Skip to content
IntraPay
Engineering complete, regulator-pending

Bangladesh sovereign payment network

A domestic switch
that keeps the interchange
inside Bangladesh.

IntraPay is a Rust ISO 8583 card switch, a BanglaQR engine, and an MFS aggregator on one ledger. Built to drop card MDR from 2 to 3 percent down to 0.5 percent and to route cards, QR, and bKash, Nagad, or Rocket from a single merchant integration.

Participant briefingTechnical walkthrough
  • Hand-rolled Rust ISO 8583 switch, tested codec
  • BanglaQR engine, EMVCo TLV conformant
  • MFS aggregator: bKash, Nagad, Rocket
  • MDR splits enforced in the clearing engine
  • PCI DSS v4.0 readiness, automated evidence
  • Darwan RBAC: 35 permissions, 11 roles, 6 SoD

Card MDR, enforced in code

0.50%

Clearing engine splits 0.10 / 0.25 / 0.15 between network, issuer, acquirer

10
Go services
2 + 1
DC + DR overlays
v4.0
PCI readiness
switch.acquirer.authorize
iso-8583 / 0100
0100Authorization requestMTI, card auth
DE 29242 87.. .... 1409PAN, 9xxx BIN, masked
DE 3000000Processing code, goods + services
DE 4000000125000Amount, BDT 1,250.00
DE 70517143008Transmission ts (MMDDHHMMSS)
DE 11043217Systems trace audit number
DE 22051POS entry mode, EMV chip + PIN
DE 38..Auth ID (filled by issuer)
DE 41BCHL0042Terminal ID
DE 49050Currency code, BDT
IntraPayA KaritKarma product / built in Dhaka, AS 64005
See the full KaritKarma stack

What is IntraPay

A switch for the country.
Not a wrapper around one.

IntraPay is a domestic payment switch for Bangladesh. It does three things that today require three vendors: it authorizes ISO 8583 card transactions on a sovereign 9xxx BIN range, it generates and clears BanglaQR scan-to-pay flows, and it aggregates the bKash, Nagad, and Rocket mobile-financial rails behind one merchant API.

The Rust switch implements the ISO 8583 lifecycle by hand: MTI parsing across 0100/0110, 0200/0210, 0400/0410, and 0800/0810, a 64-bit field bitmap, and typed PAN, amount, and binary field encoding. Ten Go microservices handle clearing, settlement, tokenization, fraud routing, KYC, and partner portals, with a TypeScript merchant API in front. PCI DSS v4.0 readiness scripts and Wenme plus Darwan participant auth round out the operator stack.

9xxx BIN card rail

Card

Sovereign BIN range, EMV chip and contactless, instant virtual issuance through the Token Vault. Domestic transactions never cross a foreign network and never pay foreign interchange.

BanglaQR engine

QR

EMVCo TLV implementation in Go: merchant account info (tag 26), MCC (52), amount (54), CRC (63), static and dynamic QR, currency 050 BDT. One QR is interoperable across every participating bank app, wallet, and the IntraPay merchant SDK.

MFS aggregator

MFS

bKash, Nagad, and Rocket adapters behind one interface: InitiatePayment, CheckStatus, Refund. Built so one merchant integration covers every mobile financial service in Bangladesh; adapters run against sandbox today, live credentials arrive with the bank pilots.

RTGS and BACH bridge

Settle

Clearing Engine produces daily bilateral net positions inside a 24-hour cut-off window. RTGS and BACH instruction generation to Bangladesh Bank is interface-complete and pending live central-bank integration.

The economic case

The interchange Bangladesh
pays today, in one table.

MDR ranges below reflect typical merchant agreements with international networks and the published bKash, Nagad, and Rocket merchant rates as of 2026. IntraPay rates are the published scheme rates, split between IntraPay, issuer, and acquirer or MFS provider.

Payment typeCurrent MDRIntraPay MDRSplit
Card present, POS
IntraPay / issuer / acquirer
2.0 to 2.5%
0.50%
0.10 / 0.25 / 0.15
Card not present, online
Same fee for online, no CNP surcharge
2.5 to 3.0%
0.50%
0.10 / 0.25 / 0.15
BanglaQR scan to pay
Interoperable across participating banks
0.5 to 1.0%
0.30%
0.08 / 0.12 / 0.10
MFS aggregated (bKash, Nagad, Rocket)
Operator share / MFS share
1.5 to 1.85%
0.40%
0.15 / 0.25
Rates pending Bangladesh Bank PSP licensing and 9xxx BIN allocation. Sources: published scheme documentation, published MFS merchant agreements.

One card transaction, end to end

What happens between
swipe and approval.

ISO 8583 in, ISO 8583 out, with a Kafka event projection per stage so clearing, settlement, dispute, and audit consumers rebuild state from the same canonical log.

# design budgets, not measurements
k6_assert: p95_e2e < 300ms (tests/load)
issuer_rt = network bound
switch benchmark: unpublished, pre-deployment
  1. 01

    Acquirer terminal posts ISO 8583

    POS or e-commerce gateway sends a 0100 authorization request over a mutually authenticated TLS channel to the acquirer-bound switch endpoint. The hand-rolled Rust codec parses the MTI, the 64-bit field bitmap, and PAN, amount, and binary data elements.

  2. 02

    Fraud scored over gRPC

    The transaction engine calls the Python fraud service over synchronous gRPC. A PyTorch neural net (six inputs, two hidden layers) returns a fraud probability, with a deterministic heuristic fallback when the model is unavailable. The score rides the transaction context into the auth decision.

  3. 03

    Auth decision on the issuer leg

    The auth service evaluates issuer rules and limits, then forwards the request on the issuer leg. HSM key custody and post-quantum session wrapping (CRYSTALS-Kyber, Dilithium) sit on the security roadmap as design targets; nothing post-quantum ships in the current codebase.

  4. 04

    Issuer decision returns

    Issuer bank returns 0110 with action code, IntraPay completes the response chain back to the acquirer, and the Kafka event stream forks into clearing, settlement, dispute, and audit projections.

One switch, ten Go services, one fraud scorer

The whole switch fits
on one page.

A Rust switch, ten Go services, a Python fraud scorer, and a TypeScript merchant API gateway. Each service has a single responsibility and a gRPC contract under proto/, observed by three Grafana dashboards in deploy/grafana.

Card Switch

:50051
Rust

ISO 8583 routing, sub-ms

Transaction Engine

:50052
Go

Central orchestrator

Token Vault

:50053
Go

Card tokenization, virtual cards

Auth Service

:50054
Go

Issuer rules, participant auth

QR Engine

:50055
Go

BanglaQR generate, validate

MFS Aggregator

:50056
Go

bKash, Nagad, Rocket

Clearing Engine

:50057
Go

Daily bilateral netting

Settlement

:50058
Go

RTGS, BACH to BB

Fraud Service

:8081
Python

PyTorch real-time scoring

Onboarding

:50061
Go

KYC, API key issuance

Partner

:50062
Go

Issuer BINs, acquirer terminals

KYC

:50063
Go

NID verify, AML watchlist

14
proto contracts
83+
tests: Go, Rust, Python
~23K
lines of code
5
k6 load suites

Operator posture

Built like the
infrastructure it replaces.

The card networks IntraPay competes with run on the same primitives: synchronous replication, HSM-backed keys, audited change control, observed every hop. IntraPay matches them on substance, not on slogans.

Multi-DC architecture as code

Kustomize overlays for Dhaka, Chittagong, and a Sylhet DR. PostgreSQL on Patroni with strict synchronous replication across 3 replicas, Kafka KRaft with MirrorMaker 2 cross-DC, Redis Sentinel 3+3, Istio mTLS, and scripted DR failover and failback. Pre-deployment: no drill results are published yet.

PCI DSS v4.0 readiness framework

A PCI DSS v4.0 control checklist backed by three automated validation scripts in scripts/compliance: network segmentation scan, audit-log check, encryption check. The scripts generate the evidence pack; the QSA audit and signed ROC are still ahead, and we say so.

Post-quantum on the roadmap

CRYSTALS-Kyber key encapsulation and Dilithium signatures with HSM key custody are design targets on the security roadmap. No post-quantum code ships in the current build, and this page will not claim it until it does.

Wenme + Darwan for participant auth

OAuth 2.1 with DPoP from Wenme issues participant access tokens. Darwan evaluates every action against 35 permission keys, 11 roles, and 6 separation-of-duties constraints seeded from day one. No long-lived API keys.

IntraPay vs alternatives

What it does that
the stack today does not.

Compared against Visa or Mastercard for domestic Bangladesh card flow, and against direct bKash, Nagad, and Rocket integrations for MFS. Each claim below is mapped to a shipped service or an honestly labelled roadmap item.

CapabilityIntraPayVisa / MCDirect MFS
Domestic interchange stays inside Bangladesh
vs international card networks
Single integration for cards + QR + MFS
vs separate bKash / Nagad / Rocket APIs
MDR splits published and enforced in the clearing engine
0.50% card / 0.30% QR / 0.40% MFS, in code
EMVCo BanglaQR generation and validation built in
TLV engine with CRC validation, static + dynamic
One OpenAPI 3.1 spec and TypeScript SDK across all rails
payments, cards, qr, mfs, clearing, settlement, disputes
Sovereign BIN, no foreign network dependency
9xxx range, pending BB allocation
Operates under a single Bangladesh PSP licence
Application in preparation

What is shipped, what is pending

Engineering complete.
Regulator pending.

We do not claim shipped what is not. The regulator-side milestones (BB PSP licensing, 9xxx BIN allocation, and bank pilots) are the gating path to live volume.

  • Phase 1Core infra as code: K8s, Postgres + Patroni, Kafka, Redis, Istio shipped
  • Phase 2Card switch (Rust), Transaction Engine, Token Vault, Auth shipped
  • Phase 3BanglaQR engine, MFS aggregator (bKash, Nagad, Rocket) shipped
  • Phase 4Clearing, Settlement, Fraud ML, Dispute management shipped
  • Phase 5Merchant API, SDK, Portal, OpenAPI 3.1 specification shipped
  • Phase 6Issuer + Acquirer portals, partner sandbox shipped
  • Phase 6Pilot integration with 2 to 3 banks, 1 to 2 MFS providers pending
  • Phase 7Multi-DC manifests: Chittagong overlay, Sylhet DR, scripted failover shipped
  • Phase 8PCI DSS v4.0 readiness scripts, k6 load suites, DR runbooks shipped
  • Phase 8BB PSP licence, 9xxx BIN allocation, PCI DSS QSA audit (ROC), pen test pending
  • Phase 9Wenme OAuth 2.1 + DPoP, Darwan RBAC: 35 permissions, 11 roles, 6 SoD shipped

FAQ

Questions banks
actually ask.

Six answers covering scope, comparison, BanglaQR, latency budgets, RTGS and BACH interop, regulator state, and participant economics. Mirrored 1:1 in FAQPage JSON-LD.

What is IntraPay?

IntraPay is a sovereign domestic payment switch for Bangladesh. A hand-rolled Rust ISO 8583 switch handles card authorization, ten Go microservices run clearing, settlement, tokenization, KYC, and partner portals, a Python PyTorch fraud service scores transactions over gRPC, and a BanglaQR engine plus an MFS aggregator (bKash, Nagad, Rocket) put cards, QR, and mobile money behind one TypeScript merchant API. It is built to drop card MDR from 2 to 3 percent down to 0.5 percent and keep that fee inside the Bangladesh economy.

How is IntraPay different from going direct to bKash, Nagad, or routing via Visa and Mastercard?

Direct MFS integrations require three separate API contracts, three separate reconciliation surfaces, and three settlement timelines. Visa and Mastercard route domestic Bangladesh transactions through international networks and charge interchange in foreign currency. IntraPay collapses all of that into one integration, one settlement file, one regulator surface, and keeps fees in BDT under a single Bangladesh PSP licence. The trade-off is participation cost (annual licence fees per bank or MFS) and the network effect needs scheduled banks at the table.

Does IntraPay support BanglaQR?

Yes. The QR Engine generates and validates EMVCo-conformant BanglaQR codes that are interoperable across every participating bank app and the IntraPay merchant SDK. Bangladesh Bank requires Bangla QR acceptance for every scheduled bank, MFSP, and PSP by 30 June 2026, and IntraPay ships the merchant-side and switch-side surfaces needed to meet that requirement.

What is the switch latency and how does it interop with RTGS and BACH?

Latency figures are published as design budgets, not measurements: the k6 load suites in tests/load assert an end-to-end card response of 300 ms at p95, including fraud scoring and the issuer round trip. No switch hot-path benchmark has been published yet, so we do not quote one. On settlement, the Clearing Engine produces daily bilateral net positions, and instruction generation toward Bangladesh Bank RTGS (high-value) and BACH (batch) is interface-complete, pending live central-bank integration.

What is the production and regulator status?

Engineering Phases 1 through 9 are complete: core infrastructure as code, card switch, QR, MFS, clearing, settlement, fraud, merchant layer, partner portals, multi-DC manifests, PCI DSS v4.0 readiness scripts, and Wenme plus Darwan auth. Still open: the PCI DSS QSA audit (ROC), Bangladesh Bank PSP licensing, 9xxx BIN range allocation, pilot integrations with 2 to 3 banks and 1 to 2 MFS providers, an external penetration test, and production deployment itself. IntraPay is pre-production on a regulator-pending posture.

What does it cost a bank or MFS to participate?

Annual licence fees, per the published business model: top-10 banks 5 crore taka, mid-tier banks 2 crore taka, small banks and NBFIs 50 lakh taka, MFS providers 3 crore taka, payment facilitators 1 crore taka. Per-transaction MDR is fixed at 0.50 percent for cards, 0.30 percent for QR, 0.40 percent for MFS-aggregated payments, split between IntraPay, issuer, and acquirer or MFS provider on a published schedule.

Become a participant

One switch.
Cards, QR, MFS.
Settled inside Bangladesh.

IntraPay is recruiting pilot banks and MFS providers for the production launch window. The participant briefing covers scheme rules, fee splits, the licence application path with Bangladesh Bank, and the sandbox certification plan.

Request participant briefingTechnical walkthrough
[email protected]
+880 9638 100300
KaritKarma Limited, Dhaka