Trading platform, Nigeria

React Native, Laravel, AWS Kubernetes

This is a trading platform that lets users purchase assets on the Nigerian stock market and invest in mutual funds. Initially, our client had a working fintech app that had problems with both design and technical implementation. Their previous software development partner failed to deliver the needed results. It not only damaged the user experience and the company’s reputation but could also lead to serious consequences for business. The client requested us to conduct an app audit and stayed with us for a further rebuild of their mobile banking app.

Challenges

The audit revealed the codebase of both the mobile banking app and backend systems had several critical issues, including high-severity bugs, low test coverage, complex code structures, and security vulnerabilities. In such a scenario, refactoring wouldn’t provide the desired results, and we recommended a complete rewrite instead. As for the design, we figured that the interface was messy and lacked consistency.

Solutions

We simplified the interface, made all the components aligned with each other and got rid of the clutter. Our main goals for the fintech app development were to:

• Build a safe, flexible and reliable infrastructure using Kubernetes
• Implement KYC measures using local services
• Establish a high level of automation to ensure short time-to-market
• Build new processes for the client’s in-house team of to build a long-term sustainable fintech software development process that will produce the expected result

Local laws

To get stock exchange data in real time, we used the NGX group API. It’s a leading integrated market infrastructure in Africa that oversees the operations of the Nigerian financial market.

To implement KYC, we used a Nigerian service called NIN token — the solution lets us check users’ data in a secure way, sending it encrypted. To pass KYC, a user fills out a questionnaire, specifies their bank verification number (BVN) and phone number, takes a photo with their ID card, then the application sends the data to the local government service, the service checks everything and sends the user a text message with the results. After that, the user fills out a questionnaire about their experience with financial instruments and the fintech app creates their risk profile — it’s required by the Nigerian laws.

Results

The project went into production back in November, then we started a closed beta test — the application had live users, they opened their cards and made transactions, but the app wasn’t published in the App Store. The app was approved in the store in April and now any user can download it. Fow now, our client's marketers are thinking over a strategy for how they will catch up with new users. 1,285 accounts have already been created — these are live users who have passed verification.

We continue to work on the project and provide our fintech software development services, the app is constantly changing and being upgraded.

Neobank app, USA

React Native, Laravel, Cloud SQL

This is a neobank fintech software that helps US residents get a higher credit rating or just get a card and use it. The client contacted us for app development and UI/UX design — our task was to create a simple and attractive interface, build a stable and secure system and protect users' financial data.

Tasks

• Implement KYC measures
• Integrate the fintech software with Bond, a Banking as a Service (BaaS) solution that connects to major US banks
• Build a microservice architecture to separate our client’s isolated processes
• Ensure a high level of security and data privacy
• Take local regulations into account

Solutions

We use Persona KYC to verify the identity of new users through checking their SSN and ID, ensuring that the users are who they claim to be. Simultaneously, Sardine KYC runs fraud detection checks to ensure the new users are not associated with fraudulent activities or risky behaviors. Once the users pass the KYC checks, we use Bond BaaS to create and manage bank accounts, issue cards, and enable financial transactions via its banking APIs.

Local laws

For this app development project, we need to certify the app with SOC 2 — it ensures that the service follows strict information security policies and procedures required for US financial services. Our team has already passed the certification and now we wait until the bank’ team will be certified. Other important standards that needed to be considered were PCI DSS and ISO/IEC 27001.

We’ve already got access to the App Store and passed the review, it confirms that the app meets all the important requirements and we have no problems with law.

Results

The project went into production back in November, then we started a closed beta test — the application had live users, they opened their cards and made transactions, but the app wasn’t published in the App Store. The app was approved in the store in April and now any user can download it. Fow now, our client's marketers are thinking over a strategy for how they will catch up with new users. 1,285 accounts have already been created — these are live users who have passed verification

We continue to work on the project and provide our fintech software development services, the app is constantly changing and being upgraded.

Neobank app, UAE

Recently, we started a new fintech software development project with a client from UAE. They requested us to create a mobile neobank app from scratch. Thanks to the experience with the previous neobank project, our software development company was able to provide analytics services:

1. Helped to determine the type of program (credit/debit/CDA cards), and the type of planned investment app (crypto/fiat).
2. Helped to determine the criteria for choosing BaaS, indicating what our fintech software developers need. Explained which BaaS is a perfect match, which one is fine and which one definitely shouldn’t be used.
3. Made an Impact Map to understand where to start the software development from.
4. Identified a scope of features for the first version, and compiled a roadmap.
5. Estimated the costs and timeline for the design stage according to the scope. The app development stage was estimated approximately, we will make a precise estimate after the design stage is finished.

Now the project is successfully moving to the UI/UX design stage. We plan to finish the design by the time our client signs the contract with the selected BaaS — now the client's legal team is negotiating with different providers.

Why us?

Security and data privacy

First of all, as a fintech software development company, we don’t interact with user’s finances or personal information. In terms of money, we rely on bank providers which have the legal power to perform financial operations. Our task is to create an app that will act as a mediator between users and the bank. The basic security and data privacy is provided by the service on which our servers are running — usually it's either Amazon or Google. These services comply with PCI DSS security standards. Our CI/CD instruments are GitLab and ArgoCD which also follow these standards. Laravel, our software development framework implements protection against such vulnerabilities as DDoS attacks, SQL injections, and CSRF by default.

Approaches we use for security:

In the field of fintech software development, it’s necessary to build a flexible infrastructure so that in case of troubles we can always take a step back. We create backups and use an approach called ‘Infrastructure as Code’ to make the system able to deploy automatically, even from the ground. In case of a security breach or data center outage, we'll be able to quickly revert the system to a previous version and our clients won't lose data or reputation.

As a development company, we also use approaches such as least privilege approach and fine grained access. They help us to limit access of team members to specific parts of the project — only the DevOps engineer and team leaders have access to the production environment, while deployment happens automatically.

Microservice architecture:

Fintech startups often have isolated processes that shouldn’t depend on each other. In these cases, we choose to build a microservice architecture. First of all, it’s more flexible and stable — if one service fails, others are working, and the application does not stop. Further, it adds an extra layer of protection. Each microservice has a separate database that only stores the data needed for the operation of this particular service. This is diversified data, so even if an intruder gets access to one database, it will give them nothing, because this data doesn’t make sense without context.

Scalability is another requirement for financial software development, and microservices allow to scale specific services based on demand rather than scaling the entire application. Scaling actions in one service don’t directly affect others. It’s also possible to distribute instances of a microservice across multiple servers to handle increased load. Usually, we use Kubernetes as a container orchestration tool to automatically scale microservices up or down based on real-time traffic and performance metrics.

Considering regional specifics

Usually, each BaaS has a description of which regions it works in, we pay attention to this. For example, we can’t use a European BaaS for a UAE project, since there are both technical and legal nuances. As a development company, we can research BaaS solutions tailored for specific regions and collect a pool of solutions that can be suitable for your project technologically. Also, we always research the documentations of other third-party solutions we use to make sure that they are suitable for a particular region.

Ensuring fast time to market

Fintech applications need a short time to market. Such businesses roll out app updates very often — it can mean releasing every 3 days. Time to market strongly depends on the infrastructure and how the work is organized initially. We can work with your internal team and help them build new processes to organize a sustainable fintech software development process that will allow you to issue updates needed for the business quickly enough. Another important factor is quality assurance — testing the app manually every time is a huge amount of work and without a high level of automation it’s just impossible to test everything. Using the test-driven development approach, we automate the testing process and ensure 95% test coverage.

Avoiding vendor lock-in

In every app development project, we use reliable and well supported open-source solutions. This way, we avoid a vendor lock-in for our clients. Vendor lock-in occurs when a customer becomes dependent on a particular vendor for products or services, making it difficult to switch to another provider without spending significant time and costs. Moreover, the app code with all configurations is entirely in the ownership of our client. It means that you’re not tied to us as a fintech software development company and we can’t block the product’s progress or interfere with your business in any way.