On the 4th of July, 2012, in the conference hall of the European Organization of Nuclear Research, also known as CERN, an old man sitting modestly in a corner couldn’t hold several drops of tears. That man was Peter Higgs, and just moments before, the conference speaker had announced that Peter’s theory had been experimentally proven since its inception in 1964. Back these days, Higgs assumed the existence of micro particles, from which our Universe has grown (the so-called “God Particle”). After 48 years, Higgs managed to prove he was right.
Nobody would argue that working with neobank technology is next to theoretical physics. You, just like Peter Higgs, also intend to build a better future for humanity. But while scientists can wait for decades, you, your banking app and its competitors can’t.
You’ve chosen a tricky path by intending to create your own neobank. The JatApp team always gets inspired by challenging projects and creative digital solutions. That’s why it is our moral obligation to help you succeed. Today, we would like to share with you our guide on neobank technology, which you can literally print out and hang in front of your desk to always remember what you should do next for your neobank development.
In the beginning was the Architecture
Neobank technology starts with the architecture of your product because any banking app involves multiple components, platforms, services, and data sources. There are three major elements of a neobank’s architecture: hosting infrastructure, core platform, and application’s front end.
Important notice: the sequence in which we’re going to describe the elements of neobank architecture is the order you should follow during the development process.
Once you’re going to build your own neobank, you will need to host it in the cloud. Storing your product in the cloud is convenient as it enables you to develop, test, and release your neobank app in the Agile fashion.
While your tech team is working on the next update, the current version of the neobank app is serving your customers. You have an opportunity to scale your neobank business on the go without interruptions in revenue earnings.
But we must warn you that you can’t store your source code in the public cloud and connect it to the external services, as it seriously exposes your product to various threats. Instead, we highly recommend you to store your neobank app in a hybrid cloud. The development, testing, and deployment phases should take place in separate repositories of a private cloud, while you can use a public cloud for storing the released version and external integrations.
On a side note, we would like to say a couple of words about selecting a cloud provider. The most popular solutions are Microsoft Azure, Amazon Web Services (AWS), and Google Cloud. Each of these providers has its own advantages, but we suggest you picking up AWS thanks to availability of various security instruments, which we’ll discuss later in this article.
This part of your neobank architecture is mostly open-source, since you need to connect core banking services to the external integrations, without which a neobank doesn’t make much sense. Consequently, the core platform includes two important sublayers: core banking services and application programming interfaces (APIs) for third-party integrations.
Core banking services
This sublayer includes services that a conventional bank does: payments, loans, credit card issuing, leasing, customer relationship management (CRM), account/branch creation, corporate clients connection, and so on. You have two ways to establish core banking services within your neobank: develop them from scratch or use Banking-as-a-Service (BaaS).
When you develop core banking services from scratch, you own the process entirely. You can plan scaling your neobank accordingly, tweak the services during the development process, and never depend on anyone else.
On the other hand, you have to shell out a many-digits amount of money upfront. These costs will include expenses not only for the development, but also for unimaginable legwork related to licensing your neobank as a real incumbent bank. But when the dust of development and licensing settles, you’ll beсome a neobank with official bank status that enables you to offer banking services to other fintechs.
As for BaaS, setting up core banking services with on-demand infrastructure is a no-brainer. You don’t own the services directly, but you save a lot of money and time, as a BaaS provider lays banking industry and legal groundwork for you. Even though some banks like Vero manage to go through bureaucratic tortures and become officially registered banks, we highly recommend you choosing BaaS.
Our recommendation is easy to explain. Despite all this hype around the disruptive power of neobanks, only several of them are really profitable. That’s why dumping money into independent development of core banking services is a big risk that you can avoid by using Banking-as-a-Service. To learn more about how BaaS works and why it cuts costs on banking app development, please read our dedicated article.
But whatever the approach you opt for, you have to develop core banking as separate microservices stored in individual data containers. Microservices architecture approaches development of a software as a number of independent blocks called containers, within which a single service is stored.
This approach enables you to avoid crashes of the entire layer, in case something goes wrong with any of core banking services. Since microservice containers are connected to each other with HTTP protocol, the entire system keeps working, even though some of the services stopped working.
Additionally, you can use several programming languages for each service independently. Be it Ruby-on-Rails, Python, or PHP Laravel — whatever your soul desires. Still, we must say that top neobanks use Java or .NET Core for creating their core banking services.
On top of that, scaling your neobank will be easier with microservice architecture. You won’t have to refactor the whole code, but just add up new service containers to the system without making dramatic changes.
Even though microservice architecture allows you to develop your neobank with several programming languages, we’re quite straightforward when it comes to selecting a database. It has to be MongoDB, as it offers fast scalability and simplified data transition. These two characteristics make MongoDB a perfect database for neobanks and fintechs in general.
APIs and external services
The second important sublayer of the core platform is APIs and external services. The main perk of neobank is its ability to integrate with various products and services, which attract new customers and help you create unique value propositions for different businesses.
Aside from the third-party integrations like in the case of software-as-a-service (SaaS), subscription-based streaming platforms, social media, or any product and services, you can use APIs to pool data for advancing your core banking offer: Know-Your-Customer (KYC) tool, extra security, alternative credit scoring, to name a few.
Big Tech companies like Google and Amazon offer their APIs, while it’s also reasonable to use APIs from niche providers, government, organizations, or banks. Of course, you can rely solely on your BaaS provider, but beware of your competitors that may use the same data pools. What’s more, connecting your neobank to an open-source API is fine as well, but you have to be sure that it has reliable security measures to protect your neobank data from unauthorized interventions by hackers.
Front end is the last major layer of your neobank architecture, and you have a lot to do here. For starters, you should develop a web version of your neobank, native mobile apps, and integrate your user interface/user experience (UI/UX) design with external products.
As for the mobile application of your neobank, we recommend you native development for iOS and Android. You’ll need Objective-C/Swift for iOS, and Kotlin/Java for Android. The JatApp team is rooting for native mobile app development for many reasons: high performance, access to device features, and advanced security are evidently important for a neobank app. But if you want to create a cross-platform app, Flutter is your go-to.
Since we are talking about the front end of your neobank application, we have to stop by UI/UX design that plays an important role in the architecture of your product. The matter is that your app is going to operate with people’s money and private data, which they really don’t want to lose under any circumstances. That is why navigation through the neobank app should be intuitive and easy-to-understand, so that your customers would feel comfortable and confident in what they’re doing when they interact with your banking app.
There are several UI/UX solutions that can advance user friendliness of a neobank app. But we do encourage you to come up with your own innovative ideas, as this list isn’t ultimate. Our goal here is to show what top neobanks gear towards and inspire you to come up with your own creative UI/UX design concepts. Let’s check what user experiences your app can bring to the table.
- Chatbots. By creating a chatbot that helps a user navigate through your app or troubleshoot the most common problems, you will ensure that your customers don’t get lost in the app and won’t take a loan they never intended to.
- Artificial intelligence (AI). The use of AI creates additional value to your neobank app. The smart algorithms can provide your users with analytics about spending behavior, savings account, investment prospects, and such. As a result, users can make informed decisions about their savings without even knowing much about how finance works. On top of that, AI is a good weapon for security protection, but this is another story to tell which we’ll touch upon a little bit later.
- Digital identity recognition. Security in banking is an essential part of user experience as well because your customers want to be sure that their money is safe in your neobank. That is why the use of different digital identity recognition technologies as a part of two-factor authentication are necessary. We don’t recommend sticking to just one technology, as people use different mobile devices that may not be supported by this or that software solution. Just make sure you integrate the most prominent solutions like face recognition, fingerprint scanning, eye retina scanning, and voice recognition/natural language processing.
- Gamification. You may target different types of users, but you won’t deny that millennials and zoomers are the main customers of neobanks because they’ve literally grown up with a mobile phone in their hands. Young adults don’t trust incumbent organizations, financial institutions in particular. People between 23 to 34 years old may feel confused, if not depressed, by dealing with serious white-collar banking, so it’s essential to gamify the different user flows inside your neobank app.Gamification is a process of adding gaming elements into non-gaming products in order to simplify the UX. You can create savings challenges and provide users with digital prizes and rewards, or set different monthly goals such as purchasing a particular type of goods. The Ukrainian’s fintech product Monobank provides a good example of gamification. The neobank uses a charismatic hilarious cat as the brand’s mascot and integrates it with different UI/UX elements across the mobile app. In addition, users can unlock unique cat characters after achieving various goals, like paying with the app for taxi rides or utilities.
…but security is above all
As soon as you have developed all layers of the architecture, it’s time to think about the security of your neobank app. We can’t stress enough the role of data security in banking apps, so excuse us for being too concentrated on that aspect.
Anyway, you have to approach security of your app from two perspectives: active and passive defense. The active defense must include a chain of customly developed and integrated solutions such as security information and event management, KYC tool, and AWS Lambda toolkit. Speaking about AWS Lambda specifically, you’ll need Guard Duty to detect any high-level incidents, AWS Shield to defend your app from distributed denial of service (DDoS) attacks, and AWS firewall to secure the solution from human error in the source code.
Also, you can automate your security measures with artificial intelligence and bots that recognize any suspicious activity within your system. But you need to be careful with overly smart algorithms that act too independently and can react to false positive signs of data breach.
Relying heavily on AI security can result in an opposite effect as your smart security bot may falsely detect a threat and close a user’s account with a lot of money on their wallet. Instead, hire data security experts who will team up with your AI-driven tools to gain maximal protection without compromising the reputation of your neobank.
The passive defense of your neobank must involve a constant review of security standards and guidelines on their adherence. Remember that hackers develop malware faster than you can think. If you have a bulletproof reliable security system, it’s just because hackers haven’t found the way to crack it yet.
The second important aspect of passive security is permissions for data access. Services have different levels of permission to a particular data set. You can learn the patterns, according to which digital banking services request data from the server. As soon as you recognize some pattern you didn’t create, it’s a sign that something is going wrong inside your network.
Unconventional quality assurance and testing
Neobank requires quality assurance and testing as any other software. But there is a catch: banking apps are not ordinary digital solutions because they deal with customers’ money and private data, which means that the testing process is entirely different.
The main areas that require a special attention are database, security (again!), business processes, and user acceptance. The topic of banking app testing is interesting enough, which is why we have a separate article about it.
DevOps works in mysterious ways — an enigma behind the whole process
At this point, your neobank is ready for deployment. And this watershed moment of your business requires its own technologies and practices.
DevOps, which stands for development and operations is one of the cornerstones of the Agile software development today. DevOps is not just a set of practices, but the entire philosophy that builds upon two major principles: continuous integration and continuous development (CI/CD).
Continuous integration means that a recently written code merges with the old one in the main repository. Continuous development, in turn, implies that a product’s build can be tested and released as soon as new code is added to the repository. If no bugs are detected, the product’s update can be released right away. The CI/CD principles enable businesses to keep earning capital and develop new product versions at the same time.
We have already covered some of the main characteristics of DevOps for neobanks, but let’s summarize them:
- Cloud computing. We’ve discussed that your hosting infrastructure is a hybrid cloud that includes a private cloud for source code and public cloud for the product deployment, as well as external services connection. Without cloud technologies, your neobank project would be a hardly feasible task.
- Automation. Setting up a CI/CD pipeline automates many processes within the product development lifecycle, thereby making you able to keep your neobank business afloat. It is an important characteristic, especially under circumstances of challenging economic environments, where only several top neobanks manage to become profitable.
- Continuous security. Once the source code is stored securely in a private cloud and CI/CD pipeline ensures automation, you have an opportunity to advance your security together with every line of code you add to the next release. For that reason, coming up with even a minimal security improvement for every app’s update is a wise thing to do. You won’t be able to defeat canny hackers and their malware once and for all, but locking ever-evolving security into your DevOps cycle can significantly increase your chances to survive a cyber attack.
Move the world towards the digital future together with JatApp
Neobank technology is indeed complex, which is why dropping a couple of happy tears after your banking app’s release is more than fine. But despite the complexity of neobank technology, JatApp is ready to experience any challenges and happy moments together with you. Our company has been developing fintech products since 2015, so we can provide you with a team of tech talents who will develop a high-quality banking app that satisfies your target audience.
If you want to develop a neobank that will bring humanity one step closer to the bright digital future, just contact us. We’ll get back to you as soon as possible.