FinTech Trends