Leave it to the experts?

Should I just leave this to the experts?
A Canadian small business person I know with a consignment business is using a cloud-based consignment software service based in the U.S. to track purchasing and sales but each electronic payout to a consignor, apparently, has to be done on an individual basis. The cloud software service recently (summer 2018) added a bulk payout feature that allows payouts to consignors to be posted as paid and then the data can be exported for offline storage, preprocessing or automation of payment outside the U.S… The downloaded data is sensitive (names and emails) and should be secured if downloaded over the cloud VPN.
A local person suggested using an INTERAC Bulk disbursement e-Transfer but there does not seem to be an INTERAC ‘drag and drop’ App on the shelf that a small business person without an IT department can buy. Yet, anyone in 2019 with a cell phone can download Apps and make payments to people by email or with just a tap. INTERAC claims to be working on a Bulk Disbursement App, according to their website, but has not released anything as of June 2019.
According to the INTERAC website for developers, a client is supposed to contact an associated Financial Institution and then a software company that is acting as an (registered?) Acquirer that will build a custom App for the client that uses a proprietary INTERAC file format. The file contains some data that is very sensitive and needs to be stored in an encrypted form or manually entered at the time of file creation.
As an amateur, I consider the development of a consignment payout wallet an extremely hot legal potato and I am not sure I am up to the task or even legally certified to be coding the required app. I would like to discuss aspects of this possible assignment with developers.
I wonder what might already be out there as an App for a Canadian consignment company, an Accounting Software payables-type plugin, an Excel plugin for preprocessing the data and a Windows 10, C# App or a Python with Excel App.

What would a developer charge to create a custom Windows 10, C# App that collects the data from the cloud, secures sensitive and very sensitive data, possibly preprocesses the downloaded data to extract only the required data and outputs a PGP encrypted file for email delivery via a secure portal to the Financial Institution for approval?
What kind of legal liabilities might an amateur incur by taking on such a project and making a mistake? The software would be very useful to money launderers or other criminals.
People are extremely serious when it comes to money. INTERAC has the right to order the destruction of any documents created by a developer and I have no wish to be involved in any kind of bank fraud.

A lot. You’re talking about building a completely secure system handling financial info. High tens of thousands for the custom development, possibly adding a zero or two if you’re dealing with banks.

As for legal liabilities you’re exposed to, you should probably be more concerned about the security of the system: the standard boilerplate EULA on software says you bear no responsibility, but if your software were to incur a data breach of personal information, you could still find yourself on the hook for remediation. Still, given its potential uses that you mention, you’re going to want to make sure you’re legally in the clear.

So the short version is:

  • It’s expensive to develop highly secure systems, even more so ones that deal with money. You’ll need to hire security experts, and possibly regulatory compliance experts.
  • Your legal concerns suggest you should seek the advice of a lawyer.

So you may not necessarily have to leave the whole project to the experts, but you’re definitely going to want to consult them at least.

1 Like

Thank you for your reply.
I agree with most of what you have written. The convenience for the Merchant is just not worth the legal hassle. I might as well start the shredder and bonfire now.
I am very concerned about the security of the system for data breach of personal information but I did think of the Merchant financial information as being the very sensitive data and the personal information as being sensitive but less sensitive. It’s a bit strange, however, that I might be able to “let” a hacker steal an encrypted account number and bear no responsibility but be on the hook for possibly millions because I didn’t use enough salt for my names and emails encryption.
I can get a mobile Banking App for free so why can’t developers reduce that ‘tens of thousands’ for the custom development down to a a Merchant’s App for a few thousand? The Consignment Software Service charges $109/mth and that software development required a lot more man-hours than what is required for this Bulk disbursement App. It also has “Integrated Credit Card processing available when using our prefered Merchant Service Provider.” (typo: preferred)
I’m leaving it to the experts.

You can definitely get the price down to a few thousand or even hundreds if you make a turnkey app that you can sell multiple copies of. It’s just the capital investment in making that app that can get very high, depending on what sort of transactions you’re supporting.

For all I know of your proposed app’s specific needs, it might even be cheap to develop, but dealing with other peoples money is always a dangerous minefield to be working in.