Banking web design and app development
Thursday, 4 November 2021
Banking is one of the most regulated industries in the United Kingdom, with the main regulatory bodies consisting of the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA).
Any website or app designed for the banking industry needs to take into consideration the strict regulatory laws, ensuring the design and build adhere to their laws and strict codes of practice. At ID Studio, we have just completed a new website for a division of Zenith Bank and currently building a new website for The Crown Agents Bank and would like to share some of our insights and build practices.
Modern-day banking has completely changed in recent years, customers now expect to be able to complete virtually all their banking requirements online, using a variety of devices such as phones, laptops, including iOS and Android from any location with an internet connection throughout the world.
Customers also expect a seamless process, with an intuitive user experience and format with the least amount of effort. Website and app users want to find relevant information or the service they require with ease (view account balances including multiple accounts, transfers, payments, download statements, standing orders, etc.)
Security is key
ID Studio takes website security extremely seriously, this is especially important for banking websites and apps due to the potential consequences.
OWASP (Open Web Application Security Project) is an incredibly important area to cover, some of the core security elements should include (if appliable):
- Protected against top 10 OWASP vulnerabilities
- SSL needs to be implemented on the website to ensure the safe transfer of information and avoid data interception.
- Restricted administration access and management
- Implement multiple invalid logins to shut down access
- Will the website login/app access terminate after a certain period of inactivity
- All administration activity should be logged to keep a detailed audit trail of all operations performed.
- Implement password policies to prevent simple passwords from being created by administrators and members, e.g., forcing the inclusion of letters, numbers, and special characters
- Database queries are automatically sanitised which prevents SQL injection
- All user input is escaped before output which prevents XSS (Cross-site scripting) vulnerabilities. These vulnerabilities are usually used to steal user cookies and hijack sessions
- Denying brute-force or DDoS attacks
- Regular intrusion monitoring and detection monitoring
- Backups, keep regular and encrypted backups in several locations including off-site
Our programming manager has 17 years' commercial experience, running the development team. Darren is a Certified Laravel Developer and is also Security+ certified. He writes for publications such as freeCodeCamp and HackerNoon.
Third-party integrations / API
There are numerous banking-related software platforms available for potential integration into your website and app. Often this software provides the specialist infrastructure to help improve your service offerings, they should be flexible to meet your unique needs as well as customisable to create a perfect fit.
Three core areas you need to consider prior to selecting a platform are:
- How secure is it? – What security measures do they provide, how often is their software reviewed and have they had any past breaches?
- Is it cloud-based? – Some banking institutions require deployment on their own premises, also, if it is cloud-based what control do you have?
- How easy is integration? – Not all platforms are easy to integrate, some require a lot of meddling, make sure to research this area thoroughly.
At ID Studio we have used GBG with great success, GBG is a specialist in digital identity. We often implement GBG to help our banking clients digitally verify identities and to reduce fraud prevention. Most recently we utilised GBG for a UK banking website, this was used for their online application process. Some of its core attributes include:
- Address validation
- Email validation
- Phone validation
- End-to-End digital identity verification
- Application fraud
- Identity document verification
Scalability and future technologies
Without scalability, your website or app is unable to adapt or grow, which is particularly important for the banking industry due to legislative changes, as well as technological advances. It is important that your website is built to allow for scalability, factors that you will need to consider include:
- Technology framework –
- Quality of code – The quality of your code does not only influence how your website or app will display and function, but poorly built applications also make it exceptionally difficult to update and expand them. What should be just a simple script to add can take ten times as long due to the issues that arise from the badly constructed code.
- Hardware setup – As your website or app expands, you need to have in place hardware that can expand and grow with it. For example, you may start off with a customer base of 10,000 and this quickly expands to 250,000. Your hardware infrastructure setup needs to be able to cope as well as expand effortlessly with your banking needs.
- Third-party integrations – If your website is dependent upon third-party applications, you need to have contingency plans if they fail. Also, the more third-party integrations there are, the less scalable your website or app may become due to its limitations. In addition, having too many third-party applications slows down your website and can increase security threats.
Headless content management system (CMS)
We have a separate blog on what a headless CMS is, if you are not too sure, click on the Link to view this article. It might be worth considering for your banking website or app.
React Native and app development
React Native allows you to create apps that are genuinely native and ID Studio has utilised this technology for quite a few apps. We are not saying to always use React Native, as it is not always the best solution, however, in a lot of circumstances React Native can be beneficial. Below are some associated benefits:
- Usually, a lot quicker development times as you use the same code base for iOS and Android.
- Provides a very smooth and responsive format
- If implemented correctly, load times are often reduced
Some well-known apps that have been built using React Native include Facebook, Instagram and Skype.
With increased cyber-attacks, it is vital that the banking industry ensures that they protect their customer information and assets.
Once the website or apps is in beta testing, ID Studio recommends that a 3rd party security consultant performs an Initial application security test and vulnerability scan, including reviewing and making recommendations on any vulnerabilities found.
Although testing will also be performed in-house, it is always best to obtain an outside independent audit due to the seriousness and security requirements for a banking website or app. In addition, it is always advisable to obtain a different point of view and perspective.
Target audience imagery
The banking industry is no different from other industries, imagery needs to be targeted, relevant and emotive to the services your business is offering. Imagery alone can be enough to keep or lose your site visitors, below are some ideas to help with your selection process.
- Make sure images are of high quality, properly optimised and cropped
- Decide if you are using stock imagery, hiring a professional, custom illustration or a combination
- Images need to be relevant to the services you are offering, meaningful to your target audience and help to enforce your brand. Enable your target audience to relate to the images
- Include people in your imagery, these people also need to be within your target audience/demographics so that they can be related to
- Include images that collectively tell a story, for example, if you are promoting mortgages then they need to relate to and promote that service
- It is great to present images that are relevant to your market, however, remember that you are not an art gallery and don’t want to overwhelm users with images
- Always bear in mind you can edit your photos to better fit your brand and service positioning
Following these guidelines will make content more accessible but does not address every accessibility issue out there. Nevertheless, it does make a big difference to a lot of users with disabilities. Below are some of the ways adhering to WCAG 2.1 could help your banking website design.
- Provide text alternatives for non-text content
- Provide captions and other alternatives for multimedia
- Create content that can be presented in different ways, including by assistive technologies, without losing meaning
- Make it easier for users to see and hear content
- Make all functionality available from a keyboard
- Give users enough time to read and use content
- Do not use content that causes seizures or physical reactions
- Help users navigate and find content
- Make it easier to use inputs other than the keyboard
- Make text readable and understandable
- Make content appear and operate in predictable ways
- Help users avoid and correct mistakes.
Customers expect access to their accounts 24/7, and if there is a problem, they expect to have assistance quickly. One of the main methods of communication being utilised now is live chats (which requires constant employment of workers), intelligent chatbots, online forms or email.
Maintenance and support agreements
A lot of banking institutions will have their own internal IT department, if you do not, it might be wise to look at obtaining a maintenance agreement with a reputable design agency. No matter how robust your website and app have been built, over time it will require maintenance and updates to keep it running smoothly and safe from potential threats such as cyber-attacks. Some of the main areas you should consider looking into include:
- Optional design and development hours
- Emergency support and response times
- Monitoring of the servers and their performance (website and app)
- Security reviews
- Updates and additional development
- Feedback and suggestions
It is important to research the skill set of the agency, this includes:
- Their programming skillset and experience
- Coder’s specialities and relevance to your platforms
- Project managers experience
- Agencies experience and especially within the banking industry
ID Studio Web Agency has some great experience creating banking-related websites and applications. We understand the importance of security that is placed upon the banking industry and the regulations they need to adhere to. If you are looking for a web agency with a proven track record in the banking industry, call Michael, drop us an email or complete our online contact form.