Blog
Engineering
LinkedIn

Inside Fipto's Payment System

Jean-Laurent Glaizot
Jean-Laurent Glaizot
February 10, 2025
Inside Fipto's Payment System

A payment system isn’t just about moving money—it’s the ability to send or receive funds securely, efficiently, transparently, and in any currency. Nowadays, payments also have to accommodate stablecoins—cryptocurrencies that belong to a fully separate ecosystem based on blockchain technology. Therefore interoperability between fiat and cryptocurrencies is necessary. Businesses have specific needs that add significant complexity to process payments. If you want to build such system suitable for companies making payments you will have to implement additional layers (compliance, governance…) that are integrated and scalable.

Behind every seamless transaction lies a sophisticated, multi-layered engine. In this post, we’ll unpack the complexities of building an efficient, compliant, and user-friendly payment flow, and how we solved the many challenges along the way.

The Challenges of Payments in the Digital Age

Creating a payment system that truly works requires more than just moving money. Here’s what success demands for this industry:

1. Efficiency

  • Speed: Transactions must happen instantly (or within minutes).
  • Security: Payments should be immutable, traceable, transparent and consistent, avoiding “double spending” or errors in amounts or beneficiaries.
  • Scalability: Being able to handle a large volume of transactions, both technically and operationally, is a must. Doing it in a cost-effective way is the key to build a scalable payment engine.

2. Compliance and Governance

  • Compliance with regulations for both fiat and crypto ensures no illicit money enters the system. This must be aligned with the various region where we offer the service.
  • Governance tools, such as user management and multi-signature approvals, allow businesses to replicate their existing workflow in any payment solutions.

3. Simplicity

  • Payments should be easy to execute and manage, whether through APIs for developers or intuitive user interfaces for finance teams.

Building an Efficient Payment Engine

To create a reliable and robust payment flow, we focused on three key pillars: seamless integrations, secure technology, and scalability.

Seamless Integrations

Our payment flow relies on partnerships with fiat and crypto payment processors. Ensuring smooth, secure, and high-availability connectivity was essential. We used state-of-the-art API integration with a focus on:

  • Simplicity: Our APIs, built on top of standard protocols (HTTP Signature), are designed for clarity and ease of use. With verbose, self-explanatory endpoints and payloads, anyone can quickly understand and integrate them.

Here is a high-level view of the integration setup with our payment partners:

  • Reliability: By leveraging asynchronous, event-driven, serverless architecture with Golang, we minimised downtime and improved performance to properly build a payment infrastructure on top of it.

Here is an overview of our event-driven architecture:

Securing Transactions

Building trust in a payment system means ensuring every transaction is immutable and auditable. We use AWS Aurora Postgres V2 in order to:

  • Maintain immutability, traceability, and auditability over time.
  • Boost performance, reducing processing time and increasing load capacity.

This technology enables us to build a resilient ledger system at Fipto. Read more

We also implemented safeguards to prevent errors, such as:

  • Idempotency Identifiers: We added an idempotency identifier within the payout initiation payload in order to prevent API users to send a payload multiple time. This can happen with:
    • Programmatic errors
    • Mistakes from clients
    • Network errors
  • Smart payment validation:
    • Like traditional payment providers, we warn clients whenever they do duplicate transactions in a short period of time. The client must validate with a strong authentication that he really wants to process a payment that is similar to a previous one in the same day. In order to do that, we based our detection tool on the amount and beneficiary during a timeframe of 24h to raise alerts in case of duplicates.
    • We check and validate account numbers formats for fiat and blockchain addresses for crypto, ensuring funds aren’t lost due to typing mistakes or tentative of fraud.

Balancing Security with Flexibility

For some high-value transactions, we introduced additional layers of security:

  • Transaction Authorisation Policy Rules : Large payments require approval from a quorum of approvers. Those rules help us manage our operational risks when managing substantial amounts.
  • Distributed environments to sign transactions: Payment signatures are distributed across multiple servers, reducing the  risk exposure of critical secrets.

Scalability

Being able to handle a high volume of transactions is crucial. Our previous QLDB setup could process 10 payments per second, with all excess transactions queued for processing. With Aurora Postgres, we’re pushing for even greater capacity. Our serverless based architecture allows us to scale the infrastructure as much as needed to handle constant traffic or peak.

Meeting Compliance and Governance Requirements

Payments in the corporate world aren’t just about transferring funds; they must meet strict compliance and governance standards. Fipto turned these challenges into strengths by embedding advanced compliance tools into our system.

1. Transaction Screening and Monitoring

We screen every transaction, including their beneficiaries to ensure it aligns with our corporate policies. We also evaluate  if each transaction corresponds to the client risk profiles that has been defined while establishing the business relationship.

  • Fiat Payments: We defined our own transaction screening and monitoring rules that we run for each transaction (outgoing and incoming). For exemple: checking the source of funds, checking the beneficiary names against sanction lists…
  • Crypto Payments:
    • We screen for risky wallet addresses and apply our decision framework based on the risk score.
    • We ensure compliance with the Crypto Travel Rule by exchanging the required data with other Virtual Asset Service Providers (VASPs).

For additional details on this topic, read this article.

  • Unified Context Check: Our rule-checking engine aggregates fiat and crypto transactions along with the client risk profile to ensure alignment between client operations and expected behaviours.

2. Governance Tools for Businesses

Corporate clients often require a specific set of features adapted to their security workflows. To accommodate this we implemented features that fit their needs :

  • Multisignature Approvals: For both fiat and crypto, payments require multiple users' approval before they can be executed.
    • This feature allows a company to decide how many users are needed to sign any outgoing payment.
    • Each signer must be strongly identified and must use a TOTP (Time-based One-Time Password) when signing a payment.
    • Each signer has the ability to sign or refuse a payment.
    • The process is totally asynchronous and each payment that needs a signature is verified each time a user signs to be as fast as possible in the processing time.
    • We’ve also introduced the ability to sign transactions in 'batch,' reducing the need for multiple signatures and TOTP requests.
  • User roles: both our API and front-end platform support multiple user roles, each with a predefined set of authorised actions. These roles range from admin rights to read-only access, aligning with corporate governance standards.

What Sets Fipto Apart?

At Fipto, we prioritize the security of our clients and their funds. We view compliance as a valuable tool that enhances our ability to provide a secure and reliable payment system. By embedding comprehensive compliance checks and flexible governance features into our payment engine, we ensure that our platform meets the highest standards while supporting seamless business operations.

As a summary, here is a diagram showing our compliance and governance engines when it comes to transactions at Fipto:

Conclusion

At Fipto, we've combined decades of payment expertise from our tech, product, operations, and compliance teams to create a robust, resilient, and scalable infrastructure supporting both fiat and crypto payments.

Our infrastructure is optimised to meet the unique needs of businesses, with a strong focus on compliance, governance, and efficiency. If you're looking to explore how this can transform your payment processes, dive into our API documentation or request a demo to see how we can help you scale your payment flows globally.

Related Posts

Here are more perspectives shared on similar topics

Inside Fipto’s Ledger System
Engineering
January 17, 2025
Learn how we built a next-generation ledger that can handle both fiat and digital currencies seamlessly, enabling businesses and financial institutions alike to step confidently into the future of payments.
Read more
From VASP to CASP: How the Travel Rule Redefines Crypto Compliance
Industry
December 10, 2024
The Travel Rule, set to take effect in the EU on 30 December 30 2024, marks a significant step towards enhancing the security and transparency of crypto payments.
Read more
The Stablecoin Sandwich: A Smarter Way to Handle Cross-Border Payments
Industry
November 28, 2024
Discover the Stablecoin Sandwich, an innovative approach to cross-border payments using blockchain and stablecoins for faster, cost-efficient, and scalable international transfers.
Read more
View all