Technical teardowns of the fintech infrastructure we've shipped.
Anonymized by contract — client, bank, and network names are withheld. The architecture, security work, and outcomes are real.
Secure eBill Infrastructure Layer
A bank-grade software partner layer connecting a financial institution to the national eBill network.
In plain English: EBICS is the secure standard banks use to exchange payment files across Germany, France, Switzerland and Austria; eBill is Switzerland's service that delivers invoices straight into a customer's online banking, reaching ~95% of Swiss banks.
The Challenge
A regional European financial institution needed a white-label invoice-management system with direct, zero-downtime access to the national eBill network — under strict data-privacy rules, and gated by the bank's own internal security audit.
Our Solution
We engineered the secure software partner layer that bridges the core banking system and the eBill network: EBICS v2.5/v3 file transport, ISO 20022 (camt) processing, Swiss QR-bill, templated document and PDF generation, and digital signing.
The Security Hurdle
Early internal audits exposed gaps in the encryption and key-handling expectations. We re-architected around HSM-backed key management (Cloud KMS), X.509/RSA digital signing, OAuth2/JWT with mutual TLS, audit logging, secret management and workload identity — achieving a 100% pass from the bank's security team.
The Result
- Passed the bank security audit on the strengthened architecture
- Live B2B digital-invoicing pipeline in the Swiss market
- Zero-downtime integration with the national eBill network
- Reusable partner layer hardened for regulated environments
Tech Stack
White-Label Invoice Management Platform
A multi-tenant biller, payer, and admin platform across web and mobile, with automated bank reconciliation.
The Challenge
Deliver a multi-tenant, white-label billing platform serving billers, payers, and administrators across web and mobile — with automated bank reconciliation and multi-channel invoice delivery, built to scale with transaction volume.
Our Solution
We built event-driven Kotlin/Vert.x microservices with ISO 20022 camt.054 reconciliation, Vue.js (Vuetify) portals for biller, payer, admin and support roles, and a Flutter mobile app — backed by MongoDB/Redis behind an API gateway. Secure onboarding runs through automated identity-verification (KYC) workflows and legally binding e-signature for contract approval.
The Result
- Automated payment matching from camt.054 bank statements
- Multi-channel delivery: eBill, email, post, and SMS
- White-labelled portals deployed across 15+ organizations, managing access for thousands of end-users
- Architected to process high-concurrency payment volumes (10,000+ daily invoice events without latency)
Tech Stack
Cloud-Native Payment Microservices & QR-Bill Engine
Swiss QR-bill and document tooling on a GitOps-driven, multi-cloud platform with strict data residency.
The Challenge
Build payment-standard tooling — Swiss QR-bill generation and document/PDF generation — plus the cloud-native platform to deploy and operate dozens of services reliably, with strict Swiss/EU data residency.
Our Solution
We delivered a QR-bill generation engine and templated document service, with Terraform-provisioned GKE on GCP (europe-west6), ArgoCD GitOps with automated sync, Workload Identity and Secret Manager, multi-cloud delivery across GCP and AWS, and Jenkins/Bitbucket CI/CD.
The Result
- Repeatable, GitOps-driven multi-service delivery
- Swiss/EU data residency with HSM-backed secrets
- Standards-compliant Swiss QR-bill generation at scale
- Autoscaling infrastructure tuned for payment workloads