
In 2016, PKO Bank Polski initiated a strategic project to develop iPKO biznes, a mobile banking application tailored for corporate clients. The initial goal was to provide companies and enterprises with mobile access to banking services. But over the years, the project’s scope extended beyond that. Today, it aims to create a comprehensive mobile solution that delivers tangible value to both the bank and its business clients.
Objective
The primary challenges were twofold: first, developing and maintaining a secure, functional mobile banking application for corporate clients, and second, continuously evolving the platform to maximize its business value and user adoption. This means establishing efficient development practices, implementing comprehensive testing methodologies, and maintaining a strong focus on user experience while continuously adding new features and capabilities.
Solution
The iPKO biznes app is a comprehensive solution offering a wide range of features designed to provide users with secure, convenient, and efficient banking services. The following overview details the app’s key functionalities.

Account management
Users can quickly access detailed bank account information, such as card details, available funds, daily limits, transaction history, and payment status. This comprehensive view helps banking clients maintain a clear understanding of their finances.
Multi-language support
Currently, iPKO biznes supports Polish, English, Czech, and German languages, with plans to add Romanian in the future. This feature is managed on the server side, enabling dynamic text updates without requiring new app versions for Android and iOS platforms.
Additionally, the app’s label resources are not bundled with the release version. Instead, they are dynamically loaded from a back-office configuration. This approach offers remarkable flexibility, allowing language content to be modified for all users simultaneously without requiring an app update.
What sets iPKO biznes apart is its ability to set the application language independently of the device’s system language. This feature provides a unique UX tailored to the diverse needs of the bank’s international clientele and has been particularly well-received by users.
The development team built the multi-language support mechanism from scratch. This custom-made functionality was implemented well before native OS support for per-app language preferences became available in the new versions of mobile operating systems.
Multiple banking contexts
Each context enables users to manage, sign, and authorize their transactions in one place. This functionality is beneficial for users who work with different companies, as it allows them to switch between different accounts easily. The app accommodates different transaction types for various contexts, such as direct debit for the Czech context and SEPA transfers for the German context.
Request caching mechanism
The intelligent caching mechanism significantly decreases the number of requests sent to the bank’s servers by caching specific data. This feature helps strike a balance between data freshness and app responsiveness, allows for faster load times for cached information, and reduces the strain on the server.
The caching system works by storing information locally on the mobile device. Thus, instead of making repeated network calls for frequently accessed, low-volatility end-points, the app can quickly retrieve this data from its local cache.
The duration for which information remains valid in the cache is configurable on the back-end. For instance, in the development environment, cached data typically expires after 60 seconds, though this period may be longer in the production environment to further minimize unnecessary network traffic. After the set period, every time a user performs an action that requires fresh data, a new request is triggered on the bank’s server.
Transaction authorization
iPKO biznes offers several authorization options to facilitate customers’ day-to-day management of their finances.

Hardware token. This physical device generates one-time codes for transaction authorization. The option employs a challenge-response mechanism. It works like this: The bank provides a challenge, which is a number between 0 and 50. The user inputs the presented number into their hardware token, which then generates an 8-digit code used to authorize the transaction. This method ensures that only the legitimate customer can approve transactions, even if someone else gains access to their ID and login details.
Mobile token. This method works similarly to the previous one but does not require an additional device. The process is integrated within the app, offering more convenience than a hardware token. Mobile token requires an additional PIN to secure code generation. When working on the same device, users only need to enter this PIN to authorize transactions. If customers access their account through a different device, the mobile token acts similarly to a hardware token, ensuring the same level of security.
Mobile authorization. It is the latest authorization method implemented in iPKO biznes, and it utilizes push messages. When the transaction is authorized from a different device, the app receives a push message containing operation details for user verification. The user then only needs to enter their PIN to approve the transaction. For same-device authorization, the push notification step is skipped, making it the fastest secure authorization method available. The bank actively promotes mobile authorization as the recommended method, with plans to phase out token-based methods over time.
Secure network communication
The iPKO biznes employs enhanced security measures for network communication between the app and the bank server. The app utilizes the mutual Transport Layer Security (mTLS) method to authenticate both parties in communication.
Here is how it works: As part of the activation process, a unique cryptographic certificate is generated and securely stored within the app on the user’s device. This certificate is used to digitally sign every request sent to the bank, allowing the server to verify the authenticity of each data exchange. The server, on the other hand, is authenticated by its own certificate. These interconnected security measures protect against unauthorized access and potential security breaches.
Cooperation process
The launch of the iPKO mobile banking app was a collaborative effort between Neontri and PKO. The team structure reflected a balanced mix of expertise from both organizations, ensuring comprehensive coverage of all aspects of app development and business requirements.
Neontri’s contribution to the project team consists of eight members: two iOS developers, one of which also acts as the team leader, two Android developers, two back-end developers, and two manual testers. This structure ensures that all technical aspects of the app development are covered, from server-side operations to platform-specific implementations and quality assurance.
The collaboration between Neontri and PKO Bank Polski is structured around the Scrum framework, which promotes agile development and regular communication. The development process is organized into two-week sprints, culminating in a stakeholder presentation. This regular cadence of development and review allowed for frequent feedback and adjustments, ensuring that the app’s evolution closely matches the client’s vision and requirements.
To maintain a high standard of user experience design, developers work in close collaboration with a UI/UX specialist. Additionally, the team conducts weekly refinement meetings. During these sessions, they review newly developed screens, ensuring that the app’s interface and user experience meet PKO’s standards and customer expectations.
Results

The development of the iPKO biznes mobile banking application presented a complex challenge that demanded technical expertise in mobile app development, a deep understanding of corporate banking needs, and stringent security requirements. Rising to this challenge, our engineering team achieved several milestones:
Architectural excellence. The application is built on hybrid modular architecture principles, with each feature implemented as an independent module with minimal inter-module dependencies. Concurrently, each component is separated into UI, business logic, and data layers. This ensures a high separation of concerns, leading to enhanced scalability and maintainability.
Quality assurance. The application undergoes comprehensive testing through multiple methodologies, including manual and automated functional testing, manual acceptance testing, automated unit testing, and integration testing. Development efficiency is enhanced through a specialized environment component that enables testers and developers to mock back-end responses, streamlining both development and testing processes.
Advanced security. The application demonstrates exceptional security measures, adhering to OWASP Mobile Application Security (MAS) standards:
- Implementation of robust encryption for locally stored confidential data
- Secure network communication through HTTPS protocol enhanced with mTLS and certificate pinning mechanism
- Regular security audits, which are conducted bi-annually by external organizations, revealed no significant security breaches for four years in a row.
User satisfaction. iPKO biznes achieved a 4.5 rating in the recent quarterly customer satisfaction survey, demonstrating a 11% improvement from the previous survey period.

Competitive edge. The iPKO biznes application maintains its competitive advantage through continuous evolution. The development team regularly implements feature enhancements driven by corporate client feedback while consistently integrating the latest mobile banking technologies. By adapting to evolving business needs and continuously optimizing the user experience, the application stays at the forefront of corporate mobile banking solutions.
These results highlight the application’s success in meeting the complex demands of corporate mobile banking and demonstrate its effectiveness in serving the sophisticated needs of business clients in the digital banking landscape.

Alia Shkurdoda
