​Does it make sense to build separate processes for the development of financial solutions in a development company and involve outsourcing companies in the development of financial software solutions? We asked the experts how safe it is and what to consider when choosing a financial software contractor.

Saqib Ahmed Khan, PureVPN

Very much it should be because it contains confidential data that needs to be secured. Financial solutions must be developed by concerned persons who have past experience of it because a little bug can cause a huge loss. A better approach is to outsource this task to a reputable firm. For safety purposes, don’t provide original data or complete data to the firm for testing purposes instead provide sample or dummy data.

Jonathan Mandell, Teepee Vendor Risk Management

The financial industry has some of the most stringent cybersecurity requirements of their vendors. If you are building software or services for that industry, you should be prepared to answer hundreds of questions on your process, policy, and controls. This is a really frequent pain point for startups when first trying to engage with banks and other enterprises in financial services.

Pieter VanIperen, PWV Consultants

Every piece of software developed for any industry should be concerned with data security. If 2020 has taught us anything, it’s that security matters. Financial software which is often regulated or falls under compliance programs should be even more concerned with data security than other software.

Is it possible to attract outsourcing companies to develop financial software solutions? Is it safe?

Sure, there are outsourcing companies for almost everything. Safety is another issue altogether. If you’re going to outsource the development of financial software solutions, whichever company you choose must be thoroughly vetted. Moreover, there may be restrictions on where data can be handled even test data in some scenarios, and who in what jurisdictions can have access to code.

What must be considered when choosing a contractor for the creation of financial software?

Length of time in business, customer reviews, has the company had any breaches or security problems of their own, will they keep a cache of your financial data with the software, etc. All aspects of such a company must be reviewed to ensure safety and security. If you’re hiring a single person as a contractor, you must look into their history as a contractor. Who have they done work for, how long have they been doing it, what level of experience do they have, it’s a lot of the same questions, just on a personal level as opposed to a business level. Compliance and regulations need to be followed at all times.

Leobit develops advanced technologies and solutions for customers in Europe and the USA. We create solutions for the automation of processes in various areas of business. If you are interested in how to make your business better, write to us.

Michael Hammelburger, CEO of The Expense Reduction Group

Being in the financial industry for quite a number of years, the rise of contactless payment isn’t as safe as we think it is. That’s because not all merchants and businesses are well secured when it comes to protecting our privacy. Contactless payments typically gather large amounts of personal and private data from users for tracking and verification purposes. Try downloading an app and you run the risk of malware or man-in-the-middle (MitM) attacks straight from your device. Social engineering, for example, continues to innovate and has afforded scammers to steal private information such as bank account numbers and finances. It is therefore important to transact only on websites that have SSL where the URL will start with HTTPS — instead of just HTTP to ensure security.

Phillip Leslie, Havoc Shield, Inc

Financial and healthcare software are two of the biggest targets for cybercriminals, so financial software firms considering outsourcing their software development should have an eagle eye for security. A model I’ve seen work involves a group of onshore highly-vetted employees running point on reviewing all code submissions (pull requests), with an eye not only towards quality but also towards security. This approach is a lot of work for the employees handling the code reviews, but it’s one of the best strategies for companies that have concluded that they are going to outsource some of the software development work to outside firms (regardless of whether onshore or offshore). Financial software companies should also consider contractual guardrails — a good lawyer with experience in software contracts can guide a conversation around liabilities, indemnities, and insurance requirements that helps to manage the impact of any incident that could conceivably occur.

Grégoire Mathonet, ANote Music

At ANote Music, we are building a stock exchange for music royalties. This is de facto financial software, but we are not as required to comply with financial obligations as heavily as other companies, as the regulator in Luxembourg does not perceive royalties as a financial instrument. That said, we are imposing on ourselves the same rules as the official financial companies in terms of security, for the sake of our users. For this purpose, we believe in offloading parts of development or testing, but definitely not for the crucial parts.