The Future of Fintech Product Engineering Services
Raj Gummadapu, CEO, Techwave, 0
In conversation with Raj Gummadapu, CEO, Techwave
Could you recall some of the major digital transformation events you have witnessed in your professional journey so far?
The IT industry began to evolve drastically in the 1980s when computer manufacturers were developing their own proprietary operating systems VAX VMS, MS DOS, IBM CICS etc. During COBOL days achieving a feature / functionality required writing about thousands of lines of code. However, we’re able to achieve the same with lesser lines using OOPS concepts. This is due to the drastic change of system architecture paradigm to Microservices and Low/No-Code architecture. Additionally, latest trends in digital technologies such as Cloud, Metaverse, IoTs, 5Gs etc are bringing in more value to the industry and the customer. Digital transformation is the need of the hour and it is no more a discretionary expenditure and it is critical for companies growth. Important milestones in my journey are the modernising the legacy applications such as Retail Banking, Investments, Foreign Exchange, Health services and Cross Border payments.
Enlighten us about the kind of technological trends that have been shaping the fintech industry in the US so far.
FinTech has had a significant impact on the global Financial Services industry over the last decade. More FinTech use cases-led businesses are flourishing, with more investors backing them. It is anticipated, regulators will continue pushing digital agenda. Following technology trends are shaping the fintech industry so far:
•Buy Now Pay Later has become mainstream and is on an accelerated growth trajectory, emerging strong not only in B2C but also B2B payments space.
•Innovation happening in wealth tech to serve new class of investors; new asset classes, NFTs and Cryptos will continue to drive more investor interest.
•Due to adoption of ISO20022 financial messaging standards more regulation technology solutions are coming up in the market with a goal of streamlining processes and reducing costs.
•With the advancement of the blockchain and growing adoption of crypto currencies, Government’s are taking initiatives for Central Bank Digital Currency (CBDC).
•New technologies simplifying writing and underwriting life insurance policies.
•Digital Banks and Open Banking (Open APIs) are enhancing customer experience, reduce cost and provide more value to customers.
How do you perceive the future of fintech product engineering services? What will be the growth factors boosting the fintech market?
FinTechs can expect future technology breakthroughs to propel the expansion of the market even further and revolutionize the manufacturing, delivery, and consumption of financial products and services in the coming years.
•Fintechs are becoming a replacement for many proprietary legacy systems. More co-development and joint ventures are expected in multiple sectors especially in areas having some historical inefficiencies and expenses. Fintechs are lowering the cost of sale in back-office solutions and ancillary services to non traditional financial services participants.
•Due to emerging technology, changing cultural trends and a favourable regulatory landscape, FinTech has been growing beyond boundaries. Fintech to become a horizontal across industries such Retail, Health, Agri, Real estate etc.
•Industry leaders will continue to acquire crucial proprietary tech companies, blurring industry lines and cutting their costs in the process.
•Smaller companies are realizing the power of joining together. By working together, Fintech companies can offer more of the consumer life cycle with relevant products and services.
•Regulators are actively encouraging innovation through regulatory sandboxes, new distribution models, and the launch of innovative products.
Which are the latest technologies that could take the fintech product engineering services to the next level?
•New smartphone-savvy users exploring tech-based financial tools for the first time can be signed up at fraction of the costs based on their digital identities. FinTech startups are playing an important role in both; bringing people to the financial mainstream and giving people methods and opportunities to improve financial well-being.
•With crypto adoption seeing growth, Decentralized finance (DeFi) is expected to replace legacy systems such as ACH, SWIFT to cut down on fees and for real time transactions.
•The finance angle to metaverse is expected to be a construct of Web 3.0 building blocks and different interface elements called verses which includes protocols, products and services enabling complex financial interplay between fungible and non-fungible tokens (NFTs).
What will be the level of cybersecurity threats that the industry would face? How should they prepare to defend themselves against the same?
Following cybersecurity threats that the industry would face:
•Cloud computing security issues
•Malware attacks
•Application breaches
•Money Laundering and crypto currency related risks
•Identity theft
•Meeting compliance requirements
•Scalability issues
•Mobile platform and IoT devices
•Convenience vs security etc.
Proposed security mechanisms to defend against cyber security:
1.SSDLC
a.Adopt a Secure Software Development Lifecycle (SSDLC) and setup a governing body that drives it’s adoption and continual refinement of the tools and processes.
b.Publish the SSDLC process for community reviews. This might seem a risk initially, but research has shown that community driven initiatives result in more mature processes.
c.Build using highly curated and approved open-source libraries.
d.Adopt shift-left as a mechanism to anchor all development practices to security.
2.Networks
a.Adopt strategies such as Defense-in-depth and 3-tier network security models to protect organization’s assets.
3.Build
a.Deep focus on alignment to various industry standards.
b.Adopt OAWSP Top 10 Security standards.
c.Use tools such as SONAR, BlackDuck, CheckMarx for automated reviews.
4.Secure Communications
a.Use the latest TLS versions.
b.Use certificates issued by highly trusted Certification Authorities. Donot use certificates issued by providers such as LetsEncrypt.
c.Always prefer mTLS using client-certificates for system – system interactions.
d.Always white-list IP addresses of callers where possible.
e.Use FIPS approved algorithms only.
f.Use strong ciphers – for example bit lengths of 2048 and higher for RSA and 256 or more for AES.
g.Use HSMs (Hardware Security Modules) for storing crypto keys and performing crypto operations. Discourage use of other lesser mechanisms such as Java key stores, Vaults etc.
h.Prefer MLE (Message Level Encryption) over Transport Level Security as this gives better end to end protection.
i.Use JOSE standards (JWE, JWS, JWK etc.) for encoding and decoding messages.
5.Databases
a.Clear classification of data assets as Sensitive (PI, PII, PHI) and Non-sensitive.
b.Prefer microservice architectures that break datasets by Function and additionally by Sensitivity.
c.Always use encryption-at-rest (TDE) to prevent data thefts from disks.
d.Always use encryption-in-transit for exchanging data with application clients.
e.Never store sensitive data in clear.
6.Identity Management
a.Don’t use home grown user and password strategies. Use Identity Management systems that are designed to work for social use cases using protocols and standards such as OAuth2, OpenID Connect etc.
b.Prefer SSO where possible to reduce the number of authentication credentials required to be remembered.
c.Build an ability to revoke tokens issued and force re-authentication.
d.Limit the shelf-life of various Access and Refresh tokens. Less is better.
7.Logs, Exports, Notifications
a.Review carefully for presence of sensitive data.
8.Archive
a.Proactively archive (purge) data that is no longer required to be retained.
9.Playground
Use anonymization and obfuscation practices when moving production data to other lesser environments
What will be the kind of role that future leaders in the software development space should play while accessing new opportunities going forward?
•Putting the customer first, anticipating their needs and creating solutions that exceed their expectations became the new norm in the fintech world. The leaders in the sector are expected to constantly create innovative solutions that preempt customer needs and resolve them before they even request them. Businesses are increasingly using Artificial Intelligence and machine learning to proactively understand customer needs and fulfill them.
•Leaders are expected to operate the business as per the prevailing standardization and government regulations. Products, solutions and services need to be aligned to it.
•The digitization of businesses has led to the creation of tremendous freelancing opportunities for professionals as geographical limitations are no longer a handicap. Remote working has become a common feature. The benefits of hybrid work culture have been the wider access to professionals with specialized skills who may have been limited by geographical boundaries earlier.
•The role of progressive and visionary leadership is all important when it comes to new sectors like fintech. Leadership needs to be able to envisage its future and be ahead of the curve when it come to taking bold business decisions. Enterprise needs to adapt quickly to evolutionary changes in the landscape to survive and thrive in such a challenging environment.
•New markets are emerging every day as wide customer bases are willing to try out new technologies that can make life easier. Geographical boundaries are expected to blur as the world become an integrated marketplace.
Proposed security mechanisms to defend against cyber security:
1.SSDLC
a.Adopt a Secure Software Development Lifecycle (SSDLC) and setup a governing body that drives it’s adoption and continual refinement of the tools and processes.
b.Publish the SSDLC process for community reviews. This might seem a risk initially, but research has shown that community driven initiatives result in more mature processes.
c.Build using highly curated and approved open-source libraries.
d.Adopt shift-left as a mechanism to anchor all development practices to security.
Leadership needs to be able to envisage its future and be ahead of the curve when it come to taking bold business decisions. Enterprise needs to adapt quickly to evolutionary changes in the landscape to survive and thrive in such a challenging environment
2.Networks
a.Adopt strategies such as Defense-in-depth and 3-tier network security models to protect organization’s assets.
3.Build
a.Deep focus on alignment to various industry standards.
b.Adopt OAWSP Top 10 Security standards.
c.Use tools such as SONAR, BlackDuck, CheckMarx for automated reviews.
4.Secure Communications
a.Use the latest TLS versions.
b.Use certificates issued by highly trusted Certification Authorities. Donot use certificates issued by providers such as LetsEncrypt.
c.Always prefer mTLS using client-certificates for system – system interactions.
d.Always white-list IP addresses of callers where possible.
e.Use FIPS approved algorithms only.
f.Use strong ciphers – for example bit lengths of 2048 and higher for RSA and 256 or more for AES.
g.Use HSMs (Hardware Security Modules) for storing crypto keys and performing crypto operations. Discourage use of other lesser mechanisms such as Java key stores, Vaults etc.
h.Prefer MLE (Message Level Encryption) over Transport Level Security as this gives better end to end protection.
i.Use JOSE standards (JWE, JWS, JWK etc.) for encoding and decoding messages.
5.Databases
a.Clear classification of data assets as Sensitive (PI, PII, PHI) and Non-sensitive.
b.Prefer microservice architectures that break datasets by Function and additionally by Sensitivity.
c.Always use encryption-at-rest (TDE) to prevent data thefts from disks.
d.Always use encryption-in-transit for exchanging data with application clients.
e.Never store sensitive data in clear.
6.Identity Management
a.Don’t use home grown user and password strategies. Use Identity Management systems that are designed to work for social use cases using protocols and standards such as OAuth2, OpenID Connect etc.
b.Prefer SSO where possible to reduce the number of authentication credentials required to be remembered.
c.Build an ability to revoke tokens issued and force re-authentication.
d.Limit the shelf-life of various Access and Refresh tokens. Less is better.
7.Logs, Exports, Notifications
a.Review carefully for presence of sensitive data.
8.Archive
a.Proactively archive (purge) data that is no longer required to be retained.
9.Playground
Use anonymization and obfuscation practices when moving production data to other lesser environments
What will be the kind of role that future leaders in the software development space should play while accessing new opportunities going forward?
•Putting the customer first, anticipating their needs and creating solutions that exceed their expectations became the new norm in the fintech world. The leaders in the sector are expected to constantly create innovative solutions that preempt customer needs and resolve them before they even request them. Businesses are increasingly using Artificial Intelligence and machine learning to proactively understand customer needs and fulfill them.
•Leaders are expected to operate the business as per the prevailing standardization and government regulations. Products, solutions and services need to be aligned to it.
•The digitization of businesses has led to the creation of tremendous freelancing opportunities for professionals as geographical limitations are no longer a handicap. Remote working has become a common feature. The benefits of hybrid work culture have been the wider access to professionals with specialized skills who may have been limited by geographical boundaries earlier.
•The role of progressive and visionary leadership is all important when it comes to new sectors like fintech. Leadership needs to be able to envisage its future and be ahead of the curve when it come to taking bold business decisions. Enterprise needs to adapt quickly to evolutionary changes in the landscape to survive and thrive in such a challenging environment.
•New markets are emerging every day as wide customer bases are willing to try out new technologies that can make life easier. Geographical boundaries are expected to blur as the world become an integrated marketplace.