NM Company
A portfolio and enquiry site for events firm NM Company
A visual portfolio and enquiry website for an event management and supplies firm — presenting a full...
Read itRBI · UPI/NPCI · eKYC · PCI-DSS
In fintech a bug is a reconciliation break. We build double-entry ledgers that tie out to the bank daily, UPI integrations that survive the rail's real failure modes, and KYC modelled as a state machine from sprint one.
The most common thing we are called in to fix in fintech is a product where the user's balance is a number on a table. It gets updated inside a transaction. Somebody writes a migration to correct a discrepancy. Within a year the sum of the balances does not match the money in the bank, and because a stored balance has no history, nobody can say why. A balance is the sum of an immutable, append-only, double-entry ledger. A correction is a reversing entry, never an edit. Any account's balance at any moment in history is derivable, and it ties out against the bank statement every day, automatically, with an alarm on any break. We build that first — before the app, before the onboarding flow, before anything a founder wants to demo. Everything else in a fintech product is downstream of the money being provably correct.
Talk about your productDaily automated reconciliation against the bank statement. A break raises an alarm; it does not wait for a month-end discovery.
Every payment request carries an idempotency key. A retry cannot debit twice, which is the bug you cannot apologise your way out of.
Against the NPCI settlement file. Payment success and money arriving are two different events — we track both.
No card number ever touches your servers. Tokenised, hosted fields. PCI becomes a questionnaire rather than a programme.
Fintech is the one domain where a bug is not a bug. It is a reconciliation break, a regulatory breach, or somebody's salary that did not arrive. The engineering discipline is different, and it starts before the first line of code with a question most teams answer too late: what licence are you operating under, and whose?
The most common architectural failure we are called in to fix is a fintech product where the balance is a column on the users table. It gets updated in a transaction, somebody writes a migration to fix a discrepancy, and within a year nobody can explain why the sum of the balances does not match the money in the bank.
A balance is not a number you store. It is the sum of an immutable ledger. Every movement of value is a double-sided entry, entries are append-only, and a correction is a reversing entry that leaves the original intact and visible. The system must be able to produce, for any account at any moment in history, a balance derived from its entries — and that derived balance must tie out against the bank statement, every single day, automatically, with an alarm on any break. Building this is not optional and it is not something you add in year two.
UPI is an interbank rail, and its failure modes are its own. A collect request can be approved by the user thirty seconds after your system timed it out. A callback can arrive twice, or never. A transaction can sit in a genuinely indeterminate state where neither success nor failure is a safe assumption — and the only correct action is to query status, with backoff, until the rail tells you.
So: idempotency keys on every request, so a retry cannot debit twice. A status reconciliation job that sweeps pending transactions rather than trusting callbacks to arrive. Never mark a payment successful on a callback alone; verify against the rail. And a settlement reconciliation against the NPCI file, because the payment succeeding and the money arriving are two different events separated by a day and, occasionally, by a dispute.
eKYC through Aadhaar has constraints on who may use it and how. Video KYC has an RBI-prescribed process with recording, geotagging and a real human. Minimum KYC caps what a wallet may hold and what it may do. CKYC lets you fetch an existing record rather than collecting it again.
These are product decisions wearing compliance clothing, and they must be made before design, not during it. A wallet whose limits change when a user completes full KYC needs that modelled as a state machine from the first sprint. Bolting it on afterwards means touching every transaction path in the codebase, and you will miss one.
Data localisation: payment data stays in India, full stop. PCI-DSS scope, minimised by never touching a card number — tokenise, use the gateway's hosted fields, and keep your servers out of scope entirely. Audit logs that are append-only and that an engineer with production access cannot edit. Segregated environments with sandbox rails. And a runbook for the day the rail is down, because it will be, and "we will figure it out then" is not a plan when money is in flight.
Immutable, append-only, every movement double-sided. Balances derived, never stored. Corrections are reversing entries.
Daily automated matching against bank statements and NPCI settlement files, with an alarm on every unexplained break.
Idempotency keys, status sweep jobs for indeterminate transactions, and never trusting a callback as proof of success.
Minimum, full eKYC, video KYC and CKYC fetch — as a modelled state machine where limits and permissions follow the tier.
Velocity checks, device fingerprinting, a rules engine an analyst can edit without a deploy, and a case queue for review.
Aadhaar eKYC, PAN and bank penny-drop verification, with drop-off measured at every step because that is where CAC is decided.
The reports the regulator asks for, produced from the ledger rather than assembled by hand in a spreadsheet the night before.
Maker-checker on every manual adjustment, full audit trail, dispute handling and a refund flow that cannot be run twice.
Biometric unlock, certificate pinning, no sensitive data at rest on the handset, and a security posture built to survive review.
None of this is advice from a compliance consultant. It is the engineering consequence of rules we have already built against.
Payment system data stays in India. That includes the offshore error tracker logging full request payloads, which is where teams quietly fail an audit.
Tokenisation and hosted fields keep card numbers off your infrastructure entirely, which turns PCI from a programme into a questionnaire.
Minimum KYC, full eKYC, RBI-prescribed video KYC with recording and geotag, CKYC fetch. The tier determines what the product may do.
Idempotency, status reconciliation, settlement file matching. The payment succeeding and the money arriving are separate events.
Append-only, and not editable by an engineer with production access. If your audit log is a table someone can UPDATE, it is not an audit log.
A managed vault, rotation, and no credentials in environment files or CI logs. Assume the repository will leak one day and design accordingly.
Uptime is table stakes and nobody will thank you for it. These are the numbers that decide whether the business works, and every one of them should be derivable from the ledger without anyone opening a spreadsheet.
Talk to usBy rail, by bank, by hour. A drop on one issuing bank is a signal, not noise, and it should page somebody.
Per step, not overall. The step that leaks is where your customer acquisition cost is actually being set.
And every one of them is investigated. A tolerated break is a break that becomes a habit.
Median. Because a customer whose money is missing is not measuring your uptime.
A Shopify storefront for a Surat ethnic-wear label — 200+ SKUs of lehengas, sarees and suits organised by type, colour,...
A fleet, ePOD and route-optimisation platform built offline-first for drivers in low-connectivity corridors — because th...
A Shopify storefront for a Surat watch and eyewear retailer — browsable by gender, brand, style and combo, with predicti...
Not at month end — today, automatically, with an alarm if it does not. If that question makes you uncomfortable, it is the right time to talk, and it is a great deal cheaper to fix now than after you are carrying live customer balances.
The stack
FAQ
Proof
NM Company
A visual portfolio and enquiry website for an event management and supplies firm — presenting a full...
Read itSwasthya Sarathi
A multi-service healthcare platform that helps people find hospitals, doctors, labs, medical stores,...
Read itMV Tech Education
A course-catalogue and admissions website for a Bihar vocational institute — leading with industrial...
Read itLogistics platforms fail in the money, not the map. We build hub-and-spoke networks, offli...
ExploreHealthcare software where the identity layer is national, consent is statutory and no-show...
ExploreEdtech does not fail on engineering. It fails when nobody notices a learner has stopped sh...
ExploreLet's talk fintech software development
A senior engineer reads every enquiry. You'll get a real answer — scope, risk and a number — within one business day.