First Tech
Banking made simple for tech workers
Live Demo
Overview
First Tech Federal Credit Union serves 600K+ members — primarily tech workers at Google, Microsoft, HP, and Intel. I delivered the React Native mobile banking app across the full money-movement surface area: mobile check deposit, Zelle P2P, bill pay, internal and external transfers, and card controls — with banking-grade security and a test suite to match.
The Challenge
Tech-industry members compared the app against Venmo and Cash App, not against other credit unions. The legacy app was slow, couldn't do P2P, and had a deposit flow that failed too often. Every money-movement bug is a support call, and every security gap is a regulatory incident — the bar was 'zero incidents' and 'feels like a fintech app' at the same time.
The Solution
Rebuilt the hot flows on React Native with native bridges wrapping the bank SDKs (MI-SNAP, Zelle, Plaid, Card.io) so members got native-quality experiences from a single codebase. Layered optimistic UI over money movement with explicit rollback on failure, and gated every release behind a 95% test coverage threshold. Session security stayed out of the way with biometric unlock and device binding.
Architecture
A React Native app on top of a hardened native auth stack, connected to bank rails via tokenized third-party SDKs. Every sensitive flow bridges to native code, and no card data ever touches the JavaScript thread.
Key Decisions & Tradeoffs
React Native with native bridges for bank SDKs
Why: MI-SNAP, Zelle, Plaid, and Card.io all ship native. Wrapping them as native modules kept the app cross-platform without losing vendor support — the alternative was either two fully native apps or pinning to an old SDK version forever.
Optimistic UI for money movement, with explicit rollback
Why: Banking apps feel slow because every action waits for a server round-trip. Optimistic updates with a rollback state machine cut perceived latency in half without corrupting the balance — which is non-negotiable in money software.
95% test coverage as a release gate
Why: Money bugs don't get a soft launch. Jest + React Native Testing Library + Detox + Appium on a CI gate meant no regression could reach production, and made the app safe to iterate on fast.
Biometric unlock + device binding, not passwords
Why: Passwords are phishable and friction-heavy. Tying the session to a device, requiring biometric unlock, and revoking on device change raised the attack bar and dropped login time from seconds to one tap.
Zero PCI data on the device, ever
Why: Card numbers go scanner → tokenization SDK → server without ever sitting on the JS thread or in state. Staying out of PCI scope on the device eliminated an entire compliance surface and made the app safer to iterate on.
What I took away from this project
Lessons that still shape how I build — in my own words.
The benchmark isn't other banks — it's Venmo
Our members were tech workers at Google, Microsoft, Intel. They didn't compare the app to other credit unions; they compared it to Cash App. That reframed every decision: P2P had to feel instant, deposits had to work first try, and a 2-second tap-to-balance was unacceptable. Knowing who you're actually competing with — not who your industry thinks you're competing with — is the cheapest positioning exercise a product team can do.
Optimistic UI belongs in money software, but only with a real rollback
Banking apps felt slow because every tap waited for a server round-trip. Optimistic updates cut perceived latency in half — but only because we treated rollback as a first-class state, not an edge case. The half-finished version of this pattern is how balances get corrupted. Do it all the way or don't do it.
Keeping PCI off the device is more valuable than any control you can add
Card scans went straight from the scanner into a tokenization SDK and onto the server — card numbers never touched the JS thread or our Redux store. Staying out of PCI scope on the device eliminated an entire compliance surface and made the rest of the app safer to iterate on. The cheapest security control is the one where the data doesn't exist in the first place.
Impact
Technology Stack
Frontend
Banking SDKs
Security
Testing & Analytics
Key Features
Related case studies
Want something like this, built for you?
If the First Tech story sounds close to what you're trying to ship, a 30-min call is the fastest way to find out if we're a fit.