Anatomy of a Digital Wallet App

This post aims to describe the technical parts of a digital wallet app and to strip it down on a high level for easier understanding by a layperson.

Working in GCash for several years, I have a grasp on how the app works on principle. Building a digital wallet seems simple in theory, but it has a lot of moving parts needed to work together. It also needs to be regulated as it handles user’s money and data. Coupled with the fact that it should scale into millions of users is a herculean feat altogether.

The Basics

If you strip off all of the abstracted layers, a digital wallet app is just a user or a merchant having a wallet, and you can transfer money to other wallets owned by other users or merchants.

However, once you think deeper about it, you need to add some more things — how would you assign this wallet to the user or merchant? You need them to register to your system. And that means you need to do onboarding.


If you’re having users or merchants register, then you should also consider validating what data they are using to register. This is called “Know-Your-Customer” (KYC) for users, and “Know-Your-Merchant” for merchants.

Since we are handling money, there are also certain laws we need to follow like “Anti-Money Laundering” and “Data Privacy” which mandate doing KYC validation properly and protecting the data from breaches and leaks. These make onboarding more difficult as there needs to be more checks and validations, and also making sure that the databases you put customer and merchant data into are secure.

KYC is simply having the user identify himself and prove this identity. This means for any personal data they input, there should be proof that it is true — meaning, there should be a government-recognized document that says it is so. This is why we need to send a picture of an ID that has this info. Another thing to require is if the user registering is the actual user himself — this is why there’s a selfie check as well. KYC also needs to screen the users if they are high-risk or not and ask for more documents if needed.

KYM is more complex. You first need proof that your business is legit and that you are authorized to operate in the country. So the requirements usually are a lot, but I won’t be listing these here.

Validation of KYC and KYM needs a lot of manpower and/or automated tools to make this happen. Even if you make this fully automated, you still need people to spot-check to see if everything is above board.


Transactions in a digital wallet ecosystem involve balance moving from one wallet to another. It can be done in three ways — user-to-user, user-to-merchant (payments), or merchant-to-user (disbursements).

If money is freely flowing, then there is a chance that money laundering can take place. This is why one of the regulations that digital wallets should follow is the Anti-Money Laundering Act. This makes it mandatory to check amounts coming in and out of all wallets and also imposes limits on sending and receiving funds.

This is also why great care is being exercised in checking for suspicious transactions. A typical digital wallet backend would likely be implementing a “risk engine” that checks and flags these transactions automatically.

Putting Money In and Out

A wallet balance contains virtual money that is meant to be convertible 1:1 to actual fiat currency. For GCash, any peso in the balance is an actual peso in real life. So, how do we convert actual currency to virtual currency? We need cash-in agents.

How cash-in works is that cash-in agents should have the virtual money in their wallet ready already. Once a user gives actual currency to an agent, the agent sends the equivalent virtual money to the user’s wallet.

Cash-out works the opposite way. The agent needs to have ready cash so that when the user sends him the virtual money, the agent hands over the equivalent virtual money to the user.

Cash-in and cash-out also are essentially payments and disbursements, no matter what the channel is. Refunds are mainly reversals of the transaction that went in place.


The last basic step is reconciliation, or making sure that every amount is accounted for. Every wallet is essentially a journal and each journal has a report for auditing purposes. At the end of the day, the amount of virtual money should match the actual money that came in all of the wallets in circulation.

This step also handles the settlement process for merchants as the funds in their virtual wallets need to be deposited into their settlement accounts (like bank accounts) to turn back into actual money.

Users and merchants both should have easy access to the reports of their respective wallets and for users, we can see this through the transaction history. Merchants are sent reports normally through email, but it may be via some other arrangements as well.

How to Monetize?

Operating a digital wallet is naturally a net loss endeavor. With all of the regulations that need to be followed alongside the basics that need to be done, how do digital wallet companies even earn money? The answer is through fees and value-added services.

The most logical place you can add fees is when the funds come in, or when you are transacting with it. But you can’t readily put fees on all types of transactions, as it would discourage users from using their wallets altogether.

So this is where we can see services like Pay Bills, or Buy Load where it is acceptable to ask for small convenience fees. Payments and disbursements through merchants also have their fees, but invisible to the users.

The value of the network also multiplies the amount of the earnings you can get, and so you can see a lot of different services being offered. In the case of GCash, you have loans, insurance, savings, wealth management, and e-commerce products within the app. Ads can also add revenue as real estate becomes more valuable as more users come in.

Eventually, there will be different innovative ways one can monetize. Some digital wallets like Maya pivot and focus on banking and merchant services. GoTyme leverages the Robinsons store network to gain users and add value to purchasing products. Others capitalize on remittances and loans to gain their user base.

The Usual Problems


The truth is all fintech companies run in the red. Only a small handful (like GCash) is profitable. They all burn their funds in acquiring users and merchants and this is why you see so many subsidies and promos in digital wallets during growth phases. Eventually, once it becomes unsustainable, they put on fees to compensate.


It is hard to scale. You need to either plan for it before you start or do it while in the thick of it. Users don’t see it, but I’m guessing there are a lot of backend changes you need to do to minimize downtime as you grow. GCash has reportedly 70+ million users and counting. Imagine the architecture that needs to support such traffic.

You also need people to monitor and mitigate problems as they happen. It’s a bad sign when your app breaks down in the middle of the day while people are queueing during lunch or at the supermarket.


At the end of the day, a digital wallet handles two important things — money and personal information. If either one is lost, the reputation of the wallet will die. And so a lot of effort, planning, and personnel is needed to make systems secure.

This also includes safeguarding people from making mistakes themselves. Account takeovers are usually people who got scammed and gave away their MPINs and OTPs. This is also why there were multiple security features rolled out last year for GCash.


When adding a service, there also needs a requirement to follow the law regarding that requirement. We have the AML and the Data Privacy Acts as basic guides. But once you add gaming to the app, you also need to follow PAGCOR rules. Same as with loans and the Truth in Lending Act.

Usually, when there are a lot of laws that need to be checked, there also needs to be a lot of legal counsel that needs to be consulted. Not to mention the multiple contracts that need to be reviewed, as well as cases that need to be filed in court. A digital wallet company would likely need to employ in-house lawyers and risk management teams (to provide governance for operations) just for this purpose.

Customer Support

Customer Support is also tied with scaling as more and more people use the app, the more you need to handle issues when things go wrong. Either you would need good automation in the form of chatbots, or more people resolving issues 24/7.

Another factor is the complexity of the app. If the app offers a lot of different features and services, your help center should also cater to resolving issues of that complexity. There should also be a knowledgebase of sorts so that the support people can have a common reference to check how to resolve issues. There should also be tiers of support where more technical problems can be investigated and solved by those higher in level.

Wrapping Up

I was able to talk about the anatomy of a digital wallet app — all of the moving pieces needed to operate such an app. This is not only limited to digital wallets but to fintech apps in general. There would be overlaps and extra steps, but the pieces needed will essentially be the same.

The basic parts of a digital wallet app are onboarding, transactions, and reconciliation. Once you get the basics right, you can scale your business by adding services to make users stay and transact. The network effect will provide value as more and more users come into the platform.

Eventually, you would need to monetize by adding fees to transactions and services. This cycle then repeats and maintaining profitability is a balancing act with making sure the app scales and security and regulations are being kept.

I have a new e-commerce site where you can buy some e-books here: GCR Prime

After reading about what GCash is, here are the main GCash features:

Leave a Comment