Digital Banking Platform Development

iOS and Android app covering the full self-service customer journey, connecting to the core banking system via a typed API connector rather than a screen-scrape or middleware approximation. The connector is built explicitly to the core's REST or SOAP API -- whether that is Temenos T24, Thought Machine Vault, Mambu, or a proprietary core -- and is versioned independently so the app does not break when the core updates. Account aggregation via Plaid, TrueLayer, or Tink can pull balances from external accounts into the dashboard view for customers who want a consolidated financial picture alongside their primary account.

Account dashboard shows current balance, available balance, and pending transactions pulled from the core in real time. Internal transfers between accounts with confirmation reference and scheduled transfer support. Payment initiation covers bill pay, peer-to-peer transfers via RTP (The Clearing House Real-Time Payments), FedNow (for US instant payment rails), or SEPA Instant Credit Transfer (for European operations), and ISO 20022 formatted payment messages where the core has migrated from SWIFT MT to MX. Account opening flow with KYC document capture using Jumio, Onfido, or Alloy for identity verification and AML screening via NICE Actimize or FICO TONBELLER for sanctions and PEP checks. Downloadable statements in PDF by date range and CSV export for personal accounting. Push notification opt-in managed per customer with configurable event triggers.

Browser-based portal for retail and business customers who manage accounts on desktop -- business banking in particular is frequently done on web rather than mobile because of the bulk payment, multi-user approval, and reporting workflows involved. Business banking view shows multiple account balances, bulk payment file upload (BACs, SEPA, or ACH batch formats depending on the jurisdiction), and a maker-checker approval workflow so the finance manager initiates payments and the director or signatory approves them before submission to the payment rail. The approval workflow enforces dual authorisation for payments above a configurable threshold, which is a standard requirement for corporate banking relationships.

Retail portal delivers the same account and payment features as the mobile app with the same core API connector underneath -- no separate data layer for web. Open banking PSD2 and FDX API exposure allows third-party personal finance management apps and accounting software to pull transaction data from the portal with customer-authorised consent, reducing the support burden of manual CSV exports. Transaction search with filtering by date range, amount band, payee, and merchant category. Downloadable statements in PDF and CSV export for accounting system import. Responsive layout works on tablet for branch staff-assisted sessions and for customers who access the portal on a mobile browser. WCAG 2.1 AA accessibility compliance is built into the component library from the start rather than retrofitted before launch, covering screen reader compatibility, keyboard navigation, and colour contrast requirements.

Transaction history with full-text search, filter by date range, amount range, payee name, and merchant category. Merchant name resolution cleans raw core banking transaction descriptions -- which are often truncated or formatted for internal processing rather than customer readability -- into recognisable merchant names with logos. Automatic transaction categorisation uses merchant category codes (MCC) from the card network to classify spending: groceries, dining, travel, utilities, entertainment, health, and financial services are the standard categories, with customer-editable overrides for transactions the automatic classification gets wrong.

Account aggregation via Plaid (US), TrueLayer (UK/Europe), or Tink (Europe) pulls external account transaction data into the history view when the customer authorises the connection, providing a consolidated spending view without requiring the customer to log in to multiple banking apps. Spending summary by category and month gives customers a view of their patterns without a separate personal finance management app. Recurring debit detection surfaces subscriptions and direct debits in a dedicated list so customers can see total monthly committed spend at a glance. Transaction detail view shows merchant logo, reference information, and a location map where the merchant has a physical address resolvable from the MCC data. Export to CSV and PDF for personal budgeting, tax preparation, and accounting software import. FATCA, CRS, and FBAR cross-border transaction flagging can be applied to the categorisation layer for institutions with cross-border reporting obligations.

Card control centre built into both the mobile and web experience, connecting to the card processor API (Marqeta, Galileo, or your existing processor) in real time. Instant freeze and unfreeze calls the processor API synchronously and returns confirmation to the customer within two to three seconds -- not a request queued for the next business processing day. Spending limit controls by category (no online gaming transactions, limit dining spend to $200 per month), merchant type (block cash advance transactions), or geography (restrict to domestic transactions) give customers control over their own card behaviour without a branch visit.

Virtual card generation creates a new card number per merchant or per transaction for customers who want to compartmentalise online purchase exposure. Virtual cards are issued instantly from the card processor API and added to the customer's Apple Pay or Google Pay wallet. PIN management through the app (set, change, reveal current PIN) connects to the card processor's PIN management API so the customer never needs to call or visit a branch. Card replacement requests for lost or stolen cards cancel the current card, block further transactions in real time, and initiate a replacement card dispatch. Card status is always visible -- active, frozen, blocked, expired, replacement ordered -- with timestamped status history so the customer can see when a block was applied and by whom. Basel III capital adequacy reporting feeds from transaction and card data for institutions with regulatory capital calculation requirements. SOC 2 Type II cloud controls govern access to card processor API credentials and cardholder data at rest.

Configurable alert engine delivering push notifications, SMS, and in-app messages based on account events. The alert delivery stack uses Firebase Cloud Messaging (FCM) for Android and APNs for iOS, with SMS via Twilio as a fallback channel for customers who have disabled push notifications or are on devices where push delivery is unreliable. Balance alerts fire when the account drops below a customer-set threshold -- useful for customers managing overdraft buffers or minimum balance requirements. Payment received and payment sent notifications include amount, payee, and reference so the customer has the information needed to reconcile without opening the app.

Failed payment alerts with decline reason code give the customer advance notice before a direct debit bounces or a standing order fails, reducing the downstream problem of a merchant charging a returned payment fee. Fraud flag alert is sent within seconds of the card processor or AML monitoring system (NICE Actimize, FICO TONBELLER) flagging a suspicious transaction, with a one-tap dispute or confirm flow in the app that allows the customer to respond immediately -- reducing the fraud response cycle from days (customer calls the branch, investigation opens) to minutes. OCC, FDIC, and FRB examination-ready audit trails log every alert delivery event -- event type, delivery channel, timestamp, customer response -- for regulatory examination purposes. Alert preferences are managed per customer at the channel, event type, and minimum amount threshold level. Notification history is accessible inside the app for customers who miss a push so they can review recent alerts without calling the contact centre.

Authentication stack built for banking-grade security without adding unnecessary friction to low-risk actions. Biometric login -- Face ID and Touch ID on iOS, fingerprint and face unlock on Android -- for returning users on trusted devices registered to their account. FIDO2/WebAuthn support for passwordless login on web, using platform authenticators (Windows Hello, Touch ID on macOS) or hardware security keys for business banking users who require stronger authentication. OTP via SMS or email for new device registration, password reset, and session re-establishment on unrecognised devices.

Step-up authentication triggers when a high-value transaction exceeds a configurable amount threshold -- for example, transfers above $5,000 require a second factor beyond biometric before the payment is submitted. The threshold is set per customer risk profile and can be adjusted by the compliance team without a code deployment. Device trust management lets customers see all registered devices in the app and revoke access from any device they no longer recognise or control. Session timeout and re-authentication policy is configured to match FFIEC guidance, PRA requirements, or APRA standards depending on the regulatory jurisdiction -- shorter session limits for web, biometric-gated re-authentication for mobile. All authentication events are logged to an immutable audit trail with timestamp, device identifier, IP address, and authentication outcome for OCC, FDIC, and FRB examination-ready reporting. FINREP and COREP regulatory report generation can be connected to the authentication and transaction audit layer for institutions with European supervisory reporting requirements.