Payment Week Exclusive: Q&A with Julian Brook, Associate Director, SQS

November 21, 2024 by

What does SQS do to ensure software quality in mobile payment services from FIs and startups?

SQS has worked with various FIs and startups including Nokia, Monitise and Barclays Pingit on mobile payments solutions. There’s a huge amount of change going on, so whether the company is a startup or an established financial institution, they all have to innovate and find new ways of connecting with their customers and make it easy for their customers to pay for goods and services while they’re out and about. For example, PayPal’s introduced a pay-by-face feature where when you walk into a shop and go to the checkout it literally knows that you’re there, and the clerk can pick your face out, and you don’t have to do anything.

My point being, what we do to help organizations is help them speed up their development process so they can innovate quicker – for new software, new features, new ideas, out in to the market, and this enables them to see how the market will respond to those new features. We can help these organizations move to an agile approach especially if they’re traditional financial institutions and developing something new. Whether it’s helping them build using test driven development, preventing bugs getting into the code in the first place, automating the testing of software on the ever growing and ever complex list of mobile devices and operating systems, different handset manufacturers - that’s where we can help these organizations to compete and innovate as quickly as possible.

 

What do you think is the general state of play regarding mobile? Do you think companies view offering mobile experiences as something that’s increasingly essential?

We see mobile being key in all industries, as well as in the payments industry specifically, there is so much innovation going on. It’s great to see there’s so much benefit for consumers but organizations benefit as well.

I don’t think there’s one industry anywhere that isn’t considering mobile as being important to their business strategy in the next few years – financial services even more so. The sheer amount of new entrants into the market and new services getting launched is mind-blowing. Clearly financial institutions are seeing the number of mobile handsets out there and seeing how they can interact with their customers much more frequently, and much more convenient to the customer where they can make payments all the time. It also enables payments that are very quick and payments between people, not just retail organizations. Mobile is definitely key to financial institutions.

 

What do you see are some of the friction points in mobile payments, especially in regards to quality of services that are being offered?

I think first and foremost for both consumers as well as financial institutions, security is always at the forefront of people’s minds, primarily because it involves your money, and it’s something they want to keep safe. I think this is something that needs to be overcome somewhat, but then again I think the younger generation is more amenable to having that level of trust maybe to a certain extent out of ignorance, but I think it is something is at the forefront of everyone’s mind. In my experience it’s generally one of the key things people consider with financial services.

Another issue is the rate of innovation (and this applies to financial institutions), they’re not used to delivering software solutions to their customers. So they may have had a website for years, and typically that may have been updated reasonably frequently but nothing like mobile apps which usually require software to be shipped. They need to make sure they can push this to mobile devices that are outside of their control and make sure that the user experience is as seamless as possible – it’s a little bit akin to browser, but the number of browsers are fairly limited compared to the number of mobile devices.

 

With security in mind, what part does SQS play in making sure apps and services are secure?

We have a full range of services around security testing and penetration testing. We’re help organizations to build the code, software architecture and infrastructure with security in mind from the beginning. I would say that financial institutions are already pretty adept at this, but for startups it’s more of an issue. They have to build more trust with the consumer. PayPal has established itself as a fairly trusted payment provider. For some of the smaller organizations trying to enter the market, providing peace of mind is something they need to work very hard on.

We help organizations build security in from the beginning and all the way through the software development life cycle to ensure that security is always maintained. We validate code that is being developed through an approach called static analysis that runs the code through various testing tools.

 

What are some of the issues regarding mobile app development in payments?

In one of our seminars, we discussed how organizations could leverage open source code that already exists to help them develop some of the mobile applications. By using things like encryption libraries or NFC libraries or UI and widgets within their mobile applications, without having to reinvent the wheel, they can leverage something that’s been tried and tested to speed up development and then add on their unique selling point and features.

Alongside some of those benefits, there are various risks and obligations that organizations need to look at. We talked about security earlier, one of the things is, companies may not know what open source they are using, since developers can download it and it’s freely available on the Internet. It’s often embedded into applications since it solves a particular problem and solves it quickly. Developers are often unaware of any security risks or that any component may have security bugs or vulnerabilities in it. Developers have to consider whether they are using the latest version and does it come from a trusted source? And worse, is the code potentially malicious? There are also licensing issues, and certain steps that need to be taken, to ensure compliance with software licenses including how you can use the software and disclaimers and other obligations you must fulfil. SQS ensures that our clients have the right governance processes in place. If you’re not aware that your software developers are using open source, you’re potentially putting your organization at risk. At the same time it’s a huge asset for software developers and it would be crazy for them not to use it as long as you have those controls in place.

We are a global organisation, but as in the US, over here in the UK, we are seeing a huge interest in mobile payments. Clearly behind the scenes, VCs see that it’s an area that they can play into by supporting startups. Financial institutions are trying to protect themselves from some of those startups and at the same time innovate because they see the benefit to their business and customers. There’s a lot going on in the mobile payments space and so much for all interested parties to try and keep up with.

 

About Julian Brook, Associate Director, SQS Group

A seasoned consultant, with over 15 years’ experience in IT, who is passionate about improving the quality and effectiveness of software development. Julian has a good knowledge of UK m-payment landscape including experience working on m-payments solutions for Monitise and Barclays, as well as exploring and discussing the opportunities and risks of Open Source software with the Payments Council, Vocalink and Pinsent Masons. Julian has expertise in implementing and improving testing and quality in more than 50 projects across a variety of industry sectors and systems with focus on improved quality and effectiveness.

 

Related Articles