Design + engineering for fintech founders
KYC integrated. PCI scope minimised. A ledger that passes audit. A consumer app that earns its place on the home screen of someone who opens it every day.
The problems we hear most
Onfido for KYC, a Stripe Connect account, and an internal ledger nobody fully trusts
Three vendors, one accounting team filling spreadsheets at month-end to make their numbers agree.
A 3DS2 flow that drops the customer just before they hit "buy"
Authentication bounces, browser redirects, lost sessions on the first payment. The customer signs up with a competitor instead.
A compliance officer asking how you prove tenant A cannot see tenant B's data
The procurement team of the next regulated customer will ask the same question. If the answer lives in tribal knowledge, the deal stalls.
A pricing page written for a payments engineer, not for the customer
Schemes, BINs, networks, surcharges. The buyer wanted to know what they would be charged, not what each piece is called.
kiBank · a consumer bank that disappears into the day
A consumer bank we designed and built whole. Marketing site, app, design system, and the infrastructure underneath. Two surfaces, one promise, every screen earning its place by removing one daily friction.
Inside the kiBank build
A consumer bank lives on a phone. People open their banking app every day, often before breakfast, often with one hand on a train. Most apps make that moment chaotic, sterile, or anxiety-inducing. kiBank set out to build a third option: a bank that disappears into the day.
The product had to feel quiet, behave fast, and prove its worth in the first ten seconds of every session. Two surfaces, one promise: every screen earns its place by removing one daily friction. We designed and built the whole ecosystem: marketing site, app, design system, and the infrastructure underneath. One team, one foundation.
The design system was the project
A bank that lives on a phone has no room for one-off styling. We started by building the components that the marketing site, the app, and eventually the back-office tools would share, namely buttons, cards, status badges, input groups, sheet modals, list rows, charts, and the toast system that surfaces every transaction event. One hundred and twenty components, two hundred design tokens, one accessibility audit covering screen readers, voice control, and motion sensitivity. The light and dark themes share every layout, every spacing rule, every animation curve. A theme switch costs zero round trips and survives a kill-and-relaunch of the app.
The marketing site as a single conversion
The site is built around one outcome: get the visitor to install the app before they change tab. Every section answers one question that came up in customer interviews, in the order those questions arrive. A static Next.js shell streams from Vercel Edge in under 200ms anywhere in Europe. Imagery is served from Cloudflare R2 with on-the-fly AVIF conversion. The whole landing weighs less than one product photo on a typical e-commerce site. The hero is a phone, not a person. The proof points are quiet: a card design, a balance, a notification. The CTA is the install button.
Six screens carry the bank
The app fits the whole experience into six screens. The discipline shows: every tap is one decision deeper into a flow, never a sideways jump that costs context. The home screen carries the balance, the recent activity, and a single suggested next action. The card screen freezes, unfreezes, and reveals card data behind a biometric prompt. The activity screen filters and searches. The send screen is one form that adapts to a SEPA transfer, an internal transfer, or a scheduled payment without changing layout. The profile screen carries KYC status, notification settings, and the customer support handle. The card-actions screen is where spending limits, virtual cards, and merchant blocking live.
Mobile is the bank
Eighty-three percent of sessions happen on a phone, in transit, with one hand. The mobile design starts from a thumb arc, not from a wireframe. Tap targets are forty-four pixels minimum, with eight pixels of breathing room on every side. The primary action lives in the bottom third of the screen, always within reach. The keyboard reveal does not push content off the visible area; instead, the form scrolls into the available space and the action stays visible. The same component library renders the same screens on web and on mobile. No re-skinning, no separate codepath.
The trust that comes out of this design is operational, not promotional. The card screen reveals the card number only after a biometric prompt, and it clears the clipboard after thirty seconds. The send screen never auto-fills the amount from prior activity, because the wrong nudge with money is worse than no nudge at all. The notification system is PSD2-compliant: transaction alerts arrive, but they never leak the merchant name or the amount on a lock screen unless the user has explicitly opted in. Every choice that touches the wallet is auditable, reversible, and tuned for the person who is checking their balance one-handed on the way to work.
Why this shape matters for a fintech founder
A fintech product is not the marketing site plus a card. It is the KYC flow on signup, the 3DS2 redirect on the first purchase, the ledger the auditor reads, the support reply the customer reads at 11pm when a transaction looks wrong, and the regulatory report that lands every month in the right format. kiBank is the shape of work that closes that whole loop under one design system and one infrastructure, not eight vendors each owning a slice of the customer. The result is a product that holds its shape when the next licence, the next geography, or the next product line lands.
What the work delivered
Two surfaces under one design system. One hundred and twenty components. Two hundred design tokens. One accessibility audit covering the full app. Web served under 200ms across Europe from Vercel Edge. App theme switching that costs zero round trips and survives a kill-and-relaunch.
What we deliver for this vertical
KYC integration with Onfido or Veriff
Document capture, liveness check, sanctions and PEP screening, all wired to a state machine the support team can audit.
Event-sourced ledger
Double-entry, immutable, replayable. The auditor's first request is satisfied by a SQL query, not a meeting.
PSD2 connectors for open banking
Account information and payment initiation via Tink, TrueLayer, or directly against the ASPSP API.
PCI scope minimisation
Card data never touches your servers. Stripe Elements or Adyen drop-in, tokens only, the server-side never sees the PAN.
3DS2 challenge flow
SCA-compliant, with a redirect-back route that holds the session through the issuer's challenge page.
Card scheme issuing
Visa or Mastercard tile, BIN sponsorship via a BaaS partner if you do not hold a licence yourself.
Transaction reconciliation
Daily three-way match between the ledger, the card scheme settlement file, and the bank statement.
Fraud and AML monitoring hooks
Rule engine plus ML model plus manual review queue. Suspicious transactions held server-side before they reach the customer.
Regulatory reporting export
SEPA, FATCA, CRS, transaction reporting in the formats the regulator actually asks for.
Compliance audit log
Every privileged action attributed, signed, queryable. The auditor walks in with one question and walks out with a CSV.
Biometric authentication
Face ID and Touch ID at app open, with a passcode fallback that does not feel like a downgrade.
Customer due diligence dashboard
Compliance-officer view of pending reviews, suspicious cases, expired KYC, and sanctions hits.
Push notification compliance
PSD2-compliant transaction alerts that never leak the merchant name or amount on a lock screen.
Card freeze, spend limit, virtual card
The three features customers actually reach for on day two, wired into the same state machine.
A stack that matches the regulator's notebook
Every layer here exists to pay for itself twice. Once when you are shipping the first version of the product, once when you sit across from a regulator or a compliance officer asking exactly how the system answers their question. We pick the stack that holds up in that second moment.
Next.js App Router on Vercel Edge. The marketing site and the app webview live in the same runtime, with TLS-terminated edge nodes that keep the KYC callback under 200ms anywhere in Europe. The 3DS2 redirect-back lands on a route protected by edge middleware that has already verified the session by the time it renders a single byte to the browser.
Supabase Postgres with row-level security and event sourcing on the ledger. Multi-tenant isolation enforced at the row, not in application code, because the regulator's first audit will ask exactly that question. The ledger is double-entry and immutable, with append-only postings, every balance derivable by replay, every reconciliation reproducible without a stored procedure.
Stripe Elements or Adyen drop-in for card data. The PAN never touches your servers, so the PCI scope stays at SAQ A. Tokens come back, payments go out, your codebase audits in an afternoon instead of a quarter.
Onfido or Veriff for KYC, wired to a state machine that the support team and the compliance team both read from the same screen. Sanctions and PEP screening on every signup and on every change of beneficial ownership, with the hit queue feeding straight into the customer due diligence dashboard.
Cloudflare R2 for customer document storage, namely KYC documents, statements, and regulatory reports. Encrypted at rest with customer-managed keys, signed-URL access only, no egress surcharge when the regulator asks for a full export of the last twelve months.
TypeScript strict from API to UI. Renames stay safe, schema migrations stay verifiable, the bus factor stays at zero. When the compliance officer who set up the rules leaves the team, the product does not lose its institutional memory.
Questions founders ask
Are you regulated, or do you ride on a BaaS partner?
We do not hold a licence ourselves. For issuing, payments, or deposit-taking we partner with a BaaS provider that does, and we wire the integration. The licensed entity stays the legal counterparty; we own the product surface and the integration code.
Can you connect to our existing core banking provider?
Yes. We have integrated against Mambu, Thought Machine, and a couple of European ASPSPs directly. If your core exposes a sane HTTP API and a webhook stream, we plug into it. If it does not, we wrap it with one.
How do you keep the PCI scope minimal?
Card data goes straight from the browser to Stripe Elements or Adyen drop-in. Your servers receive a token, never a PAN, never a CVV. The codebase ends up in SAQ A scope, which is the cheapest annual attestation you can buy.
How do you handle 3DS2 challenge flows on a fresh signup?
A redirect-back route holds the session through the issuer's challenge page, with an in-app fallback for when the customer is on the mobile flow. The customer never has to re-enter their card.
Can the ledger pass a financial audit?
It is double-entry, append-only, and event-sourced. The auditor gets read-only access to the postings table and reconstructs every balance with a SQL query. We have walked auditors through it; they leave faster than they came in.
What about sanctions screening and PEP lists?
We integrate ComplyAdvantage or Refinitiv at signup and on every change of beneficial ownership. Hits land in a queue that the compliance officer clears from the customer due diligence dashboard; the customer stays in pending until the queue is cleared.
How do you handle disputes and chargebacks?
The chargeback queue feeds a single support inbox, with the merchant notification, the cardholder evidence template, and the scheme deadline tracker on one screen. The team that handles refunds is the team that responds to the chargeback, so the customer hears one voice.
Do you handle the regulatory paperwork?
No. We work with the lawyers and compliance consultants you bring in. We can recommend partners we have shipped against, but the regulatory filings are not ours to sign.
Tell us about your fintech product
A scoping call, a concrete number in the first reply, no agency theatre and no pitch deck of similar-looking case studies.