بنقرة واحدة
fintech-fde
FDEOS overlay for fintech. PCI-DSS, transaction integrity, idempotency, fraud signals.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
FDEOS overlay for fintech. PCI-DSS, transaction integrity, idempotency, fraud signals.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
The operating system for Forward Deployed Engineers. 34 skills across 6 domains — from first meeting to final handoff. Tell it your situation, it routes to the right skill, does the work, and the engagement memory writes itself.
Taking over mid-engagement. Reads what exists, separates what works from what was assumed.
Safe implementation in any codebase. Characterisation tests first, Strangler Fig for fragile code.
End of engagement. Retrospective, pattern extraction, clean handoff so the team can sustain it.
Generate a status dashboard across all active engagements from .fde/ data.
Systematic debugging. Reproduce first, isolate second, fix third. Never guess.
| name | fintech-fde |
| description | FDEOS overlay for fintech. PCI-DSS, transaction integrity, idempotency, fraud signals. |
PCI and money movement need clear answers — ask like a colleague doing diligence, not a compliance bot reading bullets.
Load trust-profile.md always -- sacred data classification and AI policy must be confirmed before any action. Load terrain.md only when reviewing code that handles transactions or cardholder data. Do not load other .fde/ files unless the active phase skill requires them.
Financial systems carry a specific class of failure that other systems don't: silent money loss. A bug that corrupts data in a CMS is bad. A bug that processes a payment twice, misroutes a transfer, or silently drops a transaction can cause regulatory breaches, customer financial harm, and criminal liability. This overlay adds the layer of judgment that financial environments require.
Load this alongside the core FDEOS skills for any engagement involving payments, transactions, accounts, or regulated financial data.
PCI-DSS governs how card data is handled. Before any technical work, establish scope:
"Does this system store, process, or transmit cardholder data? And what's the current PCI-DSS compliance level?"
Cardholder data includes PAN (Primary Account Number), CVV, PIN, and expiry dates. PAN must never be stored post-authorisation unless there is an explicit business case and it's encrypted and masked in all interfaces (show only last 4 digits).
If the system is storing full PANs in logs, in analytics events, or in error messages, that is the first finding and it takes priority over everything else.
Tag all cardholder data scope in trust-profile.md under <private> markers.
In financial systems, the same operation executed twice must produce the same result as executing it once. Network failures, retries, and user double-clicks all cause duplicate requests. Without idempotency, the result is double charges, double transfers, or phantom credits.
When reviewing or building any code that creates transactions:
If idempotency is missing from a payment flow, flag it before it goes to production. "We'll add it later" has caused real customer harm in every fintech that said it.
Financial transactions must be atomic: they either fully succeed or fully fail, with no partial states. A transfer that debits Account A but fails before crediting Account B is not a technical error, it's a financial error that may require regulatory reporting.
When reviewing transaction code:
Ask in the first technical conversation:
"What fraud signals does this system currently monitor? And what happens when a transaction is flagged?"
Common gaps that indicate immature fraud controls:
You don't need to build fraud detection in the engagement. You need to know whether the gaps you leave create exposure.
Many financial jurisdictions require transaction reporting above certain thresholds (e.g., CTR in the US above $10K, SAR for suspicious activity). If the system processes transactions at that scale:
"What regulatory reporting obligations does this system have, and is that reporting automated or manual?"
A manual reporting process that relies on someone remembering is a compliance risk. If you're building or modifying transaction processing, verify reporting isn't broken by the change.
Many financial regulators require explainability in automated decision-making, particularly for credit decisions, fraud detection, and account actions. A model that declines a loan application must be able to explain why in human-understandable terms.
Before building or integrating any AI-driven decision in a financial system:
Check trust-profile.md for the organisation's AI policy. Some financial institutions prohibit AI from making final decisions on regulated activities.
trust-profile.md: cardholder data scope, PCI compliance level, AI policy, regulatory reporting obligations.
risks.md: idempotency gaps, transaction integrity issues, fraud control gaps, compliance exposures.