Is the methodology to reach out to decision makers and interview/survey them? or simply glean insights from experienced insiders with knowledge of this process? Those seem like excellent questions, and you might have luck reaching the decision-makers via their security teams if you explain that you’re students working on a research project. Perhaps you can offer to help post/promote internship positions at your institution in exchange as a way to get your foot in the door?

Another avenue might be trying to access industry databases of security hardware/software sales and run analyses on that to look for patterns such as seasonality or correlations with data breaches etc.?

I suspect you need another question, which is, who are the decision-makers?

Probably it is one or more top-level executives for the top-level corporation, informed by their technical security advisors.

Probably you start by learning what the existing solutions are, studying them to try to find something that is not already provided. Then you develop that, and only when you have a solid product and a prepared demonstration do you start talking to people who aren’t already your friends, but in the process of learning and developing, you probably start developing a network of people you know, by going to some conventions and talking to people you might know in the field.

That’s how you find out “which content helps to catch the attention”, the answer to which changes as new things are developed. So you don’t want to know which content caught attention, except inasmuch as it may help you anticipate what you might be able to invent that will be the next new thing. As for what I have heard, I think the most recent such content has mainly been about crypto and microtransactions.

And, you might also consider selling your project to an existing security company who has a relationship already with banks, rather than competing with them.

And you need to think about how to present your proposal without giving people information about it in such a way that they decide to just develop your general ideas themselves.

As for why I have this perspective, it’s from working as a software developer, and talking to other software developers and business folk.

You have to be 1000% sure of the fin tech laws in each of the countries you want to be doing business. Meaning familiarity with the Fed and the SEC here in the US. Because your software will need to totally compliant with the legal and regulatory requirements.

If you can “talk the talk” then you’re part way there. You also have to be able to talk in their own language with upper management-what does your product do that no one else’s does? And that is a different conversation (and audience) than the first group.

FInally, you need to convince the IT / security people that the app is bulletproof and can’t be hacked.

So you have three different conversations with three different audiences.

Welcome to the world of High Tech and the Financial Industry.
I am a longtime Technology employee in the FinTech world and prior to that the Mutual Insurance firms. I have been in the medial realm as well as manufacturing and startups. FinTech is by far the most complex level in this space. My firm has been around for over 200 years and has a small office in Zurich.
Sadly it still is an “Old Boys Club” at the top of the food chain for many firms. Titles matter significantly on who may even listen to your ideas. They are typically not looking for new secret sauce as opposed to industry proven methods. Even organically grown processes take time to prove out and get applied to workflows and tools.
While there may be open dialogue from Partners and Principals down the food chain, these kinds of decisions are made by trusted well proven personnel that move it slowly up the food chain. You never want to be know as “that person” that recommended something that either lost the firm money from E&O’s or created a security gap. There is a reason why things move at a certain pace methodically in FinTech. The proven ones deal with Trillions of dollars every day. Even the best of Technologist will still need to get their ideas and recommendations in front of the top layer who hold the purse strings and deciding power. SVP’s and MD’s only have limited authority. There is also a complex Vendor management and legal review behind anything before it even goes to the top.
I suggest getting an Internship with a leading firm if you are going to even float any ideas.

I concur with @Forever_Free, I did an interview in college for a oral report for a business course. The interview was with the regional business officer of the Teamsters, got a A- on the report in class and a job offer from the Teamsters. Didn’t take the job.

My understanding is the end goal is a report that explains the decision making process of financial institutions for choosing security technologies, and not trying to actually make sales of a product to said financial institutions right?