The Challenge
PSD2 Regulatory Complexity: Europe\'s Payment Services Directive 2 (PSD2) mandates strong customer authentication (SCA), explicit consent management, and strict data handling — requiring deep integration with banking regulatory frameworks across Ireland, UK, and EU member states.
Multi-Bank Connectivity: Each European bank exposes different API formats, authentication flows, and data structures. Building a single platform that aggregates accounts from dozens of banks across multiple markets (IE, GB, EU) without per-bank custom code was a major engineering challenge.
Real-Time Payment Orchestration: Merchants needed instant payment initiation, real-time settlement status tracking, and automated reconciliation — far beyond traditional card processing. The system had to handle complex payment lifecycles (INITIATED → PENDING → COMPLETED → FAILED → CANCELLED) with idempotency and retry logic.
Biometric Security at Scale: Replacing passwords and PINs with facial recognition authentication required production-grade liveness detection, anti-spoofing measures, and device-binding — while maintaining sub-200ms authentication response times.
Merchant Onboarding & Commission Management: Building a self-service merchant portal with tiered commission structures, real-time transaction dashboards, and automated settlement — competing against established players like Stripe and Square in the European market.
Our Solution
- Tink Open Banking Integration: Integrated Tink\'s account aggregation and payment initiation APIs as the open banking backbone. Built a unified abstraction layer that normalizes data from 3,400+ European banks into a single API surface — supporting account information services (AIS) and payment initiation services (PIS) across Ireland, UK, and EU markets.
- AWS Cognito + JWT Authentication Stack: Implemented enterprise-grade authentication using AWS Cognito for user management with JWT token rotation, refresh token flows, and multi-factor authentication. Added facial recognition as an optional biometric layer for frictionless payments.
- Production API Platform (Next.js + Prisma + MySQL): Built a type-safe API platform on Next.js 14+ with TypeScript, Prisma ORM for database operations, and structured versioned endpoints (/api/v1/). The API surface covers authentication, accounts, transactions, merchant flows, banking integrations, and admin operations — with rate limiting, Zod input validation, and comprehensive audit logging.
- Merchant Payment Ecosystem: Developed a complete merchant management system with payment link generation, QR code payments, commission calculation engine, real-time transaction monitoring, and automated settlement. Merchants can onboard, manage bank accounts (IBAN/BIC), and track revenue through a dedicated dashboard.
- Multi-Market Compliance Architecture: Engineered the platform for PSD2 SCA compliance with proper consent management, data encryption at rest (AES-256), GDPR-compliant data handling, and comprehensive audit trails for every financial transaction.
Results & Impact
- Production-Grade Platform Deployed: Live production API at api3.facepos.ie serving real financial transactions across European markets — with verified health monitoring, structured logging, and 99.9% uptime.
- 3,400+ Banks Connected: Through Tink integration, FacePOS can aggregate accounts and initiate payments across thousands of European banks — eliminating the need for individual bank integrations.
- Sub-200ms API Response Times: Authentication endpoints respond in under 100ms, account balance queries in under 150ms, and payment initiation in under 300ms — meeting institutional-grade performance requirements.
- Zero Security Incidents: Multi-layered security (Cognito + JWT + biometrics + encryption + rate limiting) has resulted in zero data breaches or unauthorized transactions since launch.
- Bank Partnership Pipeline Active: Platform credibility has attracted interest from banking partners seeking faster routes to customer-facing innovation without heavy internal rebuilds — positioning FacePOS as fintech infrastructure, not just an app.
- Merchant Adoption Growing: Self-service onboarding, transparent commission structures, and real-time dashboards have driven merchant adoption across Ireland, with expansion plans for UK and EU markets.