Ciprian Moroșanu and Ciprian Grigore seem to have been working together for a lifetime. In the past years with Maxcode, they held technical presentations and helped the team grow, while also embracing the skillset that comes from working on a payment application for a while. For them, it was not a challenge, but a learning curve, and they are here to share with you their knowledge of over 15 joined years of experience in developing for the payments industry.
How long have you been working on a project in the field of electronic payments? What do you like most about this field?
Ciprian M: I have been working on a project dealing with online payments for the past 5 years. From my point of view, such an experience is bound to bring you professional satisfaction as you have the chance to learn the behind the curtain in how to transfer money in a transparent and secure way for the clients of your application. Moreover, something that is different with a payment application is that you need to pay extra attention to implementation and testing, to be able to trust the end solution and its results, as you are in charge with people’s funds and money. There is a certain degree of adrenaline to it, which is harder to find in the case of other projects, with lower risks and lower stakes.
Ciprian G: I have been working in this field for about a decade. What do I like about this field? Electronic payments are increasingly used by more and more people, and have become a component that improves and facilitates their lives and wellbeing. I like to believe that every time a person makes a payment, I also brought a small contribution to the improvement of their life.
What were the biggest impediments in working in this field?
Ciprian M: There are many factors to be taken into account, from the parameters that you send and process, to the different configurations that you need to make on the providers’ platforms. You also need to prepare your application to be able to manage the moment one of the parts is unavailable, for example, due to some maintenance work. Subsequently, you need the payments from that timeframe to be processed correctly. Controlling all the pieces while providing a smooth experience for the user might be the hardest part.
There are moments where you need to get in touch with the support team of the platforms that you integrate to validate your implementation. This can be intimidating at first, especially when you have no previous experience. Over time, you will see these steps as normal and you will end up making associations with previous integrations. It takes more than just development to build the proper communication of a payment platform.
Ciprian G: I would not call them impediments anymore, as they are now in the past. As we are witnessing technology evolving and trying to keep up the pace, our old applications/functionalities must also keep up – in the sense that they must be rewritten/adjusted to the new technologies available. Soon old technologies will no longer have updates available and platforms will no longer be able to support them fully. Luckily for you, this is where we step in. The problem is the balance you need to find in the effort invested for rewriting your application – because at the same time you have to add new features.
What changes have you noticed in the years of working on the electronic payments market, and how did you manage to keep up with them?
Ciprian M: The platforms have evolved together with technology. Now, most of them offer a well-documented REST API and there are certain similarities between them, which makes integration faster. Most of them also offer the possibility to make payments without users having to leave your application, with the same degree of security and without having to store any confidential information.
Ciprian G: I agree with Ciprian. In recent years, payment methods have diversified, numerous new third-parties have appeared on the market, and it is absolutely necessary to integrate with them, otherwise you will be left behind by simply not offering enough choice. As Ciprian mentioned, lately I have noticed an ease in integrating with these third parties – and largely because they have a friendly API, mostly due to the fact that these new players understood the need for an easy-to-integrate API if they wanted to make it on the market with their new product.
Now we also have so many new communication channels for users, and with this comes new responsibility. If 10 years ago we would build a web page and turn to accept payments in a heartbeat without a second thought, now you have options galore, and most of them fuelled by devices. Think about it: on a phone, the page should look completely different, and you could even pay exclusively via phone – with apps like apple pay or google pay and using NFC technology. Not to mention the various ways of messaging through which you communicate with the user. You can say goodbye to the “good old email”, now users want fast replies via messenger, twitter, WhatsApp and more. All this must be supported and implemented on your platform.
How important are technologies and work experience in building an electronic payment application?
Ciprian M: As I mentioned earlier, experience allows a faster and more secure integration because you can easily visualize the flow of information. Let’s not forget that you are working with sensitive data, such as names, addresses and even payment data. A basic rule in this area is not to store more than you really need. In addition, you can develop a mechanism by which data is automatically deleted after a certain period. This is something that you should definitely know when working on a payment app, and unfortunately, for some, it’s something that comes only after a bad experience. I was lucky enough to work with a team that had a strong set of procedures into place that enforced these values into my work ethic.
Ciprian G: Technologies are an important factor, and especially those that come with out-of-the-box features – such as security features (modules written with “OWASP in mind”), easy API integration (e.g. swagger / gRPC compatible). My advice is to start using new technologies, because they usually add new features based on the previous experience of the developers, and support more use cases – so you want to use the experience of others, otherwise you will waste time reinventing the wheel. This way, rather than repeating the mistakes of others, you can start fresh with a better and updated technology.
However, sometimes that is not enough. You must have the experience to figure out what you need, what technology to use and what features would be useful to you. For example, you should know that you need scalability in your solutions – sooner or later you may get a ton of users to pay with your solution – if you are not careful you could end up writing code for an app that is not scalable.
How do you think a payment application can stand out on the market today?
Ciprian M: Through simplicity, safety and diversity. It is important to give the user enough options to pay, and the possibility to be fluid online, with fast feedback that would result in an increased level of confidence on his behalf.
Ciprian G: From my point of view, a payment app today should be fast – the user, the payer, should not wait for the page to load, should not wait for the payment to be made. It should be almost invisible – so natural and seamless regardless of the place and time. I like to make an analogy with books – for example, the book I’m reading now – I can start reading it on kindle, then I can switch to my phone, then continue on the web, all seamless and natural as if it was one experience. It’s the same with payments – you don’t want to see any difference if you switch from one context to another. In 2020, payment apps should step up their game and come up with many other options and features besides the basic one, which is the payment itself (e.g. reports, social interactions).
What does innovation mean in this field, from your point of view?
Ciprian M: For me, it is the ease with which the integration takes place and the ease with which the customer can pay, without sacrificing anything on the security part.
Ciprian G: I believe you should make room for experiments. I think this can be done if you have a small gap of time from the point of having the idea to the moment you bring the product to market. You want the time from the first feature idea to the time until it reaches production to be as short as possible; this way you can adapt, and try various things very quickly.
What would you recommend to someone who wants to develop a payment application?
Ciprian M: Start by studying some PSPs because many of them have very good documentation. Although the amount of information is usually large, you will usually use only a small part of what you have available. This will help you realize how the information flows, as well as the areas where you have to pay more attention when having to validate a future integration. It will be much easier for you to address any impediments in this phase, rather than later when you make the final integration with your application. From my point of view, research before writing code is the basis, as it will help you find the right path and avoid a lot of back and forward later in the process.
Ciprian G: Choose a well-established technology stack and master it. Become aware of the security aspects (both the default ones that come with the chosen technology, as well as others that are not yet covered by the technology). Last but not least, make sure you are part of a great development team, like me and Ciprian.
Ciprian has over 15 years of experience in building software products. A graduate of the Gheorghe Asachi Technical University of Iasi, Ciprian is a skilled .NET developer that is continuously focused into both learning new tools of the trade, as well as sharing his knowledge with the community, as a speaker at CodeCamp, Innovative TechTalks and more. Ciprian is a professional by nature, with an in-depth understanding of the payments industry and in-depth technical expertise, involved in multiple projects and hackathons in the domain to help payment users.
A graduate of Computer Science BA and Software Engineering MA, Ciprian has over 9 years of experience in developing .NET applications. During this period, he has acquired extensive business knowledge in the domains of payments, healthcare and insurance, and has also taken the role of Scrum Master in his team for the past 5 years, making sure that Scrum is enacted in the team so that they deliver the best results with the available resources.
9 November 2023
Navigating the Risks and Impact of Web Security in the Fintech Sector
A Comprehensive Developer Guide to Web Security Challenges
Navigating the Complex World of Web Vulnerabilities