A payment processor to financial-institution certification

The situation

un-doi has been processing payments out of Cluj-Napoca since 1997. Today a network of 170 providers, 11,000 stores, and 7,000 partners across 3,500+ locations in Romania, handling utilities, insurance, gaming, phone top-ups, and taxes through in-store payment centers and two apps (B2B launched 2016, B2C launched 2020). New financial regulations required certification as a financial institution, with strict standards for security, reliability, and operational posture. Three organizations had to ship in sync: un-doi's internal engineers, their longstanding software provider, and us.

What we did

• Audited across security, functionality, usability, and reliability. Turned 'make it compliant' into a scoped plan mapped to the certification requirements.
• Consulted on regulatory posture and guided the structural changes certification would require, from access controls to operational SLAs.
• Shipped code-quality work alongside feature delivery, not after. Each release cleared certification ground as it went.
• Introduced industry-standard branching, code review, and release practices across all three teams.
• Carried the three-way coordination so un-doi leadership stayed above the weekly delivery detail.

The outcome

• Financial-institution certification requirements met. un-doi cleared as an FI.
• Infrastructure migrated to Terraform-based IaC. Reproducible, reviewable, safe to change.
• Branching, code review, and release practices shared across all three teams.
• Automated testing introduced across the development lifecycle. Defects caught before release.

Stack

Java AWS React Terraform RestAssured