What is the KaritKarma fintech stack?

Four products composed for Bangladesh financial institutions. Aegis is the real-time fraud detection layer (sub-50ms cascade scoring, live at aegis.karitkarma.com). IntraPay is the sovereign interbank payment switch (Rust ISO 8583 core, PCI DSS Level 1, post-quantum HSM, engineering complete, BB PSP licence pending). Hold.bd is the bank-custodial escrow service with a tier-1 commercial bank partner (live). FinBridge is the vision-stage on-premises bank-to-MFS bridge (Q4 2026 target).

How does Aegis detect Bangladesh-specific fraud?

Purpose-built modules: hundi and hawala corridor detection across the six high-risk divisions, MFS agent behavioural profiling with split-transaction detection, SIM swap risk scoring with synthetic-identity checks, and a Bangladesh holiday calendar that informs off-hours velocity analysis. These patterns are invisible to Western fraud platforms that train on FICA, GDPR, and US card data.

What is the Aegis deployment model for banks?

A lightweight Go connector agent runs inside the bank data centre and streams transactions via encrypted gRPC to the scoring cloud. The bank keeps full control of the core banking system. Shadow mode validation runs in parallel with the existing fraud workflow before cutover. Fully on-premises deployment is available for banks that require it under PDPO 2025 data-localisation rules.

What is IntraPay's status?

Engineering Phases 1 to 9 are shipped: K8s plus Patroni plus Kafka plus Redis plus Istio plus HSM infrastructure, the Rust card switch and transaction engine, BanglaQR engine, MFS aggregator (bKash, Nagad, Rocket), clearing and settlement, fraud ML, merchant API and SDK, issuer and acquirer portals, Chittagong active-active, Sylhet cold DR, PCI DSS Level 1 audit complete, Wenme OAuth 2.1 plus DPoP, Darwan RBAC across 35 permission keys. Open items: BB PSP licence, 9xxx BIN allocation, and pilot integrations with two to three banks plus one to two MFS providers.

What is Hold.bd's regulatory model?

Hold.bd is bank-custodial, not custodial-bank. Every deposit sits in a scheduled commercial bank trust account, identity-bound to the depositor via Wenme KYC. The signed escrow agreement is executed at KYC time. Releases are milestone-based and verified out-of-band (RJSC Form 117 lodgement, share certificate handover confirmation, registrar update). A 30-day no-encumbrance window applies for share transfers.

What is FinBridge and when does it ship?

FinBridge is a vision-stage on-premises Digital Payment Switch that connects a Bangladeshi commercial bank's core banking system to mobile financial service rails (bKash, Nagad, Rocket, Upay) without taking CBS data off-premises. Bank-owned deployment, ISO 8583 plus ISO 20022 message bridging, designed for the BB Cyber Security Framework. Q4 2026 target with a pilot bank. No codebase yet; every shipped-tense claim on the FinBridge product page is labelled vision, design, or roadmap.

Get in touch

Fintech stack

Fraud, settlement, escrow, MFS bridging. All four on the wires we own.

For banks, MFS operators, NBFIs, and PSPs who need real-time fraud scoring, a sovereign domestic switch, bank-custodial escrow, and an on-prem CBS-to-MFS bridge. All four mapped clause-by-clause to Bangladesh Bank, BFIU, and PDPO 2025.

Talk to a fintech specialist

Stack at a glance

<50ms: Aegis scoring P99
<1ms: IntraPay ISO 8583
PCI L1: Programme complete
Tier-1: Bank escrow partner

What is the fintech stack?

Four products, two live, one engineering-complete, one roadmap.

The KaritKarma fintech stack is four products composed for the regulatory and operational reality of Bangladesh financial institutions. Aegis is the real-time fraud detection service (live). IntraPay is the sovereign domestic payment switch (engineering complete, BB PSP licence pending). Hold.bd is the bank-custodial escrow service with a tier-1 commercial bank partner (live). FinBridge is the vision-stage on-premises bank-to-MFS bridge (Q4 2026 target, explicitly labelled roadmap).

Every product carries a clause-level mapping to the Bangladesh Bank Cyber Security Framework, BB Partner Network (BRPD-2), BFIU AML/CFT, and PDPO 2025. No generic posture claims.

The problem

Bangladesh fintech, fought with imported tools, loses on every front.

Generic fraud SaaS does not see Bangladesh patterns

Hundi corridors, MFS agent split transactions, SIM swap with synthetic identity, dormant-account reactivation, off-hours velocity on national holiday calendars. Western fraud platforms train on Western data and miss every one of these.

Manual review eats the analyst payroll

Banks staff queues of analysts to clear flagged transactions. Aegis clears about 90 percent at the rules gate in under 2ms and reserves human review for the ambiguous cases the deep ensemble cannot resolve alone.

No escrow rail for high-value digital transactions

Share transfers, business acquisitions, broker-mediated deals run on trust and a paper agreement. Hold.bd settles them with bank-custodial deposits, signed KYC agreements, and a formal dispute path tied to RJSC Form 117 lodgement.

Payment fragmentation across providers

bKash, Nagad, Rocket, bank transfer, cards, each with a different API, a different reconciliation cadence, and a different failure mode. IntraPay normalises them behind one ISO 8583 switch with post-quantum HSM and PCI DSS Level 1 controls.

The products

Four products. Honest status labels on every one.

Aegis

Real-Time AI Fraud Detection

Live

Real-time 3-layer cascade scoring in under 50ms. 80+ detection rules, 51 reason codes, Bangladesh-specific intelligence for hundi corridors, SIM swap, and MFS agent fraud. Federated consortium learning across participating banks. Live at aegis.karitkarma.com.

Read the Aegis page

IntraPay

Sovereign Interbank Switch

Shipped, licence pending

Sovereign domestic payment switch. Rust ISO 8583 core under 1ms, 12 Go microservices, BanglaQR engine, MFS aggregation across bKash, Nagad, Rocket. PCI DSS Level 1 program complete, post-quantum HSM, active-active Dhaka and Chittagong. 9xxx BIN engineering complete, BB PSP licence pending.

Read the IntraPay page

Hold.bd

Bank-Custodial Escrow

Live

Bank-custodial escrow for Bangladesh's high-value transactions. Identity-bound deposits, signed agreement at KYC, milestone-based release, formal RJSC-anchored dispute path, partnership with a tier-1 scheduled commercial bank. Not custodial-bank, bank-custodial.

Read the Hold.bd page

FinBridge

On-Prem Bank-to-MFS Switch (Roadmap, Q4 2026)

Roadmap

Vision-stage on-premises Digital Payment Switch connecting a bank's core banking system to bKash, Nagad, Rocket, and Upay rails without CBS data leaving the bank's data centre. ISO 8583 plus ISO 20022 bridging. Bank-owned deployment, designed for BB Cyber Security Framework. Q4 2026 target.

Read the FinBridge page

Why KaritKarma

Built for the Bangladesh financial system.

Twenty-six years of financial-infrastructure engineering. We know the BB clauses, the BFIU expectations, the MFS agent network behaviour, and the hundi corridors. Imported fraud SaaS does not.

Sub-50ms scoring at the rules gate

About 90 percent of transactions resolved in under 2ms by the rules gate. Only truly ambiguous cases reach the deep ensemble. The bank's CBS does not wait on a foreign cloud round-trip.

80+ detection rules, 51 reason codes

14 rule categories covering velocity, geographic, device, AML, account takeover, mule detection, dormant accounts, structuring. Every decision carries a reason code mapped to a regulatory clause.

Regulatory compliance built in

Automatic CTR, SAR, and structuring detection per Bangladesh Bank and BFIU rules. Signed audit chain for every decision. PCI DSS Level 1 on IntraPay. Mapped clause-by-clause to BB Cyber Security Framework.

Sovereign, on the wires we own

APNIC AS 64005, Tier-3 Dhaka, Chittagong active-active for IntraPay, Sylhet cold DR. Post-quantum HSM on the wire. No transaction routing or fraud workload sits on a foreign cloud.

KaritKarma vs the alternatives

What this stack replaces.

Side-by-side against the Western fraud SaaS, the foreign card network, and the bespoke bank-side build that fintech buyers evaluate first.

Capability	KaritKarma	Imported or in-house
Sub-50ms fraud scoring with Bangladesh fraud patterns	Aegis	Feedzai, FICO Falcon (generic global)
Sovereign domestic payment switch (no foreign cloud)	IntraPay	Visa, Mastercard, foreign-cloud PSPs
Bank-custodial escrow on a scheduled commercial bank	Hold.bd	Trust-only, lawyer-held deposits
On-prem CBS-to-MFS bridge (CBS data never leaves bank)	FinBridge (Q4 2026 target)	Custom bank-side integration project
Clause-level BB Cyber Security Framework mapping	Per-clause matrix shipped	Your compliance team reconstructs it
Bangladesh holiday calendar in velocity rules	Built in, every release	Custom rules engine work

Attributed claims: Aegis scoring latency, rule and reason code counts sourced from the Aegis product page (live at aegis.karitkarma.com). IntraPay phase status sourced from the IntraPay product page (Phases 1 to 9 shipped, BB PSP licence pending). Hold.bd bank-custodial model sourced from the Hold.bd product page. FinBridge labelled Q4 2026 roadmap with no shipped tense applied.

Buyer questions

Questions fintech buyers ask first.

Six written answers so the call starts on substance, not discovery.

What is the KaritKarma fintech stack?: Four products composed for Bangladesh financial institutions. Aegis is the real-time fraud detection layer (sub-50ms cascade scoring, live at aegis.karitkarma.com). IntraPay is the sovereign interbank payment switch (Rust ISO 8583 core, PCI DSS Level 1, post-quantum HSM, engineering complete, BB PSP licence pending). Hold.bd is the bank-custodial escrow service with a tier-1 commercial bank partner (live). FinBridge is the vision-stage on-premises bank-to-MFS bridge (Q4 2026 target).
How does Aegis detect Bangladesh-specific fraud?: Purpose-built modules: hundi and hawala corridor detection across the six high-risk divisions, MFS agent behavioural profiling with split-transaction detection, SIM swap risk scoring with synthetic-identity checks, and a Bangladesh holiday calendar that informs off-hours velocity analysis. These patterns are invisible to Western fraud platforms that train on FICA, GDPR, and US card data.
What is the Aegis deployment model for banks?: A lightweight Go connector agent runs inside the bank data centre and streams transactions via encrypted gRPC to the scoring cloud. The bank keeps full control of the core banking system. Shadow mode validation runs in parallel with the existing fraud workflow before cutover. Fully on-premises deployment is available for banks that require it under PDPO 2025 data-localisation rules.
What is IntraPay's status?: Engineering Phases 1 to 9 are shipped: K8s plus Patroni plus Kafka plus Redis plus Istio plus HSM infrastructure, the Rust card switch and transaction engine, BanglaQR engine, MFS aggregator (bKash, Nagad, Rocket), clearing and settlement, fraud ML, merchant API and SDK, issuer and acquirer portals, Chittagong active-active, Sylhet cold DR, PCI DSS Level 1 audit complete, Wenme OAuth 2.1 plus DPoP, Darwan RBAC across 35 permission keys. Open items: BB PSP licence, 9xxx BIN allocation, and pilot integrations with two to three banks plus one to two MFS providers.
What is Hold.bd's regulatory model?: Hold.bd is bank-custodial, not custodial-bank. Every deposit sits in a scheduled commercial bank trust account, identity-bound to the depositor via Wenme KYC. The signed escrow agreement is executed at KYC time. Releases are milestone-based and verified out-of-band (RJSC Form 117 lodgement, share certificate handover confirmation, registrar update). A 30-day no-encumbrance window applies for share transfers.
What is FinBridge and when does it ship?: FinBridge is a vision-stage on-premises Digital Payment Switch that connects a Bangladeshi commercial bank's core banking system to mobile financial service rails (bKash, Nagad, Rocket, Upay) without taking CBS data off-premises. Bank-owned deployment, ISO 8583 plus ISO 20022 message bridging, designed for the BB Cyber Security Framework. Q4 2026 target with a pilot bank. No codebase yet; every shipped-tense claim on the FinBridge product page is labelled vision, design, or roadmap.

Stop fraud before it costs you.

Get a personalized walkthrough of Aegis with one of our specialists. No commitment required.

Request a demo Talk to sales