Custom fintech software and payments - built so the money moves on rails you rent, and the ledger has to reconcile to the penny.
Intention InfoService builds embedded-payment front ends, financial dashboards, back-office tooling and the reconciliation and ledger software behind them, on the rails fintech actually runs on: payment processors, card networks, ACH, and open-banking access through providers like Plaid. You are almost never the bank, so the money moves on a licensed provider you rent - a processor or a sponsor bank - and the software's job is to instruct it and prove where it went. We do not hold customer funds and we do not build crypto, and the first thing we will usually tell you is that renting those rails beats building them.
A paid discovery first, a fixed price before any build, and the code is yours.
- Open rails: card networks, ACH, ISO 20022, open banking
- We don't hold your customers' money
- We'll tell you when the real project is a licence
Where the money and licence liveNot with us
- The funds
- Your bank or processor holds them
- The licence
- Your sponsor bank or transmitter
- The ledger
- Yours, reconciled to theirs
- Crypto
- Not us - out of scope, on purpose
Your ledger is a claim about their money until it reconciles.
The software around the money, not the money itself
Fintech software is mostly instruction, integration and proof. The funds sit at a bank or a processor, the licence sits with a regulated entity, and the interesting engineering is what you build around them so that every movement posts once, reconciles, and can be explained afterwards. A typical engagement is one of these:
Embedded-payment front ends
Checkout, billing, subscriptions and payouts built on a processor, where the card data and the money movement live on the processor's rails and your interface instructs them - not a payments system we stand up and hold the risk for.
Financial dashboards and reporting
The balances, transactions, statements and analytics people actually read, assembled from your processor, bank and ledger data - clear, correct, and reconciled to the sources rather than a pretty view that quietly disagrees with them.
Reconciliation and ledger tooling
The double-entry ledger and the reconciliation that compares it, continuously, to what the processor and the bank actually report - break-reports, drift alerts and an audit trail. This is the discipline whose absence broke Synapse, and we build it first, not last.
Back-office and operations tooling
The internal consoles a finance team runs on: reviewing transactions, resolving disputes, issuing refunds and adjustments as auditable entries, and answering the question a regulator or a customer asks with one record rather than a reconstruction.
Onboarding, KYC and lending front ends
The onboarding, identity-verification and application flows that ride a sponsor bank or a BaaS provider, wired to an identity vendor, with the review queues and case management the operator's program runs - you or your bank own the program; we build its software.
Open-banking and processor integrations
Account aggregation and payment initiation through open-banking access (Plaid and its peers), and processor, ACH and real-time-rail integrations built to the published standards - so the connection is engineered for retries, webhooks and reconciliation, not just a happy-path SDK call.
What this page is, and where the build actually lives
This page is about the sector, what building for it demands, and which side of the regulated line we stand on. The engagement itself is priced and scoped on the service pages:
A bespoke system, scoped before it is priced - a ledger, a dashboard or an integration layer is custom software, so it enters through the discovery that ends in a fixed build price. Which stack it lands on is a separate question, answered on how we decide what to build it with.
A store checkout is a different job - if you are selling goods and need a shop with a cart and checkout, the payments are handled for you by the commerce platform, and that is a Shopify store or a WooCommerce store, not a fintech build. The marketing site in front of the product is our web design and development service.
Customers on phones, and AI - a native finance experience is a separate build, and we have shipped no mobile app for anyone yet, in this sector or any other. The honest state of our app work is on mobile app development, on honest terms. AI routes to adding AI to a financial product, carefully, on the assistive side - not underwriting or fraud-scoring models we would have to stand behind.
Should you build regulated financial infrastructure? Almost never - and we'd rather say so first.
Most briefs that arrive as "a fintech" describe software that instructs money on rails somebody else already runs - a processor for the payments, a sponsor bank or a Banking-as-a-Service provider for the accounts and the licence. That is usually the right shape. Renting those rails means the charter, the custody of funds and the regulated obligations stay with a party that is licensed to carry them, and your build is the interface, the ledger and the reconciliation on top. When is building the regulated layer yourself right? Rarely, and only when the money movement itself is genuinely your product and no provider will carry it - at which point the first project is a licensing and sponsor-bank question, and that is a matter for your counsel, not a screen we design. The firm that blurs this - that quietly becomes the ledger of record and the money mover without the licence to match - is the firm whose books eventually stop matching the bank. That is the failure the public record of the Synapse collapse is made of, and it is the one this page is built to help you avoid.
What building for fintech actually demands
Every sector claims to be special. In this one the regulated entity is usually not you and never your vendor, the worst bug is a number that is quietly wrong rather than a crash, and the money you show on a screen is only a claim until it reconciles with the party that actually holds it.
You are almost never the bank
The charter, the licence and the custody of funds sit with a regulated party - a sponsor bank, a licensed transmitter, a processor - and in a BaaS model the money sits in that bank's accounts, in its name. A software firm is not that party and cannot become it by writing code. Knowing where the licence and the money actually live is the first real decision, and we make it in writing. What we build is the software that instructs those rails and reconciles against them.
The bug that never crashes
In most software a serious bug throws an error. In fintech the worst one does not: a movement posts twice, a webhook is replayed, a rounding rule drifts, and the books quietly stop matching the bank. Nobody sees it until it is expensive. We design for exactly-once posting and continuous reconciliation because the failure mode here is a number that is silently wrong, not a page that is visibly down.
Integration is the product
Almost nothing in fintech stands alone. The processor, the sponsor bank, the ledger, the identity vendor and the open-banking aggregator all have to agree, and the rails that make them agree - card networks, ACH governed by Nacha, the ISO 20022 messaging the major rails are moving to, open banking through Plaid - are published standards. Building to them well, with retries and reconciliation, is where a fintech build is won or lost.
The least money to move through you
Every system that sits in the flow of funds is another place the money can be delayed, doubled or lost, and another party a regulator asks about. So we keep the funds movement on the licensed rails and keep our systems to instructing and proving it - not custody. It is a smaller surface for you, and it is the posture whose absence is the recurring headline in this sector.
Financial data is not ordinary data
Account data and personal financial information sit under the GLBA Safeguards obligations for the institution that holds them, and cardholder data drags a whole environment into PCI scope. Those are not paragraphs to bolt on; they are access models, encryption and audit decisions in the schema. What we build is least-privilege access, encryption and the audit trail a written security program is evidenced with.
We would rather scope than guess
A fintech build is custom software. It enters through a paid discovery that ends in a written scope, a money-flow map and a fixed price - because the alternative is a number invented before anyone knew whether funds or account data would flow through what we build, which is the question that decides the cost and the risk.
When we'd tell you not to build, and when we'd turn the work down
If a processor plus a sponsor bank or a BaaS provider already does what you need, integrate onto them and keep your money - that is the column we highlight in the table below, and it is the answer most often. If a brief may turn on a money-transmitter licence or a sponsor-bank relationship before it is a software project, we flag it as a question for your counsel, not a determination we make, and we will not pretend code substitutes for whatever that answer is. If your product is crypto - an exchange, a DeFi protocol, token issuance, crypto wallets or smart contracts - that is not us, and we say so plainly rather than learn it on your budget. If it is high-frequency trading infrastructure or a core-banking ledger of record for a chartered bank, you want a specialist we are not. And if procurement gates on a supplier who carries a SOC 2 report, an ISO 27001 certification or a signed contract we cannot offer, we do not clear that gate, and you should choose a firm that does. Where a custom build genuinely wins: when the ledger, the reconciliation, the dashboards, the back office or the embedded-payment experience is the product and the off-the-shelf tools fight it. That is where a fintech build gets scoped and priced, and we will make that case with you in writing rather than assume it. Talking you out of building regulated infrastructure you do not need is the only credential we can offer before the first fintech build ships.
Twelve things a fintech build turns on
Almost none of it is the screen a customer sees. This is the layer a financial product is actually judged on when the money starts moving - and it is where a team that has designed a ledger and a reconciliation is worth more than a team that has printed a badge.
Build on regulated providers, not as the bank
We architect on payment processors, sponsor banks and BaaS rails so the charter, the licence and the custody of funds stay with the regulated party. The software instructs the movement, reconciles it and proves it - it does not become the thing that holds the money.
Double-entry ledger design
Balanced debits and credits, balances derived from immutable entries rather than a mutable number, and money stored as integer minor units with explicit currency and rounding rules - because a float is how a cent goes missing and nobody can say where.
Reconciliation against processor and bank
Automated, auditable break-reports that compare the internal ledger to the processor's settlement files and the bank's balances, with drift alerting - so a divergence between your books and where the money actually is surfaces the next morning, not at an audit.
Idempotent, exactly-once money movement
Idempotency keys and database-level uniqueness so a retried request, a duplicated webhook or a double click cannot post a movement twice. Exactly-once is a property we engineer into the data model, not a hope we attach to the network.
Immutable, tamper-evident audit trail
An append-only event history where corrections are compensating entries rather than edits, so who moved what, when, on whose instruction and against which external reference is answerable with one record. The audit trail is part of the schema, not a log bolted on at the end.
Dispute and chargeback state machines
Modelled transitions with deadline clocks and provisional-credit handling for card disputes and error-resolution claims, so a dispute is a state the system understands and can evidence, not a spreadsheet somebody keeps on the side.
Webhook reliability and replay
Signature verification, idempotent handlers, an inbound event log, tolerance for out-of-order delivery, and backfill - so the ledger's truth survives a webhook that arrives late, twice, or not at all, which is the normal weather of real integrations.
Payments and open-banking integration
Processor, ACH and real-time-rail integration, the ISO 20022 messaging the major rails are moving to, and account aggregation through open banking - literacy in the published standards, not just one vendor's happy-path SDK.
KYC, identity and screening integration
Onboarding wired to an identity-verification vendor with screening, risk scoring, and the review queues and case management an operator's program runs on. The operator - you or your bank - owns the program; we build the software it runs in.
Security engineering for financial data
Encryption in transit and at rest, MFA, least-privilege access, key management, secrets handling and audit logging - the technical substrate a written security program under the GLBA Safeguards obligations is evidenced with. Claimed as a method, never as a compliant or secure end state.
Disclosure and consumer-protection tooling
Accurate APR, finance-charge and electronic-transfer disclosure generation and record-keeping that a creditor or financial institution needs for lending and payment rules - always paired with the build, never with a claim that the rule applies to you.
Correctness and observability for money
Invariant and property tests that assert the books always balance and no unexplained negatives appear, deterministic event replay, reconciliation dashboards and drift monitoring - because the most expensive fintech bug is a number that is quietly wrong, and you only catch it if you are watching for it.
Our default for a fintech product: keep the money on rails a licensed provider runs, and make the ledger the thing you can trust. Start by asking whether a processor plus a sponsor bank or a BaaS provider already does the regulated part, and build the interface, the ledger and the reconciliation on top rather than becoming the money mover yourself - it is usually faster, cheaper and safer, and saying so costs us the larger engagement. When a custom build genuinely is right, design the double-entry ledger and the reconciliation before the features, so every movement posts once and is compared, continuously, to what the processor and the bank actually report. Model disputes, webhooks and corrections as states the system understands, not spreadsheets on the side. Keep account data and cardholder data on the smallest surface it can live on, encrypted and least-privileged, because that is where the GLBA and PCI cost lands. And watch for the silent divergence - the books that balance internally but drift from the bank - because it is the one bug in this sector that never announces itself.
In fintech, the worst bug never crashes. It leaves the number quietly wrong.
We have built a financial-services site - a loan-comparison platform, on our work page - but no regulated money system, no bank or processor logos, no transaction volumes to quote and no audit to wave, and you should weigh that. What we have instead is a clear account of a fact most of this sector blurs: you are almost never the bank, the money moves on rails you rent, and the ledger you show on a screen is only a claim about someone else's money until it reconciles with the party that actually holds it. Below is what we build so it does, and what building it that way costs us.
You are not the bank. So the ledger has to prove where the money went.
Because you never hold the money, the balances in your system are not the money - they are a claim about money a bank or a processor is actually holding. A claim is worth nothing until it reconciles with the party that holds the real thing. So the engineering that matters most is not the screen and not even the payment - it is keeping your ledger provably equal, every day, to what the bank and the processor report, and catching the moment it starts to drift. That single discipline is what the public record of the Synapse collapse was missing: a middleware whose internal ledger stopped matching the banks that held the funds, and tens of thousands of people who could not reach their money.
The lucrative thing we refuse. The stickiest business a fintech software firm can grow into is becoming the money-movement layer itself - sitting in the flow of funds, holding the ledger of record, and billing to keep the money moving forever. That is where the recurring revenue and the lock-in live, and it is exactly the position Synapse occupied. We decline it on purpose: we do not become the custodian or the transmitter, and we do not make your customers' balances depend on a system we run. It is not a contract we were offered and turned down; it is a business model we could build and choose not to.
The harder engineering we take on. We make ledger correctness the first requirement instead of the last feature: a double-entry ledger, exactly-once posting, reconciliation against what the processor and the bank actually report, and an append-only audit trail. None of it demos, none of it screenshots, and clients undervalue it right up until the night the books stop matching the bank. Building it before the interface that sells the funding round is a real cost to us in a demo-driven sale, and it is the honest inversion of "we don't hold your money" into "we build the thing that makes not holding it safe."
Who each rule binds - and what we build for it
Money-transmitter licensing and the anti-money-laundering rules bind the regulated entity that moves the money - a bank or a licensed transmitter - not its software vendor. In a sponsor-bank model the bank owns the anti-money-laundering program and the licence, and the funds sit in accounts in its name; standing up your own licence is a project in its own right. Whether your product needs one is a question for your counsel, never a determination we make. What we build is the onboarding and identity-verification front end, the review queues and case management, and the transaction-monitoring surfaces the program runs on - never the legal program itself.
The consumer-protection rules bind the financial institution and the creditor. Electronic-transfer error resolution and unauthorised-transfer liability fall on the institution; lending disclosure falls on the creditor; and which of them your product is, or whether it merely rides one, is again your counsel's call and is genuinely contested at the edges for nonbank platforms. What we build is the dispute and error-resolution state machine with its deadline clocks and provisional-credit handling, the disclosure and statement surfaces driven by terms your counsel sets, and the immutable event log that can prove what happened.
The financial-data-security rules bind whoever holds the account data. The federal safeguards obligations fall on the financial institution that holds customer financial information, and cardholder data pulls whichever systems touch it into the PCI cardholder-data environment - which is one reason we architect so those systems are yours and your processor's, not ours. Under open banking, access to account data runs on the customer's permission and is itself in regulatory flux. What we build is least-privilege access, encryption of account data in transit and at rest, and the audit trail and data-flow map a written security program is evidenced with. What you will never get from us is the word compliant - not about PCI, not about the safeguards rules, not about anything. Compliance is a property of how a regulated organisation operates and contracts, attested by people qualified to attest it. We do the engineering that makes it reachable, tell you where the cost of each gate lands, and leave the attestation where it belongs.
The ledger reconciles, or the build isn't done
Every money movement is posted once and only once, keyed so a retry or a duplicated webhook cannot double it, and reconciled against what the processor and the bank actually report. Books that balance internally but drift from the bank are the failure we design against first, because it is the one nobody sees until it is expensive.
Every movement is provable after the fact
An append-only, tamper-evident record of who moved what, when, on whose instruction and against which external reference - so a dispute, an audit or a regulator's question has one answer rather than a reconstruction. The audit trail is part of the data model, not a log bolted on at the end.
We don't hold your customers' money
The funds sit where the licence is: in accounts your sponsor bank or processor holds, in their name, under their charter. We build the software that instructs those movements and reconciles them, and never become the custodian, the transmitter, or the party your customers' balances depend on. Less of your risk lives on anything we run.
You own the code, the ledger schema and the integrations
The repository, the data model and the processor, Plaid and bank integrations are yours, on infrastructure in your name, handed over on final payment with no licence back to us. We build to the published rails - card networks, ACH, ISO 20022, open banking - so your bank, your processor or another team can carry it forward without paying us rent.
Procurement, answered truthfully
No SOC 2 report, no ISO 27001, and no PCI Attestation of Compliance of our own - and there is no PCI certificate for anyone to hold. We complete your security questionnaire honestly, including the parts where the answer is no, and evidence the parts that are genuinely ours: the access model, the audit logging, the data-flow diagram, the reconciliation design. If procurement requires a supplier who carries those attestations, that is not us, and we will say so plainly.
We'll flag when the real project is a licence
When a brief may turn on a money-transmitter licence or a sponsor-bank relationship before it is a software project, we say so - as a question for your counsel, not a verdict we issue - and it costs us the build whenever renting the rails turns out to be the answer. Pointing you at the licensed provider instead of a bespoke money mover is the only credential we can honestly offer before the first fintech build ships.
The fintech badges, named correctly - and the category errors we won't commit
Start with the one that does not exist. There is no PCI certificate. The PCI Security Standards Council issues no certification to merchants or developers; compliance is evidenced by an Attestation of Compliance, a Report on Compliance or a Self-Assessment Questionnaire, and it is held by the merchant or service provider whose systems are in the cardholder-data environment. PCI does credential people - Qualified Security Assessors and Approved Scanning Vendors - but those belong to assessor and scanning firms, not to a development company, so a "PCI-certified developer" advertises a thing that is not granted. The current standard is PCI DSS v4.0.1. What else exists, and we hold none of it: a SOC 2 (and a SOC 1) is an attestation report a CPA firm writes about an organisation's controls, not a certificate, and we have not undergone one; ISO 27001 is a genuine certification held by an organisation, and we are not certified to it. The programmes this sector waves are company-level or product-level, and we are in none of them: the Stripe Partner Program is live, a company joins it at the Partner tier and can advance to Premier; Plaid runs a partner program with a public directory; Visa Ready and Mastercard Engage admit technology providers and their payment products, not services firms as a trust badge. And a money-transmitter licence is not a badge at all - it is a licence held on the national registry by the entity that actually conducts the money transmission, a bank or a licensed transmitter, and never its software vendor. We name these precisely because this sector is full of firms that hold a product listing, a partner tier or nothing at all and let it imply the company is certified or bank-grade. It does not, we hold none, and what we offer instead of a badge is the reconciliation discipline on this page, code you own outright, and a paid discovery before any price.
What our real work proves here, and what it does not
Our production work includes a genuine financial-services build: a loan-comparison and enquiry site for a lending advisory - structured pages for ten loan categories with eligibility and rate detail, a real-time affordability calculator, and enquiry funnels that turn interest into qualified leads, on a fast custom build you can see on our work page. That is real, fintech-adjacent web work. What it is not is the hard fintech case. It is lead-generation: it moves no money, holds no funds, processes no payments, runs no ledger, and reconciles nothing across you, a processor, a sponsor bank and a card network. The reconciliation this page is really about - a ledger of held balances kept provably equal, day after day, to the bank that holds them - is work we have not shipped. So we claim the financial-services front end and fence off the regulated money-movement core, plainly: the builds we've actually shipped, described honestly. We have no regulated-fintech clients and no money system in production. The fintech-specific part of what we offer is the reconciliation and ledger depth on this page, the boundary above it, and a willingness to tell you the thing that costs us the sale.
The money-flow map comes before the build
We map exactly where funds and account data go before anyone designs a screen, because that map decides whether the work stays on the software side of the regulated line - the decision the rest of the engagement turns on. Then we model the ledger and the reconciliation before the features, and prove the integrations against sandboxes before real money moves.
Discovery & the money-flow map
1-2 weeksA paid discovery that ends in a written scope, a fixed build quote credited toward the build, and a map of exactly where funds and account data flow - and therefore whether the work stays on the software side of the regulated line. If a processor and a sponsor bank already do the regulated part, we say so, and the engagement gets smaller.
Ledger & reconciliation model first
before designThe double-entry ledger, the money-as-integer rules, and how the ledger reconciles against the processor and the bank, modelled before any feature. Exactly-once posting, corrections as compensating entries and the audit trail are schema decisions, and retrofitting them after the schema is set is the expensive path.
Integration on sandboxes and test rails
weeksThe processor, open-banking and identity integrations stood up early against vendor sandboxes and test rails, with webhook replay and reconciliation proven before real money is anywhere near them - so the failure modes surface in test, and real funds first move only inside your own environment at go-live.
Security & procurement readiness
throughoutLeast-privilege access, encryption of account data, and the audit trail a written security program is evidenced with, built in from the start - then we help you answer the security questionnaire your buyer or your bank sends, honestly, including the parts where the answer is that we hold no SOC 2 report and no signed attestation.
Deploy, hand over & care
on deliveryDeployed into your own environment, then handed over: the repository, the code, the ledger schema and the IP are yours. Care runs on the non-financial surfaces only - the marketing site, the front-end code, the pipeline - while access to and backups of anything holding account data or moving funds stay inside your environment, run by you or by the bank and processor under the agreements we don't sign.
The comparison nobody selling you a build will show you
This is the decision, and it is made before a single screen is designed. We build the middle column, which means it costs us the largest engagement every time the honest answer is to integrate rather than to become the bank. It usually is.
| Use a provider's own tools | Integrate on a processor + BaaS / sponsor bank | Build the regulated infrastructure yourself | |
|---|---|---|---|
| What it is | The dashboards and no-code tools a processor or BaaS provider ships, configured | A custom interface, ledger and reconciliation on top of a processor and a sponsor bank | Becoming the money mover: your own licence, custody and core ledger of record |
| Best for | Standard payments or payouts on a known model, little custom logic | A product with its own ledger, dashboards or flows the off-the-shelf tools fight | When the regulated money movement itself is the product and no provider will carry it |
| Where the money lives | With the provider, entirely | With the bank or processor; your ledger is a reconciled claim on it | With you - which is the licence, the custody and the liability you just took on |
| Who is the regulated entity | The provider | The sponsor bank or the licensed transmitter you rent | You, once you hold the licence - a project before it is software |
| Interoperability | Whatever the provider built in | Card networks, ACH, ISO 20022, open banking - the published rails | Whatever you build to, plus the rails a regulated entity must connect to |
| Security & audit | The provider's, which you inherit | Yours on your surfaces, theirs on the funds and card data | Entirely yours to establish and to evidence, at the highest bar |
| Our take | If the built-in tools do most of it, start here and keep your money | The right answer for most people who ask us for a fintech build | Rarely right, and a licensing question for your counsel before a build for us |
The highlighted column is the one that most often wins, and it is the one that costs us the smaller build. When the third column genuinely is right, the first project is a licensing and sponsor-bank question for your counsel - and the software that follows is where a fintech build gets scoped and priced. Which stack it lands on is a separate question, answered on how we choose the stack.
A fintech build is scoped, not quoted from a page
No quote wall, and no invented range either. Every agency page in this sector prints a custom-fintech price band. None of them can know whether funds or account data will flow through what we build, or whether a licence sits in the path - which is what decides the cost and the risk - and neither can we until we have mapped it.
Discovery Sprint
A paid discovery that ends in a written scope and a fixed build quote. It ends in a written scope, a money-flow map that shows where funds and account data live and who is the regulated entity, and a fixed price for the build - credited toward that build. If discovery concludes a processor and a sponsor bank already do the regulated part, you keep the scope and the recommendation, and the larger engagement never happens.
1-2 weeks
Where the rest of a fintech budget goes - and where our care plans stop
The ledger or the dashboard is one line. The site that markets the product is a different job with its own published starting prices, on our web design and development service. A native finance experience on phones is a separate build again, on mobile app development, on honest terms - and we have shipped no mobile apps for anyone yet, which that page says plainly. The system itself is where a fintech build gets scoped and priced. One boundary matters more here than on any other page: our published care plans - the monitoring, the standing access and above all the scheduled offsite backups - are built for ordinary websites, and we do not point them at a system that stores financial account data or cardholder data, or that sits in the path money moves along. Holding a copy of, or a key to, a system like that is exactly what would pull us inside the federal safeguards obligations and can widen the cardholder-data environment we work to stay out of. So on a fintech build we care for the parts that carry none of it - the marketing site, the front-end code, the pipeline and the dependencies - while backups, access and monitoring of anything that holds account data or moves funds stay inside your own environment, run by you or by the bank, processor or host under the agreements we don't sign.
Not sure you should build regulated infrastructure at all? That's the first thing discovery answers, and it is the answer we're happiest to give.
Building for fintech, answered
Do I need a money-transmitter license?
That is a determination for your counsel, not for us, so we will not tell you that you do or you do not. What we can tell you is where the question comes from: if your product holds customer funds or moves money for a fee as a principal, licensing and a sponsor-bank relationship usually come into it, and that is a project in its own right before it is a software project. Most products avoid it by riding a bank or a licensed provider that already carries the licence and the funds. We build the software either way, and we flag early which path a brief looks like it is on, because it changes the whole shape of the build.
Do you hold customer funds, and where does the money actually sit?
We never hold your customers' money. The funds sit where the licence is: in accounts a sponsor bank or a processor holds, in their name, under their charter - often pooled 'for benefit of' your customers. We build the software that instructs those movements and reconciles them against what the bank and processor report; we do not become the custodian or the party your customers' balances depend on. That is deliberate, and it is the posture whose absence, in the Synapse collapse, left tens of thousands of people unable to reach their money when a middleware's ledger stopped matching the banks.
Should you build on Stripe and a provider, or build the payments yourself?
Almost always, build on a provider. A processor, and a sponsor bank or a Banking-as-a-Service provider, already carry the regulated part - the licence, the custody of funds, the card rails - and rebuilding that is the most expensive and most dangerous way to reach the same place. The honest first question is whether an off-the-shelf provider does the regulated movement, and whether your product is the interface, the ledger and the reconciliation on top. Building the regulated infrastructure yourself is right only when the money movement itself is genuinely your product and no provider will carry it, which is rarer than it sounds and a licensing question before a software one.
Is your software PCI compliant?
No one can hand you 'PCI compliant software', because PCI compliance is not a property of software and there is no PCI certificate. The PCI Security Standards Council issues no certification to merchants or developers; compliance is evidenced by an Attestation of Compliance, a Report on Compliance or a Self-Assessment Questionnaire, and it is held by the entity whose systems are in the cardholder-data environment - the merchant or the service provider, under the current PCI DSS v4.0.1 standard. What we build keeps the card data on your processor's rails so the systems we touch stay out of that environment, and we build the access controls, encryption and audit trail your own attestation is evidenced with. The compliance is yours to hold; the engineering that makes it reachable is what we do.
How do you avoid what happened with Synapse?
By treating reconciliation as the first requirement, not the last feature. Synapse, on the public record, was a middleware whose internal ledger stopped matching what the partner banks actually held, and the gap is where people's money went missing. The engineering answer is a double-entry ledger where every movement posts once and only once, reconciled continuously against what the processor and the bank report, with drift alerting the morning a divergence appears rather than at an audit - and an append-only audit trail so any balance can be explained. We also do not put ourselves in the position Synapse was in: we do not hold the funds or become the ledger of record your customers depend on. The bank does; our ledger stays a reconciled claim on it.
Am I a fintech, or do I actually need to become a bank?
Most 'fintechs' are software on rails a regulated party already runs - they are not banks and do not want to be, because a charter is a multi-year regulatory undertaking, not a feature. The useful distinction is whether your product needs to hold funds or move money as a principal, or whether it can instruct a bank or processor that does. If it can, you are building software on regulated rails, which is the bulk of what this sector actually is. If it genuinely cannot, the first project is a licensing and sponsor-bank question for your counsel, and we will say so rather than pretend a screen answers it.
What does a fintech build cost?
We publish one number here and refuse to invent the other. Every agency page in this sector prints a custom-fintech price band, and none of them can know whether funds or account data will flow through your build, or whether a licence sits in the path - which is the single biggest driver of the cost and the risk. So a fintech build enters through a paid Discovery Sprint from $1,000, which is one to two weeks and ends in a written scope, a money-flow map showing where the funds and the licence live, and a fixed price for the build, credited toward it. If discovery concludes a provider already does the regulated part, you keep the scope and the recommendation, and the expensive engagement never happens.
Can you integrate with a processor, Plaid, or a sponsor bank?
That is most of the work, and we build to the published standards rather than one vendor's happy-path SDK - processor and payout APIs, ACH, the ISO 20022 messaging the major rails are moving to, and open-banking access for account aggregation. The integration that breaks is rarely the first call; it is the webhook that arrives late or twice, the settlement file that disagrees with your ledger, the retry that must not double-post. We design for those explicitly, with idempotent handlers, an event log, replay, and reconciliation against what the other side actually reports. We have built and run a real payment-processor integration in production - a store checkout - and we are candid that a checkout is the simple end of this, not the multi-party case.
Do you build crypto, blockchain or web3 products?
No, and we would rather say so plainly than learn it on your budget. This page is about traditional and embedded fintech - payments, ledgers, dashboards, lending and onboarding front ends on regulated rails - not cryptocurrency exchanges, DeFi protocols, token issuance, crypto wallets or smart contracts. That is a different technical and regulatory world, with its own custody and securities questions, and we do not have the shipped experience to stand behind it. If crypto is the core of your product, you want a team that specialises in it, and we will tell you that on the first call.
Can you build AI fraud-scoring or underwriting into our product?
We build AI on the assistive side - grounded in your own data, with a human in the loop - and we are deliberately careful at the line where a model starts making a credit or a fraud decision on its own. Autonomous underwriting and fraud-scoring models carry fair-lending, explainability and adverse-action obligations that fall on the lender or the institution, and building the model that drives those decisions is not something we would put our name to without the specialist and legal work it requires. We will build the surfaces, the case-management and the review queues around a decisioning system, and integrate a provider's scoring - and we will tell you when a feature needs a specialist we are not.
Do you hold SOC 2, ISO 27001 or a PCI attestation?
No to all three, and it is worth being precise about what each is. A SOC 2 (and a SOC 1) is an attestation report a CPA firm writes about an organisation's controls, not a certificate, and we have not undergone one. ISO 27001 is a genuine certification held by an organisation, and we are not certified to it. And there is no PCI certificate at all - PCI compliance is evidenced by an Attestation of Compliance held by the entity in the cardholder-data environment, not by a developer. We complete your security questionnaire honestly, including the parts where the answer is no, and evidence the parts that are genuinely ours - the access model, the audit logging, the reconciliation design. If procurement gates on a supplier who carries those attestations, that is not us, and you should choose a firm that does.
Who owns the code, and who owns the ledger?
You own the code outright - the repository, the ledger schema, the reconciliation logic and the processor and bank integrations, on infrastructure in your name, handed over on final payment with no licence back to us. The funds and the accounts were never ours to own; they sit with your bank or processor throughout. We build to the published rails deliberately, so that your bank, your processor or another team can carry the work forward without paying us rent, and so that the thing most critical to a financial product - the ledger and its reconciliation - is fully yours and fully inspectable rather than a black box only we understand.
Have you built fintech software before?
No regulated fintech, and we will not dress that up. We have built a financial-services site - a loan-comparison and enquiry platform for a lending advisory, which you can see on our work page - but that is lead-generation: it moves no money, holds no funds and runs no ledger, so it is not the regulated core this page is about. We have no bank or processor logos and no money system in production, and you should weigh that. What we offer instead of a regulated-fintech portfolio is the reconciliation and ledger depth on this page, an accurate account of where the money and the licence actually live, and a willingness to tell you to rent the rails rather than build them. If a shipped money system is your deciding criterion, there are firms who have one, and we would rather you knew that now than after a discovery.
What is a ledger, and why does reconciliation matter so much?
A ledger is the record of every money movement and the balances that follow from it. In fintech it is doubly important because your ledger is not the money - the money sits at a bank or a processor - so your ledger is a claim about what they hold, and a claim is only trustworthy if it is kept equal to the source. Reconciliation is the continuous check that your record still matches theirs: the settlement file, the bank balance, the processor's report. It matters because the worst fintech bug does not crash - a movement posts twice, a fee drifts, a webhook is missed - and the books quietly stop matching the bank until someone, usually a customer or a regulator, discovers it the hard way. We build the reconciliation that catches it the next morning.
How do you keep financial data secure?
With method, and without claiming an outcome we cannot attest. We keep account data and cardholder data on the smallest surface it can live on - ideally your processor's and your bank's, not ours - and where we do build systems that touch it, we apply least-privilege access, encryption in transit and at rest, key management, secrets handling and audit logging. Those are the technical substrate a written security program under the federal safeguards obligations is evidenced with; the program itself, and any attestation, belong to the institution that holds the data. We will not tell you a system is secure or compliant as a finished state - we will tell you what we built, and help you evidence it for the buyer or the bank that asks.
Building something for fintech?
Tell us what you're trying to do, and where the money and the licence have to live. We'll map the flow, tell you honestly whether a processor and a sponsor bank already do the regulated part, and tell you plainly if it's a project we shouldn't take - before anyone quotes you a number.

