Question Code review Fintech software

Status
Not open for further replies.
D

dave0839511

New Member
Aug 21, 2024
9
0
161
Hello!

I am about to purchase a complete software for a fintech project that I am starting up. Essentially it consists of a e-wallet (slim version of wise, paysera) and a payment gateway.

I have done some simple due diligence using ai tools and I have also seen the software in a actual operation. The company built is from a 3rd country. CEO seems knowledgeable and transparent.

So my question is how do you recommend me to do the code due diligence, security due diligence etc? If hiring an external professional company is there any you can recommend? And is the any best practice checklist for code DD?

Thanks in advance!
 
If you're buying software, you've presumably got a CTO or similar on your team. That person or team should be the one to review the code.

If it's a payment gateway, it should be some sort of PCI-DSS compliant. Make sure you get access to the Report Of Compliance (ROC) and Attestation Of Compliance (AOC). Bring in your own QSA (https://www.pcisecuritystandards.org/assessors_and_solutions/qualified_security_assessors/) to review the documentation. QSAs are licensed per region so pick one that covers the country/region from which you will be operating.

If it's a payment gateway (that handles card payments) and it is not PCI-DSS compliant, then your DD process is done. Just walk away.

If the AOC/ROC check out and/or your QSA gives thumbs up, that's a big relief for the payment gateway side of the code. However, you still have the e-wallet to worry about.

Reviewing the e-wallet depends on under what regulations you will be operating it. Record keeping regulations, security standards, and such vary between countries and regions. If you pick a very strong QSA, they can probably review the whole code for you. Additionally, if you operate under a license of some sort, you might need (or just want) a reputable audit firm to come in and make sure you satisfy the record keeping regulations (which also touches on AML/KYC).

Toggle signature
This is the probably the answer to your question.
 
Thanks for the good advice. Is there any QSA you can recommend with a good price and quality of work?
 
qualis is a very good service for such demand. I don't know what else they are but in the past you could see all these companies on the Visa approved service provider list.
 
Status
Not open for further replies.

JohnnyDoe.is is an uncensored discussion forum
focused on free speech,
independent thinking, and controversial ideas.
Everyone is responsible for their own words.

Quick Navigation

Forums

User Menu

Login
Community platform by JohnnyDoe © 2025 JohnnyDoe
  • Width
  • Queries
    11
  • Time
    0.9804s
  • Memory
    13.99MB
Top Bottom