Have you shipped under PCI DSS scope?

Yes — multiple times. Most recently, a Series A FinTech where we cut PCI scope by 80% via tokenisation vault architecture, passed Type 1 in 6 weeks instead of the usual 6 months.

Do you support both Indian and international payment rails?

Yes — UPI, IMPS, NEFT, RTGS for India. International cards via Stripe / Razorpay / Adyen. Cross-border via Wise / Currencycloud. We've integrated 12+ payment providers across engagements.

Can you build NBFC core systems?

Yes — we've built loan management systems, decision engines, collection workflows, and integrated with bureaus (CIBIL, CRIF, Experian) and core banking systems for NBFCs.

What about fraud / AML?

We've built rules-based fraud detection, ML-based anomaly scoring with feature stores, and AML monitoring pipelines with FIU-IND reporting. We also handle sanctions screening and PEP/adverse media checks.

Do you take responsibility for our compliance?

We take responsibility for the architecture and code that supports your compliance program. Your compliance team owns policy and audit. We work hand-in-hand — and have been in compliance team meetings as part of project delivery.

Home

Industry · FinTech

FinTech engineering, built for regulators and reality

Payment platforms, lending engines, NBFC core integrations, settlement, KYC. Built by engineers who've shipped under PCI scope, passed RBI tech audits, and recovered from real production incidents.

$80T+

Global digital payments market — and the failure modes that come with it

Industry-specific · 01

What's different about building software here

These are the constraints generic agencies miss. We've been burned by them ourselves — and built systems that handle them.

PCI scope is architectural, not optional

PCI DSS isn't a checkbox — it dictates which services touch card data and how. Most FinTech startups discover this when their first audit fails. We design scope reduction in week 1.

Latency budgets in milliseconds

Card networks expect responses in <200ms p99. Lending decision engines have 3-second windows. Settlement reconciliation runs nightly with no slack. Every architecture decision has a latency tax.

Reconciliation is a system, not a script

Money moving across rails doesn't reconcile itself. Multi-leg settlements, currency conversion, chargebacks, and partner payouts need a real reconciliation engine — not an Excel script.

Audit trails that survive forensic review

Application logs that can be edited won't pass a forensic review after a fraud incident. We ship cryptographically chained immutable audit logs from sprint 1.

Fraud detection without latency budget

Async fraud scoring sits inside the synchronous transaction path. We've built feature stores + ML scoring layers that make decisions in <80ms without blocking settlement.

Regulatory reporting is a product surface

RBI reporting, NeSL filings, AML SAR submissions — these can't be afterthoughts. They need product surfaces with audit, approval, and submission tracking.

Our posture · 02

How we approach this industry

We don't take FinTech engagements where the founder believes 'compliance is a layer we'll add later.' It isn't. PCI DSS scope, RBI tech requirements, KYC pipelines, AML monitoring — these are architectural decisions that reshape how data flows. We design these in week 1, before code starts. We've turned away two FinTech engagements in 2025 because the founder wanted us to build first and 'figure out compliance later.' If you're serious about shipping a FinTech that survives a regulatory review, we're the team. If you want to build fast and patch later, we're not.

Capabilities · 03