System Architecture: Microservices vs Monolith
Start with a monolith. A well-designed monolith on PostgreSQL will outperform microservices for apps processing under 10,000 daily transactions. Build with clean module boundaries so you can extract services later when specific functions need independent scaling. Deploy on AWS Lagos region for lowest latency to Nigerian users.
Database Design for Transactions
PostgreSQL is the standard for its ACID compliance and financial workload performance. Your transaction table must include a unique reference (system-generated), amount in kobo, currency code, transaction type (debit, credit, reversal), status, and timestamps. Store the gateway reference and raw response alongside internal references. Implement double-entry ledger from day one. Every credit has a corresponding debit. Compute balances from the ledger, never store them directly.
Payment Gateway Integration
Integrate Paystack, Flutterwave, or both. Build a gateway abstraction layer with a common interface for initialising payments, verifying transactions, and processing refunds. Implement gateway failover with circuit breaker patterns. If one gateway returns 5xx errors, automatically retry through the secondary gateway.
Transaction Reconciliation
Run daily reconciliation comparing internal records, gateway transaction lists, and bank settlement statements. Match by reference, amount, and status. Flag discrepancies for manual review. Common issues include partial settlements (gateway fees deducted), failed transactions recorded as success, and orphaned payments where the system crashed before recording.
Security: Encryption and Tokenization
TLS 1.2+ for all data in transit. AES-256 for data at rest including PII, transaction records, and credentials. Never store card data; use gateway tokenization. Implement column-level encryption for highly sensitive fields. Follow CBN Technology Risk Assessment and PCI DSS requirements.
Compliance Considerations
CBN requires compliance with Guidelines on Digital Banking, Technology Risk Assessment, and applicable licensing. Implement three KYC tiers with automated verification and transaction limit enforcement. AML/CFT monitoring requires real-time flagging of suspicious patterns. For full details, see our CBN compliance checklist 2026.
Frequently Asked Questions
Should I build a payment app with microservices or monolith architecture?
Start with a monolith for your MVP. Microservices add operational complexity that slows early development. Extract services as you grow.
What database is best for a payment app in Nigeria?
PostgreSQL is preferred for its ACID compliance, strong transaction support, and excellent performance with financial workloads.
How do payment apps handle reconciliation?
Reconciliation compares internal transaction records with payment gateway settlement reports using automated daily jobs that match by reference, amount, and status.
What security measures are required for payment apps in Nigeria?
TLS 1.2+ for data in transit, AES-256 for data at rest, tokenization, PCI DSS compliance, annual penetration testing, and audit logging for all transactions.