We store cookies on your device. Read more.

Reject all
Accept all

SGB Wallet

How we enabled bank clients to make payments with their phones

In 2022, one out of every eight card payments was made via a mobile device.

In a Nutshell

SGB Wallet in numbers

1.
banking app in Poland for cooperative banks
176
banks in one app
2 cards
integrated with the HCE library in the app: Mastercard and VISA
Industry
Banking
Project Scope
  • Graphic design
  • Development
  • Quality Assurance
  • Maintenance

Client

SGB is SGB-Bank S.A. and a group of 180 cooperative banks, boasting over 150 years of history and serving over 1.5 million customers in Poland.

Challenge

The collaboration between SGB and Norbsoft began in early 2016 when, due to the dispersed nature of SGB's structure and the diversity of systems used by individual banks, the construction of a full, unified mobile banking service was not yet possible.

The idea of creating a mobile application and offering it to all clients of the group, regardless of the bank they were associated with, was one of the first steps in SGB's long-term strategy to create a competitive offer in the field of m-banking.

Solution

In cooperation with Fiserv (First Data, owner of the PolCard brand), Norbsoft prepared a solution for SGB enabling contactless payments with Visa cards using HCE technology, operating on Android devices.

The first version of the SGB Wallet was created in a record time of 3 months and allowed for the activation of the service, making physical contactless payments using a virtual Visa card, as well as presenting the balance of the associated account and transaction history.

Interesting Fact

Google Pay, then known as Android Pay, which also operates on HCE technology, debuted in Poland in November 2016, after the premiere of the SGB Wallet.

It is with pleasure that I provide a reference for Norbsoft Sp. z o.o. for professional cooperation, substantive support, and a very broad knowledge of mobile application projects.

The company's employees have always been open and willing to help and carried out tasks carefully and reliably. Based on our cooperation so far, I can recommend Norbsoft as a solid and trustworthy mobile application contractor.

Artur Józefowski
Director of Mobile and Internet Banking Department, SGB

App design

The application designed by Norbsoft designers took into account the Visa brand usage guidelines.

Challenge

Communication between the phone and the payment terminal requires quick loading of the application code into memory and its execution immediately upon the devices being brought close together. While working on the SGB Wallet, we spent a lot of time optimizing these aspects, which allowed us to gain experience in analyzing application performance that we use in working on our other projects.

Version 2.0 – Welcome iOS

The second version of the product saw the light of day in early 2018. Users could now add any payment card supported by SGB to the SGB Wallet and check the balance of the account to which it was issued as well as the history of transactions. These features were also made available to iOS system users in an application built from scratch by Norbsoft specifically for this platform.

Tokenization and high application security

The increasing requirements for the security of mobile payments meant that in the following year, the previous pioneering solution was expanded with tokenization, allowing the user to activate payments on any plastic Visa or Mastercard added to the SGB Wallet.

Before the new version was published on Google Play and approved for use by Visa, the SGB Wallet's security, production processes, and documentation underwent a rigorous audit. The audit was conducted by an independent Spanish testing laboratory in accordance with the requirements of payment organizations, as well as functional tests carried out directly by Visa Inc. employees in London.

Challenge

The SGB Wallet simultaneously supported two different, competing HCE-based payment technologies (Inside Secure Matrix HCE Mobile Payments Client and BellID (Rambus) SEITC). Reconciling these solutions required the development of special architecture and isolation from each other, as well as the use of unconventional workarounds in places where these solutions strongly conflicted.

The security requirements for payment tokenization solutions meant that the classically used Android code obfuscation solutions, like ProGuard or R8, were insufficient. As part of the project, Norbsoft implemented an innovative tool that obscured the application code by automatically translating it into a machine version that is more difficult to analyze, significantly complicating attempts to circumvent security. However, the introduction of such security measures also entailed an additional need for optimization of the application's performance.

Functionally, the application was also enriched with biometric login (fingerprint or FaceID on the iOS platform), as well as a map of bank branches and ATMs with clustering, allowing the presentation of several thousand points while maintaining the required speed of operation and interface clarity. The application also added, among other things, support for the Ukrainian language.

BLIK Payments

The next step in the development of the product was to make BLIK payments, a system popular in Poland from its use in eCommerce applications, available to users. This time, we were able to implement it from the other side - in a banking application generating one-time codes and allowing for the authorization of transactions. In addition to making payments, the user could set limits and review the history of operations on the account.

Security

Selected methods of securing the SGB Wallet application:

  • code darkening – to hinder reverse engineering
  • verification of the environment in which the application operates – to try to block it from running on a computer and allow it only on a mobile device
  • verification of the code integrity of the application – to detect changes made by third parties
  • symmetric and asymmetric encryption to maintain the confidentiality of processed information
  • identity verification of the server to which the application connects – to protect the user from eavesdropping on the information transmitted by third parties

Well-deserved retirement

In 2020, in view of the readiness for integration, the bank began work on SGB Mobile, a new mobile application offering functionality known from typical mobile banking solutions, which has ultimately replaced the SGB Wallet.

    Built-in HCE payments were phased out in favor of uniform Google Pay and Apple Pay solutions, which have become a market standard. The final phase of the SGB Wallet application life cycle involved the gradual and well-thought-out discontinuation of services over several months as contracts with users expired, to ensure their smooth migration to the new application. From a technical perspective, it meant finding the most optimal ways to disable external solutions (such as HCE payments), whose relevant licenses had expired, and to provide user-friendly error handling and redirects to the new application.

    Summary

    Throughout the project's duration, Norbsoft supported SGB with analytical work, graphic design, implementation on Android and iOS platforms, and testing.

    In addition to introducing new functionalities, an important part of the cooperation was also ongoing maintenance, user report analysis, and adapting the mobile application to new versions of operating systems.

    We are proud to have participated in such an interesting and unconventional project, which for many SGB clients was their first contact with mobile payments and laid strong foundations for the further implementation of mobile banking in SGB, successfully carried out with the help of SGB Mobile.

    Portfel SGB x Norbsoft
    0
    Keep scrolling 👌

    Take advantage of a free consultation for your project

    Schedule a consultation
    1
    Want to stay updated? Follow our LinkedIn profile