What precautions I can take to secure software against user?

I want to build a client that connects to my server and uses server API. You can consider this as a banking application because data security is the most important thing. Since the users or hackers going to try breach software security to get into flow and see what is going on, we need to protect everything from user too. Simply, I want to take precautions against this (but not limited) situations:

1. 
   

   Reverse engineering attacks: No one must see my source code. If someone see it they can understand the algorithm and learn how API is working. Since the API is not a public one, it must never happen. Is obfuscating an irreversible process and best way to hide real source code? Also how can I secure my variables that can be dumped from memory at the runtime? What is the best way to secure local configuration or created files under Windows?

   
   


2. 
   

   Pirate clients: How can I prevent other softwares from using my API? If someone gets the source code, alter it anyway or create theirs this will be uncomfortable situation. Is there a way to limit access of service to my own original, not modified clients? (Hash control? Client certificates? Assembly signature maybe?)

   
   


3. 
   

   Data channel & data security: Software should be able to run in every network that connects to Internet, so it seems I have to use web requests & responses to communicate clients with server. I think data channel can be secured with https easily. Should I prefer a paid certificate (like Verisign) or creating my own certificate (signed by me) is enough? I want to secure the data itself too, I think a public & private key pair for each client will be enough for both identify and communication. Is it a good approach? I'm also thinking connecting that clients with a HTTP Proxy, can it increase security?

   
   

I know my software is working on enemy soil that I mustn't trust and there is nothing an user can't do with it. But I want to secure this as much as I can. No one can make it fully secure but I want to do everything I can to increase it.