I’ll do it on my own: FRANKENSTEIN SECURITY for digital banking

0
18

We live the time when garage inventions are not really possible anymore – everything truly great should be created by at least medium-size teams of top-professionals. Nowadays banks and fintechs have become real centers of technology and innovations, having
very strong tech teams onboard. Obviously, they want to do everything on their own. But when we are talking about security solutions development, such an approach has several underwater rocks that should be taken into consideration.

It won’t be cheaper

One of the most common arguments we’ve heard from the client side is that it will be cheaper to develop their own solution having their strong team onboard. This is a very popular point of view but in fact it’s a trap. You will need to hunt quite niche tech
brains with strong experience in development of security solutions. For example, our company is focusing on no-OTP mobile authentication. So, we can openly say that to develop such a solution – even the lite version – you will need firstly some strong cryptographic
specialists, which are able to develop a proper keys distribution scheme. If your security solution operates on iOS and Android, then you will need to find not only Android and iOS developers but also guys understanding all the guts of both the platforms.
It is also expected the hiring of backend developer, testers, analytics having competence in this specific topic and for sure you definitely need an architect.

I may guess some of you are surprised and already calculated the costs

Too much time

Everyone who’s ever launched a product knows, that it is not that fast. But the point is that you don’t have this time. If you face security issues right now, you need to solve them as soon as possible. Otherwise, you could lose more money of your clients
waiting for your own internal development would be finished. Obviously, money loss is equal to reputational loss and your clients will simply move to another bank. Perhaps, meanwhile you will finish testing of your new Frankenstein.

Moreover, nothing is made in stone. I believe some of you had a situation when initial development team left the company. For sure, in an ideal world you will stay with all the product manuals so that new team members will be easily included into the process
of support. But expectations and reality do not always coincide. When you need to make some amends, launch a new version or adopt to new requirements, then your team suddenly have to come back to the manuscripts of initial development team.

Develop again?

You can’t develop something once and leave it as it is forever – you will have to update, support, request some external pen-testing service and etc.

As well, you should add fresh features. We always find new interesting cases with our clients – for example, that is the how we created our internet banking log-in via QR-scanning. One of our existing client simply said: “could you make it as secure,
as you do now but without inputting even username?”
In the same manner we developed off-line mode authentication and many other features currently performed in our solution.

Talking about security, it’s hard to stop – hackers are smart and fast at looking for new vulnerabilities, so we have to be pro-active, catching security trends, predicting the latest security risks. That is how we have added adaptive authentication, conflict
resolving tool for friendly-fraud cases, device-fingerprinting to enrich anti-fraud, special cases for secure access renewal and others.

Okay, finally you’ve developed it. Then, after some time, you are moving your clients to a new app or service – yes, probably, you will need to adopt or rebuild your security solution. Again.

Client-centric approach

It seems to be quite obvious but when you have an experienced development team onboard – you are lucky, you can focus on client services, you can collect feedback, check and improve many things in their user-experience. This will take quite a lot of time
and efforts as it is a never-ending process. Focus on your clients, share the feedback and let security solution developers do their work and support your internal development team. For us your feedback and requests is a good way to catch some new trends.

From our experience

In our experience we had prospects that planned to create their own security solution after getting quite a deep understanding of our products. We used to smile when we deal with such clients as key points described above are actually taken from our experience
with them. Almost all the stories usually end with good partnership and successful projects. Now, we came to a point that garage development era is over and it is the best time – time to
collaborate.

Go to Publisher: Finextra Research Community blogs
Author: