Mobile Payment Gateway
End-to-end encrypted payment processing platform built for a West African SME lender. Handles 10,000+ daily transactions with sub-200ms response times and full PCI-DSS-aligned architecture.
10k+Daily transactions
<200msAPI response
0Security incidents
The Challenge
The client was processing payments through a third-party app with high fees, no audit trail, and no ability to reconcile transactions with their core banking system.
What We Built
A custom payment gateway with MTN Mobile Money and Vodafone Cash integration, real-time transaction reconciliation, fraud detection rules engine, and a merchant dashboard with exportable reports.
Security Measures
- End-to-end TLS 1.3 encryption on all API calls
- Tokenised card data — no raw PAN stored
- IP allowlisting and rate limiting on merchant APIs
- Full audit log with tamper-evident hashing
Node.jsPostgreSQLRedisAWS LambdaMTN MoMo API
Multi-Branch ERP System
Custom inventory, HR, and financial reporting platform deployed across 8 retail locations with role-based access control, real-time stock sync, and automated month-end reporting.
8Branches live
60%Less manual work
GHS 0Licensing fees
The Challenge
Operations ran on a patchwork of Excel sheets, WhatsApp messages, and a decade-old accounting package. Stock discrepancies were discovered weeks after the fact.
What We Built
A unified web-based ERP with real-time inventory sync across branches, payroll management, supplier purchase orders, and automated financial dashboards exportable to PDF and Excel.
Security Measures
- Role-based access — cashiers, managers, admins, finance all see different data
- Full audit log — every record change is attributed and timestamped
- Encrypted database backups pushed to S3 nightly
ReactDjangoMySQLDockerNginx
Telecom Portal Security Audit
Comprehensive penetration test and full remediation engagement for a telecom company's 200,000-user customer self-service portal. 17 critical vulnerabilities identified and resolved.
17Critical issues fixed
200kUsers protected
A+Final security score
The Challenge
Following an industry-wide wave of account takeovers in West Africa, the client needed an independent security assessment before a regulatory audit.
What We Did
Full black-box and grey-box penetration test covering the web portal, mobile API, and admin panel. Delivered a prioritised remediation report, then worked alongside the client's dev team to patch every finding.
Key Findings Resolved
- Broken Object Level Authorization on account API (IDOR)
- Unauthenticated password reset via SMS OTP bypass
- Stored XSS in customer support ticket system
- Exposed admin panel with default credentials
Burp SuiteOWASPMetasploitNmap
Field Agent Tracking App
Cross-platform mobile app for a microfinance institution to manage 150+ field loan officers — GPS check-ins, offline-first data capture, and real-time dashboard for supervisors.
150+Field agents
OfflineFirst architecture
40%Faster loan processing
The Challenge
Field agents operated in areas with no reliable internet. Paper-based data capture led to errors, delays, and fraud. Management had no real-time visibility into agent activity.
What We Built
A Flutter app that syncs data when connectivity is available and stores everything locally when it isn't. Includes GPS-stamped visit records, photo capture, e-signature for loan agreements, and a web dashboard for supervisors.
FlutterSQLiteFastAPIPostgreSQLGoogle Maps API