Bank / Financial Organization Portal Development

Our company is engaged in the development, support and maintenance of sites of any complexity. From simple one-page sites to large-scale cluster systems built on micro services. Experience of developers is confirmed by certificates from vendors.
8+Years of work900+Completed projects100+In house employees19+Partners
Development and maintenance of all types of websites:
Informational websites or web applications
Business card websites, landing pages, corporate websites, online catalogs, quizzes, promo websites, blogs, news resources, informational portals, forums, aggregators
E-commerce websites or web applications
Online stores, B2B portals, marketplaces, online exchanges, cashback websites, exchanges, dropshipping platforms, product parsers
Business process management web applications
CRM systems, ERP systems, corporate portals, production management systems, information parsers
Electronic service websites or web applications
Classified ads platforms, online schools, online cinemas, website builders, portals for electronic services, video hosting platforms, thematic portals

These are just some of the technical types of websites we work with, and each of them can have its own specific features and functionality, as well as be customized to meet the specific needs and goals of the client.

Offered services
Showing 1 of 1 servicesAll 2065 services
Bank / Financial Organization Portal Development
Complex
from 1 week to 3 months
FAQ
Our competencies:
Development stages
Latest works
  • image_web-applications_feedme_466_0.webp
    Development of a web application for FEEDME
    1161
  • image_ecommerce_furnoro_435_0.webp
    Development of an online store for the company FURNORO
    1041
  • image_crm_enviok_479_0.webp
    Development of a web application for Enviok
    822
  • image_crm_chasseurs_493_0.webp
    CRM development for Chasseurs
    847
  • image_website-sbh_0.png
    Website development for SBH Partners
    999
  • image_website-_0.png
    Website development for Red Pear
    451
Show more works

Development of Portal for Bank/Financial Organization

Bank web portal — online banking or financial personal cabinet. Security requirements are the highest in the industry: 382-P Central Bank of Russia, PCI DSS for payment operations, 152-FL for personal data, GOST R 57580. Development without deep information security expertise is impossible.

Security Architecture

Multi-level authentication:

  • Username + password (minimum 8 characters, complexity requirements)
  • Mandatory second factor: SMS-OTP, TOTP (Google Authenticator), push-notification in mobile app
  • Session token with short TTL (15–30 minutes inactivity)

Device fingerprinting: upon login from new device — additional verification. Parameters: User-Agent, IP, canvas fingerprint, WebGL.

Transport-level encryption: TLS 1.2+ mandatory, TLS 1.3 recommended. Certificate Pinning in mobile clients.

Database encryption:

  • Sensitive fields (account numbers, balances) — column-level encryption (AES-256)
  • PostgreSQL Transparent Data Encryption (TDE) for file-level encryption
  • Encryption keys in HSM (Hardware Security Module) or managed service (AWS CloudHSM, Yandex KMS)

Operations and Confirmation

Every monetary operation requires explicit confirmation:

1. User creates operation (transfer, payment)
2. System shows details for verification
3. Request OTP code (SMS or TOTP)
4. User enters code → operation executed
5. Push-notification on completion

Additionally: confirmation of large operations (above threshold) via operator call or biometry.

Operation limits: daily transfer limit, limit for new recipients in first 24 hours, freeze on suspicious activity.

Fraud Prevention

Anti-fraud system analyzes every operation in real time:

  • Operation geolocation vs usual login location
  • Speed of geolocation change (impossible to physically move in 5 minutes)
  • Operation patterns (atypical amounts, recipients)
  • Velocity checks (N operations in M minutes)

Anti-fraud providers: BI.ZONE, Positive Technologies (PT AF), or custom ML models.

Audit and Logging

Immutable audit log of every action: login, password change, operation creation, confirmation, authentication errors. Storage — minimum 3 years (382-P requirement).

Implementation: separate append-only table or specialized systems (Elasticsearch + Kibana for search, Apache Kafka for streaming records).

Vulnerabilities and Protection

Mandatory OWASP Top 10 mitigation:

  • XSS: Content Security Policy (CSP) script-src 'self', escape all output
  • CSRF: Double Submit Cookie Pattern or SameSite=Strict cookies
  • SQLi: parameterized queries, no concatenation
  • IDOR: ownership check on every resource (account, operation belongs to this user)
  • Brute force: rate limiting 5 attempts → 15 minute lockout, CAPTCHA

Penetration Testing

Mandatory pentest by certified company (CISSP/CISA-certified) before launch. Results in CVSS-scored report format. Critical findings fixed before launch.

Regular repeat pentests: minimum annually or after significant changes.

Regulator Requirements

  • 382-P Central Bank of Russia: information security requirements for money transfers
  • 719-P Central Bank of Russia: operational and technology risks
  • GOST R 57580.1-2017: information security standard for financial organizations (protection levels 1–3)
  • PCI DSS (if storing/processing card data)

Technologies

Component Requirements
Backend Statically typed (Java Spring Boot, Go, C# .NET)
Database PostgreSQL with TDE / Oracle
Secrets HashiCorp Vault / HSM
Queues Apache Kafka (audit log, events)
WAF PT AF, CloudFlare Enterprise, or on-premise
Hosting Certified Russian datacenters (152-FL)

Timeline

MVP online banking (account viewing, transfers between own accounts, history, 2FA): 6–9 months. Full-featured online banking with payment functionality, fraud prevention, mobile app, 57580 audit completion: 12–24 months.