Fintech engineering for the team that has to pass a SOC 2 audit by Q3.
PCI-aware design, ledger-first accounting models, idempotency by default. We have shipped under Stripe Connect, Plaid, Mercury, and three local-currency rails.
The three things that kill fintech MVPs.
Fintech engineering is mostly the same as any other engineering, with three exceptions: the audit, the ledger, and the regulator. The audit cycle starts ~18 months before you think it does. The ledger has to be append-only and double-entry from week one or it has to be redone. And the regulator's questions are about your code, not your pitch deck. Most fintech MVPs we inherit are missing one of these three by design.
What changes when a Metafic pod is in your repo.
Double-entry ledger as a separate service
Immutable, append-only, with replay-from-zero as a first-class operation. Reconciliation is a database query, not an investigation.
Idempotency keys on every money-moving operation
No exceptions. Including the internal services that talk to each other.
Audit log integrated into the data model
Not added as middleware. Every actor and every action is queryable, not just present in logs.
PCI scope minimization
Stripe Elements, iframes, or tokenization gateways. We do not put your card data on your servers.
Reconciliation jobs from day one
Against bank and processor reports, not as a quarterly exercise.
Who is on the pod for this work.
Pods scale up from here for Enterprise engagements.
Has shipped production ledger systems. Knows when to use Postgres exclusion constraints vs application logic.
Familiar with payment-processor integrations and the failure modes of each.
Property-based testing for ledger correctness. Chaos drills for retry storms.
SOC 2 control readiness, threat modeling, secret rotation patterns.
The bugs that bite this stack.
Floating-point arithmetic for money
Use cents or minor-units always. We have inherited too many codebases where a third of a cent has rounded its way into a lawsuit risk.
Idempotency keys that are not truly idempotent under retry storms
The most common quiet bug. Catches teams during their first payment-processor incident.
Webhook signature verification that does not constant-time compare
A real timing-attack vector. Trivial to get right, easy to get wrong.
User-facing balances calculated from non-authoritative sources
The ledger is the source of truth, not the cache.
Honest about scope.
We will not run your KYC/AML decisioning rules. We integrate with Persona, Alloy, Sumsub, or your provider of choice. The decision belongs to your compliance team, not your engineering team.
Common questions.
Can you help with SOC 2?
Yes for Type I and Type II readiness on the engineering controls. Your auditor is your relationship, not ours.
Are you familiar with PCI?
Yes. We help architect to stay out of scope when possible, and to handle scope cleanly when not.
Crypto or web3?
Selective. We have shipped custody and on-chain settlement for clients. We will not take work where the threat model is not realistic.
Do you do mobile fintech?
Yes. Flutter, React Native, or native, depending on the use case and your existing stack.
Ready to scope it?
A 25-minute call. We will tell you what we would do, what we would not, and whether a pod is the right shape.
Or stay in the loop. One engineering teardown a week.