iOS financial dashboard with bank-grade security shipped from scratch. Banks, ETFs, and crypto in one view.

The client wanted one place to see every financial account: checking, savings, investment accounts, ETFs, brokerage positions, and a crypto wallet. For a user with accounts at three banks and a Coinbase account, that meant pulling live data from five separate systems, each with different APIs, different authentication requirements, and different data formats.

The user experience had to be simple. The infrastructure had to meet financial-grade security standards. The product expected significant scale, so the backend had to handle high traffic without requiring expensive manual intervention as users grew.

Four problems defined the project. First, data aggregation at scale. Second, identity verification: users linking financial accounts needed to prove they were who they claimed to be, matched against a government ID. Third, security: all API traffic needed encryption, and the full application needed to pass a penetration test before any real user data was processed. Fourth, authentication: the product needed to support email OTP, phone OTP, Google, Apple, and Facebook sign-in, plus biometric login with Face ID and Touch ID, in any combination.

A custom identity verification flow was also needed. The name on a user's government ID frequently differs from the name on file at the financial institution. Exact-match logic would reject legitimate users at an unacceptable rate.

Wednesday built the iOS app and the backend infrastructure together as one team.

Data aggregation. Plaid was used to pull bank and brokerage account data. The Coinbase API handled crypto account balances and transfers. Account data from all sources was normalized into a single financial view per user. Investment patterns were surfaced through data analysis across the aggregated accounts.

Authentication. AWS Cognito handled user management. Lambda triggers supported all five sign-in methods: email OTP, phone OTP, Google, Apple, and Facebook. Face ID and Touch ID were integrated for biometric login. Users can mix and match authentication methods.

Identity verification. Onfido matched user-submitted government IDs against the photo and name on the document. A custom fuzzy matching algorithm resolved name discrepancies between the government ID and the financial institution record. A user registered as "William" at their bank but "Bill" on their license passes verification. Exact-match logic would have rejected them.

Fund transfers. A unified transfer interface was built on top of Dwolla and Plaid for bank-to-bank moves and the Coinbase API for crypto transfers. From the user's perspective it is one transfer screen, regardless of which account types are involved.

Security. All API traffic was encrypted with AES-256. Sensitive data in transit was fully encrypted at every point. The team ran a penetration test before any user data was processed. No findings required remediation at launch.

Scale. The backend used a managed DynamoDB cluster with AWS AppSync and Lambda data sources. API results were cached to reduce latency. The architecture handles high traffic without degrading and without requiring manual scaling steps as the user base grows.

The platform launched with bank, brokerage, and crypto accounts connected in a single view. Users see all balances and all recent transactions from one screen. Transfers between any linked account go through one interface.

Every API call is encrypted with AES-256. Sensitive data in transit is fully protected. The penetration test cleared at launch with no findings requiring remediation before the product went live.

Face ID, Touch ID, and all five sign-in methods work in any combination. Users pick their preferred authentication method.

The backend scales under load without manual intervention. As the user base grows, the infrastructure cost per user stays flat.