Home / Sectors / FinTech
Vertical · FinTech & Open Banking

Banking software that
survives SAMA review.

We engineer the regulated core of Saudi fintech, payment rails, wallets, ledgers, Open Banking APIs, to the standard SAMA, NCA and PCI-DSS auditors actually check. Pass cybersecurity review on the first submission, not the third.

Scope your fintech build What we engineer
SAMA-readyCybersecurity framework controls native
PCI-DSS L1Tokenized card data, no PAN in storage
0 criticalsAt delivery, by design
Your data is sharing now
Customer InformationFirst Name, Last Name, Date of Birth and Nationality
DocumentsID Number, Issue Date, Issue Place and Version Number
Step 1Data Capture

We automatically capture and extract every required detail, name, phone, address, straight from your customer’s bank account.

Address Details
City Name
Postal Code
Step 2Proof of Address

We pull the customer’s address directly from their bank account for accurate, hassle-free verification.

Account Verified

Your account has been verified successfully

Step 3Successfully Registered

Our matching engine confirms the customer’s details match their account, stopping fraud and money laundering before it starts.

Swipe to explore
Open banking, engineered

From money movement to Face ID, we build the entire banking app.

Real-time transfers, multi-bank Open Banking aggregation, analytics dashboards and biometric authentication, one secure, SAMA-ready system we engineer end to end.

9:415G
Accounts3 connected banks
SenderAcct ****1224
−$300
RecipientAcct ****3618
+$600
SalaryAcct ****0090
+$5,200
Money Transfer
Sender****234
Recipient****579
$500 USD
Sent
Real-Time Flow
Open Banking
Bank AConnected$34,500
Bank BConnected$12,890
Bank CSyncing$0
Analytics
Line graph
Bar charts
Portfolio Value$148K
Secure Authentication
Face ID · Verified
Real-time transfersOpen BankingAnalyticsBiometric authSAMA-ready
Also: we build blockchain & tokenization
The challenge

Where do fintech platforms fail?

We've reviewed enough Saudi fintech codebases to see the same patterns. Every one of them is engineered out of an NX build from day one.

Ledger drift

Balances drift from the source of truth under concurrent writes. The reconciliation team spends nights finding pennies that hide millions.

PCI-DSS gaps

Card numbers in logs, plaintext in databases, ad-hoc encryption. A single QSA visit ends the launch plan.

KYC theatre

OCR on a phone photo and a checkbox. SAMA wants Nafath verification, sanctions screening and a documented audit trail of every step.

Burst latency

The payday spike pushes p99 above 5 seconds. Customers retry; duplicate charges follow; trust evaporates faster than the queue clears.

No audit trail

"Who approved this transfer?" returns silence. SAMA, internal audit and the next investor all need an immutable answer.

AML blind spots

Structuring, velocity anomalies and sanctioned counterparties pass through unnoticed. The first you hear is a regulator letter.

What we build

What do we engineer?

Production modules we ship and integrate. Each is mapped to the regulator that will eventually audit it.

Double-entry ledger

Concurrency-safe, append-only ledger with immutable audit trail and end-of-day reconciliation. The single source of financial truth.

Nafath KYC & onboarding

National identity verification flows with sanctions screening, PEP checks and risk-based onboarding tiers.

PCI-DSS tokenization

Card data never touches your application database. Network-token vault, HSM-backed encryption, scoped IAM.

SAMA Open Banking

Account-information and payment-initiation API surfaces aligned with the SAMA Open Banking framework, sandbox to production.

Transaction monitoring

Real-time rules engine for AML, fraud and velocity, with case management, SAR workflow and full evidentiary trail.

Regulator reporting

Automated SAMA reporting schedules, audit-trail evidence packs, and the dashboard internal audit asks for first.

4.2MTransactions per day cleared at launch peak
99.99%Uptime SLA on regulated payment paths
0Critical findings on first SAMA cybersecurity review
11wAverage time to production for a SAMA-aligned core
Integration coverage

Wired into the Saudi payment ecosystem

Regulators & identity

  • SAMA Open Banking & sandbox
  • Nafath identity & Absher Business
  • NCA ECC 1.0 controls
  • PDPL data-residency
  • SAR / GoAML reporting

Payment rails

  • Mada local network
  • HyperPay / Moyasar / Tap
  • SADAD bill payment
  • Visa / Mastercard tokenization
  • Apple Pay / Mada Pay

Banking & infra

  • Core banking partners
  • HSM / KMS infrastructure
  • Sanctions list providers
  • Bank reconciliation feeds
  • FX & remittance corridors
Common questions

Engineering Saudi fintech, answered

Do we need a SAMA licence before we engage?

No. Many of our engagements run in parallel with the licensing process, we engineer the platform to the standard the eventual review will expect, so by the time the licence application is reviewed, the technical case is already documented and ready.

Can you take a SAMA sandbox build to production?

Yes. We treat sandbox as an interim milestone, not a deliverable. The same architecture, controls and audit trails go to production unchanged, that's the entire point of building it institutional from the start.

What about Open Banking specifically?

We implement the SAMA Open Banking technical standards end to end, account information services and payment initiation, consent capture, sandbox onboarding and production hardening, with the security and resilience controls the framework requires.

How is card data handled?

It isn't, by you. We architect tokenized handling so PAN never lives in your application database. The cardholder-data environment is isolated, HSM-backed and PCI-DSS-scoped, keeping audit scope small and customer data safe.

Engineer the fintech
regulators will actually clear.

Tell us where you are, licensing, sandbox, scaling. We'll map the architecture and the controls that will pass review.

We usually reply within one business day
Other sectors

Adjacent verticals we engineer

02InsurTechCCHI · Najm · automated claims adjudication. 03PropTechREGA · Ejar · concurrency-safe bidding. 04E-CommerceHeadless commerce · ZATCA · surge-proof. 05LogisticsRoute AI · WMS · IoT telemetry.