Cut AI Costs by 90%: Why Smart Companies are Downsizing to Small Language Models (SLMs)
We developed an end-to-end digital wallet infrastructure for Oman’s largest payment service provider, supporting 500,000+ active users. Our middleware ensures seamless MPCSS integration for national-scale P2P transfers and utility settlements.
ONEIC is the largest licensed Non-Banking Financial Institution (NBFI) and Payment Service Provider in the Sultanate of Oman. ONEIC serves as the primary clearinghouse for national utility billing, government fee collections, and private sector payments. Within the scope of this project, the digital wallet system manages the transition of these high-volume cash and bill-payment workflows into a centralized, mobile-first financial ecosystem.
FINTECH TRANSFORMATION
The primary objective was to transition ONEIC from a traditional payment collection service to a licensed digital wallet provider under the Central Bank of Oman’s Mobile Payment Central Switching System (MPCSS) framework. The project required a highly secure middleware layer capable of orchestrating real-time transactions across diverse national and private financial endpoints.
The primary mandate was to align the digital wallet system with the Central Bank of Oman’s MPCSS framework. This required a direct, secure integration with the MPCSS switch to ensure interoperability for P2P transfers and utility settlements across all national payment providers.
A core requirement was the development of a centralized wallet engine to manage user funds, transaction ledgers, and real-time reconciliation. To ensure the highest level of financial security, the architecture had to be PCI-DSS compliant, protecting sensitive data during every transaction lifecycle.
To replace manual registration processes, the project required a digital Know Your Customer (KYC) workflow. This system needed to validate user identities against national databases in real-time, ensuring that every account issued met government-mandated security and anti-fraud standards.
The business needed a unified middleware layer to act as the “financial brain” of the ecosystem. This layer was required to bridge communication between the Flutter-based mobile apps, legacy billing systems, and the central bank’s switching infrastructure without introducing latency or data silos.
A key objective was to drive financial inclusion by making small-scale payments accessible. This necessitated the creation of a Virtual Identifier system, allowing users to send and receive money using simple, memorable names rather than complex bank account numbers.
CORE ARCHITECTURE
ONEIC’s Digital Wallet ecosystem is architected as a high-availability, middleware-centric platform. Utilizing a PHP Laravel backend, we created a unified orchestration layer that manages real-time data flow between the cross-platform mobile applications and a sophisticated network of national and international financial endpoints.
Digital Wallet Platform & Payments Infrastructure Architecture
Figure 1: An architectural diagram showing how a Digital Wallet Platform operates.
The user-facing layer of the system is the ONEIC Pay application, developed using the Flutter framework. This choice ensures a high-performance, native-quality experience on both iOS and Android from a single codebase. The application serves as the primary touchpoint for over 500,000 users, providing a secure interface for utility settlements, QR payments, and real-time balance management.
At the heart of the system is a custom-built PHP Laravel middleware. This layer acts as the “Financial Brain,” managing API requests, transaction security, and business logic. It ensures that the ONEIC Pay app remains lightweight and responsive while the backend handles complex, encrypted routing to the Legacy ERP, the Wallet Engine, and the National Payment Switch.
To manage the digital ledger and fund security, we integrated a PCI-DSS compliant wallet engine from FSS India. This engine serves as the core account management system, handling real-time balance updates and transaction reconciliation. Our middleware facilitates all communication with this engine to ensure that user funds are tracked with banking-grade precision.
To automate user onboarding and meet the Central Bank of Oman mandates, the system integrates with Uqudo. This digital KYC service enables real-time identity verification against official national databases. The architecture ensures that a user is only granted access to the ONEIC Pay features once their identity is government-validated, reducing fraud and manual overhead.
A critical component of the architecture is the Mobile Payment Central Switching System (MPCSS) integration. This allows ONEIC Pay to remain fully interoperable with other payment providers across the Sultanate. Through this integration, users can perform instant P2P transfers and utility settlements across a standardized national infrastructure directly from their mobile device.
SECURITY PROTOCOLS
We rebuilt the platform using a Flutter (Frontend) and Laravel (Backend) stack, designed for high-concurrency and operational efficiency.
USER VERIFICATION
To meet the Central Bank of Oman’s stringent anti-money laundering (AML) mandates, we implemented a seamless, paperless onboarding workflow. Utilizing the Uqudo integration, the system performs real-time identity validation against national databases. This ensures that every ONEIC Pay account is tied to a verified legal identity, effectively eliminating manual verification bottlenecks and reducing the risk of synthetic identity fraud.
Figure 2: Streamlined digital KYC with mobile identity verification and automated data capture.
ENHANCED PROTECTION
A critical security safeguard we implemented is the mandatory 24-hour cooling-off period for new users or significant account changes. Upon successful registration or the addition of new payment credentials, certain high-value transaction capabilities are restricted for the first 24 hours.
Figure 3: Secure wallet activation with a 24-hour security cooling-off period.
LAYERED AUTHENTICATION
Security is embedded into every transaction lifecycle. The ONEIC Pay system utilizes a multi-layered authorization approach:
Device Binding
Each wallet is cryptographically bound to a specific mobile device to prevent unauthorized access from unrecognized hardware.
Dynamic OTP
All outgoing transfers and bill payments require a One-Time Password (OTP) delivered via the secure communication layer.
Biometric Integration
We leveraged Flutter’s native capabilities to allow users to authorize transactions using FaceID or TouchID, adding a layer of non-repudiation to every transfer.
Figure 4: Secure user authentication via a multi-factor OTP verification screen.
FINANCIAL PRECISION
Operating on the national MPCSS switch requires millisecond-accurate reconciliation. Our middleware manages a three-way handshake between the ONEIC Pay app, the FSS wallet engine, and the central bank’s clearing system. This ensures that funds are never “in-flight” without a recorded audit trail, providing instant finality for P2P transfers while maintaining 100% ledger accuracy.
Figure 5: Middleware architecture connecting the ONEIC Pay app, wallet engine, and central bank.
Comprehensive Digital Wallet Architecture and Secure Payment Processing Infrastructure for Scalable Real-time Financial Ecosystems
Figure 6: A step-by-step flowchart of the digital wallet process, from secure user onboarding to real-time payment settlement.
From MPCSS integration to loyalty rewards, Mindster delivers compliant, production-ready fintech infrastructure built for the markets that need it most. Built on a foundation of Flutter and Laravel, our architecture ensures peak performance, seamless updates, and an unparalleled user experience across all platforms.
RESULTS & MEASURABLE IMPACT
The deployment of the ONEIC Pay digital wallet transformed the organization from a traditional billing entity into a modern financial technology leader. By automating core workflows and integrating with the national payment infrastructure, the project achieved significant operational efficiencies and market penetration.
Within the first 12 months of launch, the ONEIC Pay application onboarded over 500,000 active users. This rapid adoption was driven by a frictionless, paperless onboarding process and the strategic integration of loyalty rewards, which incentivized frequent transaction volume and increased long-term user retention.
A key driver for the platform’s success was the significant reduction in costs for the end-user. By bypassing traditional, high-friction payment methods, ONEIC Pay provides a lower transaction fee structure.
The system successfully democratized small-scale digital payments through the use of Virtual Identifiers. By allowing users to perform instant peer-to-peer (P2P) transfers using simple aliases rather than complex bank details, we made micro-transactions accessible to the general public. This has turned the wallet into a daily-use tool for small-value transfers, further driving financial inclusion.
By implementing Automated Digital KYC (Uqudo) and real-time middleware orchestration, the organization reduced manual intervention in the onboarding and reconciliation process by 80%.
Since its implementation, the multi-layered security framework, including the 24-hour cooling-off period and device binding, has maintained a 100% success rate in preventing unauthorized account takeovers. The system operates in full compliance with Central Bank mandates, ensuring long-term operational and regulatory stability.
Core Success Pillars: Accelerating Digital Adoption and Maximizing Impact Overview
Figure 7: Oneic Pay success pillars
Every digital wallet project faces complex hurdles, from national MPCSS integration to PCI-DSS security standards. Let’s apply our 500,000-user scaling expertise to your next fintech breakthrough.
CLIENT SUCCESS STORIES
A mobile-first Sales Force Automation app for streamlined order delivery, real-time inventory visibility, and seamless settlement management across…
Fintech
A mobile-first Sales Force Automation app for streamlined order delivery, real-time inventory visibility, and seamless settlement management across…
Healthcare
A mobile-first Sales Force Automation app for streamlined order delivery, real-time inventory visibility, and seamless settlement management across…
Manufacturing & Distribution
LATEST BLOG
FAQ'S
Compliance is achieved through a "Regulatory-by-Design" architecture. For the ONEIC Digital Wallet & ONEICPay App project, we utilized a PHP Laravel middleware to enforce CBO-mandated data residency and AML protocols. Most importantly, the system maintains a granular audit trail that logs every user action—from login attempts to transaction confirmations—ensuring 100% transparency for regulatory audits.
Data residency in the GCC requires that all PII (Personally Identifiable Information) and financial transaction logs remain within the host country's borders. Our architecture supports localized hosting on secure domestic servers, ensuring that ONEIC user database and transaction ledgers never leave Oman, fully adhering to regional sovereignty laws.
PSPs must provide real-time transaction monitoring and automated "Suspicious Activity Reports" (SAR). Our system automates these standards by integrating Uqudo for identity validation and generating an immutable audit log. This log captures the "Who, What, When, and Where" of every transaction, providing the forensic evidence required by GCC financial regulators to combat money laundering.
Integration is handled via a secure API gateway in our PHP Laravel orchestration layer. For ONEICPay, the Flutter app sends a request to our middleware, which performs a secure handshake with the MPCSS and the FSS Wallet Engine. This allows for interoperable, real-time P2P transfers across all banks in the country.
The Wallet Engine (like FSS) acts as the core ledger for balances. Our PHP Laravel Middleware serves as the "Intelligence Layer." It orchestrates external integrations such as WhatsApp APIs and Legacy ERPs and manages the Comprehensive Audit Trail. By logging actions at the middleware level, we capture user intent and API handshakes that a standard ledger might miss.
While standard Face ID unlocks a local device, "Liveness Checks" (integrated via Uqudo) prove that a real person is present during onboarding. This prevents fraud using photos or videos. Our implementation requires users to perform specific actions, ensuring that the identity being verified is physically present and legitimate.
We mandate Vulnerability Assessment (VAPT) and Audit Integrity Testing. For the ONEICPay project, we specifically tested the system's ability to maintain a continuous audit trail under high-concurrency billing peaks. This ensures that even during system stress, no user action or transaction goes unrecorded, meeting the highest standards of financial accountability.
A production-ready rollout typically spans 9 to 12 months. Our deployment for ONEIC followed a structured path: 6 months for core development& MPCSS and wallet engine integration, and 3 months for a controlled regulatory sandbox and pilot launch to ensure 100% stability.
Yes. Our middleware is designed to be extensible. We integrated our Loyalty Rewards Engine into the wallet flow, allowing users to earn and redeem points instantly. This feature was a key factor in increasing daily transaction volume and customer retention for our retail partners.
Kerala
Bangalore
Dubai
US
SBC Unit 4, 4th Floor, Sahya Govt. CyberPark, GA College P.O,Calicut, Kerala-673014, India
Get In Touch
