FinTech
Also known as: Financial Technology · Fin-Tech
FinTech is the engineering discipline of building money-movement, lending, and financial-services software under regulatory constraint. The defining architectural pressure is that compliance — PCI DSS, RBI tech guidelines, AML monitoring, audit-trail immutability — is not a layer added late; it dictates how data flows, where services are split, and which boundary trust crosses. Latency budgets are tight (sub-200ms card-network responses), and reconciliation is a first-class system, not a script.
In production at TantraDev.
Concepts that travel with this one.
Architecture rarely lives in isolation — these are the terms that come up in the same conversation.
PCI DSS
The Payment Card Industry Data Security Standard (PCI DSS) is the security standard every entity that stores, processes, or transmits cardholder data has to meet. The current spec is PCI DSS v4.0. The architectural lever is scope reduction: any service that does not touch a PAN can be carved out of audit, and a tokenisation vault is the standard mechanism for shrinking scope from 'whole platform' to a contained set of services.
RBI Tech Guidelines
The Reserve Bank of India publishes binding technology requirements for regulated entities — Master Directions on IT governance, the Digital Lending Guidelines (2022), the Payment Aggregator/Gateway licensing framework, and the IT Outsourcing Direction. The combined regime dictates data localisation, vendor-risk posture, incident reporting timelines, and audit trails for any FinTech operating under an Indian payment or lending licence.
Tokenisation Vault
A tokenisation vault replaces sensitive data (card PANs, SSNs, identity numbers) with opaque tokens at the system boundary, isolating the real values inside a dedicated service in a separate VPC. The architectural benefit is not abstract security — it is PCI DSS scope reduction. Only the vault and its callers remain in audit scope, cutting the surface that has to pass a Type 1 review from 'whole platform' to 'two services'.
Building a system where FinTech is the load-bearing decision?
30 minutes on the phone, one page in your inbox — what to build, what to skip, what it will cost. You keep the audit even if we are not the right fit.