All case studies
FinTech · Series A Payment Startup

From a single-server monolith to 3.2M transactions a month.

A Series A FinTech needed PCI compliance, multi-currency settlement, and horizontal scale before their next funding round. We re-architected their payment core in 90 days, in production, no downtime.

Day 1 → Production: 90 days
PCI DSS
Type 1 ready
This month
3.2M+ txns
Today, 2:14 PM
Payment Successful
Settled to merchant
$2,481.20
Multi-leg · 3 currencies
Routed via
USD
EUR
GBP
INR
JPY
AUD
Tokenisation12ms
Risk score0.04
SettlementOK
0M+

Monthly transactions

0%

Uptime SLO achieved

0%

PCI scope reduction

The Challenge · 01

What was breaking

The client had launched on a single Postgres instance and a Node.js monolith that worked at 50K transactions/month — and started timing out at 200K. They had 90 days before due diligence began for their Series B raise. Auditors needed PCI DSS scope reduction; engineering needed horizontal scale; the founders needed both at once. Existing logs were noisy enough that incident response averaged 45 minutes.

Our Approach · 02

The technical bets we made

  • 1

    Split the monolith into 4 services along the payment lifecycle (intake, fraud screening, settlement, reconciliation) — kept synchronous APIs at the boundary, async messaging internally via Redis Streams.

  • 2

    Tokenised every PAN at intake using a dedicated vault service in a separate VPC. Reduced PCI DSS scope from 'whole platform' to 'two services in one VPC' — auditor sign-off in 6 weeks, not 6 months.

  • 3

    Moved settlement reconciliation onto a partitioned Postgres cluster with per-currency partitions. Settlement queries dropped from 8s to 200ms at p95.

  • 4

    Built a real-time fraud-screening pipeline using Redis ML feature vectors, async-scored transactions in <80ms, blocked flagged transactions before settlement.

  • 5

    Set up structured logging (OpenTelemetry → Grafana Loki) and a runbook-driven on-call rotation. Mean time to detect dropped from 45 min to 4 min.

Tech Stack · 03

What powers this system

Node.js
TypeScript
PostgreSQL
Redis
AWS
Kubernetes
OpenTelemetry
Grafana
Terraform
Timeline · 04

From kickoff to production

Week 1
Discovery

Architecture audit, PCI scope analysis, threat model session with the founder + CTO.

Week 2-3
Design

Service decomposition diagrams, API contracts, infra plan. Shipped a working tokenisation vault end of week 3.

Week 4-11
Build

2-week sprints, weekly demos, gradual traffic migration behind a feature flag. Shadow-tested on production traffic for 2 weeks before cutover.

Week 12-13
Cutover

Zero-downtime migration over a Sunday window. Auditor walkthrough completed week 13. PCI sign-off two weeks later.

Business Impact · 05

The ROI

The platform went from a hard ceiling at ~200K monthly transactions to processing 3.2M+ in month 4 post-launch — a 16× capacity gain on the same infra spend per transaction. PCI DSS scope reduction cut their compliance audit cost by ~70% (from ~$80K to ~$24K/yr). The Series B round closed on schedule, with the new architecture cited in the funding memo. Mean time to incident detection dropped from 45 minutes to 4.

We talked to four agencies. TantraDev was the only one that asked about our compliance roadmap on the first call — not our budget. Three months later we shipped, on time and under PCI scope.
F
Founder
CEO & Co-founder · Series A Payment Startup

Need something similar?

Book a free 30-min architecture audit. We'll sketch the system you need.

Book a 30-min Architecture Audit

Related case studies

EHR integration that cut hospital admin time by 40%
Read
Headless commerce migration: 2.8x conversion
Read
Adaptive learning platform: 0 → 120K learners
Read