How to Create a Neobank From Scratch in 2023

Konstantin Kalinin

Head of Content

January 21, 2023

Neobanks — swift little apps with banking features offered by non-traditional digital-only banks — who doesn’t have one, right? After reviewing the most recent funding series, I can attest that nascent neobanks target the underbanked and focus on niche markets, for example:

• e-commerce
• immigrants,
• African American community
• freelancers, etc.

If you’ve identified the unique banking needs of a sizable cohort and want to learn how to build a neobank to serve them, here’s a thorough run-down from a business owner’s perspective.

Key Takeaways:

• Neobank development entails creating a suite of back-end applications besides mobile apps. One way to address this challenge is partnering with an established bank or using banking-as-a-service providers.

• When developing a neobank from scratch, avoid implementing third-party and open-source code as is because it may be outdated or contain malware.
• Before you set up a neobank, think through its security architecture in terms of multiple defense lines, starting from the development environment all the way to a live neobank app.

1. How to Start a Neobank from Scratch
2. Step #1: Build the Core of a Neobank
3. Step #2: Develop a Customer-Facing Neobank App
4. Step #3: Secure Your Solution
5. Step #4: Test a neo-banking Platform
6. Step #5: Deploy a Neobank
7. Learn from Top Neobanks’ Mistakes
8. Time to Launch a Neobank

How to Start a Neobank from Scratch

One thing to remember when you embark on the journey of building your own neobank platform is that you will need to produce more than a shiny mobile neobank app. In effect, you’ll be working on a set of web applications critical to the functioning of the mobile app.

Challenger bank apps like Revolut look simple and very appealing on the surface, right?

At the same time, though customers experience all this gloss in a deceptively simple mobile app, its back end includes:

• 90 back-end apps to support all the features of the mobile app
• 10 web apps used by the company’s employees to administer the mobile app

Can you imagine? One hundred applications behind a single nifty app. Of course, Revolut didn’t build all of that in one fell swoop when starting the company in 2015. Still, some of these “invisible” applications had to appear together with the first public version of the mobile app for it to function properly.

You’re in the same boat if you want to develop a neobank app.

“Wait a minute. What about this Chime app? I heard they partnered with a bank and didn’t waste resources on all this back-end stuff, did they?” I can hear you asking. And you’re absolutely right, my fellow app entrepreneur. There are different ways to tackle this challenge; review step 1 below for answers.

Step #1: Build the Core of a Neobank

So, we’ve established you’ll have to build at least a couple of back-end applications necessary for your neobank app. What are those? To start a neobank app, at the bare minimum, you will need:

• API
• card processing app
• back-office tools

The API is an invisible layer connecting your app with other services, such as a payment gateway or authentication module. In addition, APIs serve to interconnect various services within your own application which is the case when developing fintech apps in general. 

The card processing app handles everything related to transactions and other operations related to credit/debit cards. That’s where the core business logic of your app will reside.

As for back-office tools, their purpose is to manage your neobank platform as a whole. You can’t be efficient if you have to update the code every time you need to modify an interest rate.

How do you build this core?

Now, the first option is to build these back-end applications (and many others, such as fraud prevention and compliance services) from scratch. Needless to say, there are a lot of caveats with this approach.

Pros of developing a neobank from scratch

• you own the entire system: its design, implementation, and future development
• you can later turn the built infrastructure into a SaaS for other neo-banking startups
• you can expand your solution gradually by paying for new features with something that already generates traction

Cons of creating a neobank from scratch

• takes longer than the other scenarios (which we’ll discuss shortly)
• requires a significant upfront investment

The second option is to follow in the steps of Chime, Dave, and other neo-banking startups that chose to integrate with established banks. Mind that a lot will depend on the nature of financial services your app will offer. Still, even if just a few, you still need to build some back-end applications to manage your mobile neobank.

Pros of outsourcing neobank back-end to a traditional bank

• faster time to market
• potentially, access to an existing client base
• requires a smaller budget than creating from scratch

Cons of outsourcing neobank back-end to a bank

• bank legacy software is usually hard to integrate with and slows down new features
• limited portfolio of consumer banking products due to regulation constraints

Finally, you can opt for a banking-as-a-service option. Companies like Temenos and Synapsefi offer all the required server and software infrastructure on-demand and function as a backend to your neobank app.

Pros of using a banking-as-a-service provider

• faster time to market
• requires a smaller upfront investment than building from scratch

Cons of using a banking-as-a-service provider

• hard to predict support for new exciting features
• locked-in tech stack to integrate with a BaaS

Volt and Judo Capital are two examples of neobanks using an off-the-shelf banking infrastructure (by Temenos and Microsoft Azure) to provide innovative financial solutions.

Related: How to build a winning personal finance app?

The bottom line is when you opt for banking-as-a-service, you delegate your tech stack decisions to a service provider. As for developing from scratch, the tech stack will be your responsibility, just as compliance with regulatory requirements of the finance industry and securing a banking license.

That’s not something entirely dreadful, though. For example, Revolut started with Java, PostgreSQL, and Angular to build the essential neobank components: API, card processing, and back-office tooling.

Main takeaway: you’ll need experienced back-end or full-stack developers to create a neobank app for mobile because server-side development is unavoidable.

Step #2: Develop a Customer-Facing Neobank App

Besides the back-end, you also need to create a customer-facing mobile banking app — an indispensable part of a compelling neo-banking platform.

I advise that you use a technique similar to our Rapid Prototyping routine at Topflight Apps. This approach implies designing an immersive user experience for a specific group of customers and then testing it to make sure the UI/UX clicks with the target audience.

A typical neo-banking app would include the following features to help customers manage their money:

• Accounts
• Credit/debit cards
• Payments
• Transactions history
• Budgeting
• Investing options
• Child accounts
• Notifications
• Real-time chat help desk

Now, I’m a huge proponent of using third-party solutions, whether commercial or open-source, as a shortcut to developing features faster. However, when you build a neobank, you’re better off creating your feature set from scratch because an external library may come with malware.

Even if you choose to expedite neobank development with third-party code, use only verified vendors. Also, ensure developers check every single open-source library for vulnerabilities and malware before applying it. You can find more recommendations on how to create a banking app in a separate blog.

Main takeaway: Focus on creating an engaging user experience with unique functionality and avoid using third-party components wherever possible. Diligently verify every external piece of code, especially if it’s open-source.

Step #3: Secure Your Solution

Obviously, security is crucial when you set up a neobank because the whole business hinges on trust. And even though securing a neobank is a set of practices encompassing the entire process, rather than a single step, let’s see what you can do for your app’s safety.

\

First of all, you should realize that a solid neobank security strategy must rely on multiple defense lines: starting from the development and staging environment all the way to a platform’s live production setup.

Proactive security

The right way to approach this Herculean task is to establish a Security Office Center (SOC) that functions as a command center analyzing every little bit of information produced by your neobank digital infrastructure.

Now, some companies implement enterprise security information and event management (SIEM) software for these purposes. However, it’s better to build your own security toolchain using a combination of custom-built solutions and tools from trusted vendors.

For example, NuBank uses AWS Lambda to create an army of bots capable of protecting against fraud, hacking, and other common threats. With this approach, you, so to speak, break down your neobank’s monolithic security into microservices because every bot has limited access to a specific module and, if compromised, can’t bring down the whole system.

Bots excel at securing neobanks because they are way faster than humans at detecting anomalies, run 24/7, and can go through the same routine virtually forever without making mistakes.

Some other AWS tools you can use to protect your customers include:

• Guard Duty (registers accidents on the network level)
• AWS Shield (prevents DDoS attacks)
• AWS config firewall rules (safeguards against accidental coding mistakes)

Passive security

You should log absolutely everything happening in your neo-banking platform and run machine learning algorithms on these terabytes of data to look for patterns that may pique your security team’s interest.

Other lines of passive defense include setting up security groups (what server can access what data, on which ports, etc.) and volumetric control, which usually helps to catch issues at the protocol level where you can’t immediately identify what’s happening.

Customer-friendly privacy

Despite a wide range of security tools and mechanisms available (I barely scratch the surface here), you should remember that they can’t stand in the way of customers using your app. Ideally, neobank security remains invisible to users or takes the most consumer-friendly form, e.g., video calls to verify identity.

Main takeaway: A sound security strategy for a neobank must include a set of practices that span the development and deployment of both the backend and frontend applications.

Step #4: Test a Neo-banking Platform

From what I’ve observed with some top-rating neobanks like NuBank and Revolut, you want to have as many automated tests as possible. Test-driven development is one way to achieve that.

Think about all the possible use cases that your customers may run into when using the app. It’s close to impossible to identify and eliminate all issues with manual testing. For example, Revolut had around 100 automated tests at one point just to test all possible cases for currency exchange.

That’s not to say that QA engineers are not necessary, but they should be able to write code and automate the testing process. Without going into much detail, here are a few tests you should expect your team to run on your platform:

• unit-testing
• integration testing
• security testing (including penetration tests)
• user acceptance testing
• regression testing

Main takeaway: get yourself a team of coding QA engineers comfortable with using automation testing tools and capable of implementing a custom testing infrastructure for unit, integration, and end-to-end tests without the need for rendering to the screen.

Related: The Complete Guide to QA Testing 

Step #5: Deploy a Neobank

As you can imagine, a successful neobank undergoes changes non-stop. For example, Chime updates its iPhone banking app around five times every month. Can you imagine how many updates are happening in the background on the server-side to accompany these mobile app changes? I bet at least dozens, if not hundreds.

Because of that, an established DevOps process and toolchain is an absolute must when deploying a neobank online. In short, DevOps includes best practices and tools that result in quicker deployment of new versions of your software to the public.

What happens in practice is you spin up an entire version of your neobank with new features that have been rigorously tested, reroute DNS servers to this new instance, and once traffic starts coming to the latest version, kill the previous bank instance.

Main takeaway: DevOps plays a huge role in running a successful neobank. So if you’re wondering how to open a neobank in the most scalable manner, DevOps is undoubtedly part of the answer.

Learn from Top Neobanks’ Mistakes

When you launch your own neobank, don’t be discouraged if you run into some issues. Even top players are prone to mistakes. Hopefully, with the benefit of hindsight, you can avoid some of these shortcomings.

Machine learning on an anti-hacking spree

In June of 2021, Chime (the most downloaded US neobank) rubbed quite a few of its customers the wrong way by closing their accounts all of a sudden.

Apparently, the neobank was trying to fight a surge of fraudulent deposits. However, the automatic manner in which they closed accounts and weren’t able to quickly restore access suggests that the company employed insufficiently trained ML algorithms for the task.

Advice: Always have a fallback security mechanism to quickly mitigate any issues and continue serving legit customers that fall prey to false-positive alerts.

Think through your neobank’s architecture from start to finish

Revolut started as a monolithic neobank and had to rewrite all its code from scratch when they realized there was too much spaghetti code.

Advice: Don’t build a monolithic app from the start. I recommend implementing a microservices architecture from the get-go. In addition, every service should be open for integration with other services, so have APIs ready.

Avoid integrations with nascent service providers

The Dave neobank exposed 7M users’ data due to a security breach when hackers took over Waydev — an analytics platform for developers that Dave integrated with.

Advice: Vet all third-party code that integrates with your neobank or work with established vendors like Amazon, Microsoft, or Google.

Decide on your mobile tech stack early on

NuBank faced the challenge of hiring native mobile developers and had to switch first to React Native, then to Flutter. The company still has to manage three separate codebases, gradually rewriting their mobile and web apps in Flutter.

Related: Choosing a Tech Steck for your app: Do’s and Dont’s 

Advice: Choose the appropriate mobile stack for your mobile neo-banking app right from the MVP phase. This way, you won’t need to spend resources on redoing the stuff that already works.

Time to Launch a Neobank

Hopefully, this blog gives you a better understanding of how to start a neobank. I’m pretty sure you now have even more questions before you started reading it, and that’s fine. Setting up a successful fintech business is all about uncovering new questions and finding answers to them.

Feel free to schedule a call with our experts to discuss how we can help you build a neobank with unique functionality.

[This blog was originally published on 7/21/2021, and has been updated for more recent content]