Hello Fineracters, *TL;DR*: Let's start with a threats list and discuss each threat on it's own and in composition.
I'm David from Articode and I've recently started setting up a self service fineract solution. In the past I've worked on developing a digital self service branch for the 2nd biggest bank in Israel. Their core used T24 by the swiss company Temenos. I have recently been in contact with Ed and Fiter from the fineract community, and I was asked by Ed to chime in this thread. In my experience, making a secure self service mobile application has many concerns and requirements but most of those are addressed in deployment architecture and the creation of a good audit and session management tool. Is there a documented list of possible threats in having a self service mobile app? If not, I think it will be a great first step. I would gladly start one on the confluence. Once curated, we can introduce various solutions to defend against any of those threats in various environments, but I think that the list is a mandatory step. Best, David
