A payment processor to financial-institution certification

The situation

un-doi has been processing payments in Cluj-Napoca since 1997 — today a 170-provider, 11,000-store, 7,000-partner network covering 3,500+ locations in Romania. New financial regulations required certification as a financial institution, with strict standards for security, reliability, and operational posture. At the same time, the B2C mobile app (launched 2020) and the B2B app (launched 2016) both needed to improve — fewer bugs, better flow, new capabilities. Three organizations had to work in sync: un-doi's internal engineers, their incumbent software provider, and us.

What we did

• Ran a full audit across security, functionality, usability, and reliability — turning a vague 'make it compliant' goal into a scoped plan.
• Consulted on regulatory compliance and guided the posture changes that certification would require.
• Tackled code quality and technical debt in parallel with feature work, not after.
• Introduced industry-standard branching, code review, and release practices across the three teams.
• Coordinated across all three organizations — so leadership didn't have to carry the alignment tax.

The outcome

• Infrastructure migrated to Terraform-based IaC — reproducible, reviewable, safe to change.
• Branching strategy and code quality brought up to industry standard.
• Defect rate down via automated testing across the development lifecycle.
• Financial-institution certification requirements met.

Stack