Digital banking architecture: things to consider when building banking software

The shift in the way customers want to interact with financial services is driving the FinTech industry to digitize more and more services and setting the future of banking technology. Digital banking software is one of the FinTech solutions customers most commonly use in their daily lives. In this article, we’ll focus on the technical means to develop and improve digital banking software. Beginning with a robust digital banking platform architecture, technical stack, API integrations, and finishing with the implementation of advanced technologies. In particular, in terms of digital banking reference architecture development, we’ll cover microservices in banking and financial services along with core banking microservices. Your steps to creating a web or mobile banking system architecture should be reasoned and well-defined for all the stakeholders.

The primary aim of digitization of banking is to build reliable solutions that can win the trust of customers and convince them that digital banking is safe and convenient. According to a 2021 Lightico survey among 1,037 consumers globally, 56.9 percent still think that face-to-face banking interactions are the most secure and reliable. And when those same consumers actually decide to try online banking services, there are instances when they’re still required to visit a bank in person to sign something by hand. Lightico reports that 36 percent of respondents find such situations very frustrating.

Emerging digital banking startups aspire for a completely different look and feel from traditional banking. However, while digital startups can excel in terms of customer experience, they can still draw on the profitability strategies of traditional banks to find a stable place in the financial market. Funds raised from investors cannot be the only source of money for starting a digital bank.

Thus, it’s best to start building robust digital banking software with the traditional banking business model in mind, primarily in terms of security. Your business goal, monetization strategies, and business and functional requirements will largely predetermine your:

• architecture design
• choice of technology stack
• security requirements
• necessary third-party integrations

Further on, we’ll pay attention to each of the above-mentioned technical aspects in terms of core banking software development and modernization. Let’s begin with digital banking architectures.

Covering the topic of microservices in banking and financial services, we’ll discuss two common types of digital banking software architectures: layered and microservices-based.

Layered architecture in banking

A typical layered mobile banking system architecture consists of three layers:

• Presentation layer (front end)
• Middleware layer
• Backend layer

The presentation layer (front end) enables customers’ interactions with the banking software. The front end of technology banking solutions includes web and mobile banking apps, chatbots, and software for IoT devices and wearables. The presentation layer handles the browser and user interface communication logic.

The middleware layer includes three sublayers:

• Security. This layer includes functionality for customer authentication. A customer’s digital security is of primary importance for digital banking software.
• Integration. This sublayer is necessary to connect the presentation and backend layers. It receives messages or requests from the presentation layer and interprets them to pass them in the correct format to the appropriate system.
• Orchestration. This layer gets messages from the integration sublayer to perform the required actions, which can include retrieving customers’ transaction data. The orchestration sublayer can be called the central nervous system of the whole digital banking architecture.

The backend layer includes the following components:

• Core banking system. The core IT system includes customer information, transactions, payment systems, and accounting systems. This is the engine of the digital bank that enables its primary operations.
• Digital banking. This component makes all the bank’s products and services accessible in the presentation layer. A digital banking platform connects to core systems and packages them into services that internal APIs can access.
• Data and analytics. This component of the backend layer includes reference and transactional data necessary for analysis to define which banking activities customers perform and predict which they will perform in the future.
• Private and public APIs. Examples of private APIs include digital banking services for making payments or retrieving account balances. Public APIs allow for integration with third-party services. For example, open banking allows third parties to access customer data via APIs with a customer’s consent. Thus, open banking enables interoperability between digital banking services and ensures a convenient user experience.

Another common digital banking architecture is a microservices architecture.

Microservices architecture in banking

Many digital banks choose to build their banking software on a microservices architecture, as it offers the greatest scalability opportunities and allows for many integrations with third-party services. If open banking is your go-to, microservices architecture in banking can be the right option for you. Plus, with a microservices digital banking architecture, you have more flexibility as you can control which functionalities to add or enhance and when. Check out our case study on how we ensured successful migration for a logistics company from a monolithic architecture to microservices.

However, it can be challenging to maintain a microservices architecture in banking if you aren’t planning to scale your solution (both in terms of functionality and your client base) in the long-term perspective or if you’re only beginning to develop banking software. In such cases, a layered digital banking architecture can be more advantageous.

A microservices digital banking platform architecture consists of three critical components:

• API gateway. This component makes microservices accessible to external channels and partners via APIs to allow them to interact with a bank’s data, products, and services. An API gateway also enforces API-related requirements and serves as the first line of security to validate all application requests.
• Service mesh. A service mesh can easily scale services to meet peak demand; it also performs load management functionalities. Another important function of the service mesh is controlling the health status of microservices and recovering them if necessary.
• Microservices-based core. This is part of the microservices architecture that contains loosely coupled microservices or small processes that are independently deployable and communicate with each other through APIs and protocols.

Your choice of core banking software architecture depends on your goals and your vision for your software’s future development. With the growing pressure of global digital transformation, core banking microservices appear to be the most adaptable architecture in terms of acquiring disruptive technologies. However, architecture design is a highly individual thing. And it may be that the best architecture for you is a combination of two or more different architectural types.

Thus, to ensure a suitable solution architecture during your finance software development, you’ll need to work with a skilled solution architect to perform all necessary analyses of your business and functional requirements. Once your solution is built, further architecture assessments will ensure that your software stays up to date, offers stable performance, and meets your changing business needs and requirements.

For example, the Australian neobank Xinja decided to shift from a service-oriented architecture (SOA) to an event-sourcing microservices architecture. The bank’s management decided not to buy an out-of-the-box solution but rather build this architecture from scratch to ensure maximum flexibility and integration capabilities.

Xinja didn’t choose the cheapest and quickest approach, but in the long run, it paid off. Connecting to Apple Pay, for instance, is a big and difficult project and may take a bank up to a year. With a robust microservices architecture in place, Xinja managed to integrate Apple Pay in five weeks instead of months.

After choosing your digital banking platform architecture, another important technical aspect of developing digital banking software solutions is ensuring its security.

FinTech service companies work with sensitive customer information, so security for digital financial services is of the utmost importance. This is made clear by the fact that apart from PCI DSS, practically every country has its own additional security compliance requirements regarding digital identity, data protection, and cybersecurity.

On April 1, 2022, a final rule went into effect in the US that obliges banking organizations to notify a primary federal regulator within 36 hours in case of any cybersecurity threat. Bank service providers also have to notify customers as soon as possible in case of any incident. Denmark has introduced a new and more secure digital identity infrastructure called MitID to replace its predecessor, NetID. MitID will be used to approve online shopping payments, online bank logins, and logins to skat.dk for taxes. This solution will launch in the summer of 2022.

It’s also important to remember that in some instances, digital and traditional banks may be subject to different requirements. So it’s necessary to always monitor compliance requirements that appear in your markets to stay in the loop and know how you may need to modify your security measures. Further on, we’ll discuss all the common criteria and aspects of digital banking security. 

OAuth 2.0 protocol benefits for digital banking

OAuth 2.0 is a common protocol that ensures a high level of security during authentication and authorization. This protocol acts as an identity provider, allowing third-party developers to build apps on top of it. One of its key principles is that APIs will only redirect users to a URL that was previously registered with the service. This helps to prevent redirection attacks where an authorization code or access token can be intercepted by an attacker. Among others, OAuth 2.0 is used by Fortune 500 companies including Google, Microsoft, Facebook, Amazon, and Twitter. Benefits OAuth 2.0 provides for developers include:

• BankID, which comes as a service and allows you to use your banking system as a way for users to authenticate in other services. This opens huge opportunities for marketing your app.
• A single two-factor authentication (2FA) system that’s used for all platforms. This decreases costs for system support. Later, when you decide to scale, you will not need to spend time developing authentication functionality for other platforms.
• Every request is encrypted and secured by the latest TLS protocols, which allows you to mitigate man-in-the-middle (MITM) attacks.

Ensuring secure encryption and data storage systems

To mitigate risks and make sure your users’ data is transmitted and stored securely, stick to industry-proven and government-approved cryptographic algorithms (like the Advanced Encryption Standard with 256-bit keys), modes, and libraries. Follow the latest community best practices and use reliable cryptography standards to ensure cipher configurations and block modes are set up securely. Last but not least, keep sensitive private data encrypted with a managed key while it’s transferred and at rest to ensure data integrity and confidentiality at all steps. At Yalantis, we follow recommendations for cryptographic key management (including NIST SP 800-57) to eliminate common security risks including key reuse, weak keys, and non-rotation.

Making the most of know your customer (KYC) and know your business (KYB) principles

KYC and KYB oblige financial organizations dealing with private or business money to verify the identity of counterparties before conducting financial transactions. Simply put, KYC and KYB is a system that contains a chain of third-party services that analyze users’ data to detect fraud at early stages. KYC and KYB principles along with identity verification, credit decisions, and ongoing transaction monitoring can serve as a risk management engine within digital banking software.

Establishing a dedicated fraud prevention department

This is a vital step to successfully detect and disarm cybercriminals before they actually commit a crime. For example, a fraud department can spot that a user is making online transactions with the same value from different IP addresses within one hour and block the account in question as suspicious. Fraud department employees use dedicated technologies and services to ensure your software’s security. To be proactive, they need dedicated tools and integrations with third-party services. 

Developing security tools and setting up integrations lies on your technology partner’s (either in-house or outsourcing) shoulders. In the long run, establishing a fraud prevention department contributes to minimizing the risk of cybercrimes, which is definitely an investment in your bank’s good reputation and stability. 

Choosing digital banking technologies is another serious task. In the next section, we discuss the factors that should influence your choice.

To choose the right technology stack for a banking application, you should place your business plan at the center, which means there are no one-size-fits-all solutions. You also want to consider two important aspects: your budget and core competencies within your team.

When addressing the business needs of your digital banking platform with technologies, there are certain criteria to consider.

• Time to market defines the overall development strategy your team will choose. If your aim is a quick market entry, consider using languages and technologies that come with some out-of-the-box solutions so you don’t waste time developing functionality from scratch. For example, Python and Django are a winning combination to ensure quick coding and solve simple tasks. Using this language and framework, you can benefit from code reuse and easy maintenance. If time to market is not the most crucial constraint, consider using more complex but flexible and productive combinations like Java and the Spring framework.
• Long-term strategy. Again, if you define your primary aim as quick and effective market entry, then a long-term strategic plan is probably not something you’ll put on your agenda at the very beginning. At the same time, you should consider possible paradigm changes (like growing from a startup to the enterprise level) and predict what your stakeholders’ responses would be. In case you’ve developed a long-term strategy, stick to using a technology stack (and digital banking platform architecture) that allows you to scale and grow your system. If you’re considering adding big data and analytics or introducing machine learning in the future, make sure your hosting capabilities can support them. To avoid data migration and a hybrid mobile banking app architecture, choose cloud services with extensive scaling capabilities, such as AWS or Google Cloud.
• Risks. To comply with the security requirements we mentioned before and develop a trusted and scalable digital banking system, we recommend sticking to industry-standard solutions. The modern tech market is full of solutions meant to make engineering easy and that promise to be a silver bullet for software development. At the same time, they can be unreliable to implement in the FinTech domain. To avoid risky technology stack decisions, you should also consider actual and future system load, as this will influence your choice of databases and programming languages. A carefully selected technology stack for both your server and native app can save your budget and reputation.

When it comes to the banking industry technology stack, it’s important for your software development team to choose a target programming language and core framework based on their expertise. This way the whole development team will be on the same page and the development process will run smoothly.

These criteria can be expanded as the technology stack creates dependencies you’ll need to follow throughout the development process. To make the right choices, make sure to select a service provider that puts your business needs first and understands domain-specific app requirements. 

If a digital banking solution integrates with diverse third-party services including for exchanging data with other banks, customers can get all-around banking and financial services and have a convenient user experience within one software system. 

For example, the US SMB neobank Novo provides APIs for more than 1,000 applications and services. Primarily, these integrations relate to functionality that Novo doesn’t have yet like point-of-sale payments, invoices, payroll management, and ecommerce operations.

This approach forms a perfect ground for a flexible financial environment that could be otherwise called open banking. Open banking allows for sharing a customer’s financial information via open APIs. Customers can, for instance, integrate bank accounts with services that track finances, monitor savings plans, and access account management services to get insights into their overall financial capabilities and have a complete understanding of their finances. However, it’s important for these services to be reliable and trustworthy so customers can be sure their data is secure.

According to a YouGov and Tink 2021 survey among 308 financial executives, 68 percent of respondents increased their interest in open banking during the pandemic.

Talking about core banking software architecture, let’s cover open banking benefits for digital banking:

• Product innovation. Open banking gives access to many tools and capabilities that allow for the creation and testing of new products and services. Thus, digital banking startups that offer open banking services have more opportunities to accelerate their digital services and increase the time to market than startups without such services.
• More commercial opportunities. With open banking, digital banking companies can open new revenue streams and better navigate the competitive FinTech world. For instance, digital banking companies can monetize transactions, payments, and customer data.
• Improved operational efficiency. As customer data is shared among different service providers and banks, it relieves customers and banks of the necessity to confirm or submit data each time the user registers in another system or financial solution.
• Customer acquisition. With easy access to customer data, financial institutions can quickly onboard new customers and reduce costs on customer acquisition. Plus, offering third-party integrations in the form of a marketplace can help digital banking startups win new customers.

For example, the UK-based mobile banking application Starling offers a whole marketplace of bank systems & technology services inside its app that are powered by APIs. Customers can easily access loyalty, savings, insurance, or investment products. Back in 2019, Starling won a reward for the best online banking strategy, beating such companies as Monzo, Revolut, and Santander. The main reason Starling is successful in open banking is due to their constantly listening to customer feedback and adjusting their solutions accordingly.

Either in the first development stages or later, you can consider adding new banking technology solutions that can elevate your software performance, make your software more profitable, and make it more useful for your customers. But let’s discuss a few advanced solutions that are worthy of your attention.

This section is meant to show which solutions are at the top right now and are forming the future of technology in the banking industry.

Artificial intelligence (AI) and machine learning 

The prolific use of AI and machine learning across diverse industries proves these technologies are here to stay. According to McKinsey, AI can generate $1 trillion in value for the banking industry annually. AI can be implemented for front, middle, and back office tasks. AI and machine learning can be used to:

• simplify customer authentication and provide users with personalized recommendations and offers
• create chatbots and voice assistants
• evaluate risks as well as detect and prevent fraud and money laundering
• perform credit scoring to make better loan decisions

For instance, the Czech startup Resistant AI is based on AI and machine learning to provide financial institutions with anti-fraud security products. Machine learning algorithms define fraudulent documents, while AI is used for spotting issues during transactions. 

Blockchain

Decentralized finance (DeFi) based on blockchain technology is a common FinTech solution. DeFi’s primary aim is to eliminate intermediaries and centralized institutions from financial transactions. This solution is built on smart contracts, which are the digital equivalent of physical contracts. 

Two common DeFi products are lending and borrowing protocols. DeFi enables peer-to-peer lending and borrowing of crypto assets, removing intermediaries from the equation. Thus, DeFi allows users to quickly get loans thanks to smart contracts. Blockchain-enabled solutions also allow customers to have more control over their assets, reducing instances of cyberattacks.

Robotic process automation (RPA)

RPA allows for the automation of monotonous tasks that have a simple procedure but take up lots of time if performed manually. Instead of people, bots can be programmed to perform these tasks. For example, bots can analyze documents that customers send for loan origination and extract all necessary information and validate it. RPA can also complement other processes including:

• billing
• decisions on card blocking or replacement 
• customer notifications
• audits

On a daily basis, the banking industry deals with lots of repetitive tasks that can be easily automated, saving time for employees and improving customer satisfaction thanks to quick service delivery.

To develop successful digital banking software, you’ll need to find your perfect balance in the technology stack, mobile banking system architecture design, APIs, and advanced technologies. Our team can guide you on this path to ensure that you manage to reach your goal. When deciding on the development strategy for digital banking solutions, we take into account all constraints you may have, such as time, budget, and scope. Still, we always focus on delivering maximum value to you and your customers.