I won't lose your money.
Moving money is mostly fine until something fails mid-transaction. Then it's a retry that charges twice. A settlement that doesn't reconcile, books drifting by an amount that won't fix itself. A position that ends up out of sync with the ledger and stays that way until someone goes looking.
The spec was fiction
I took over a live forex platform once. The spec read clean. The running code had drifted somewhere else, and it was corrupting live positions while people traded on them.
Before changing a line, I wrote characterization tests for it: not what the system was supposed to do, but what it actually did, bugs and all. Only then did I start fixing things.
Catching fraud before fulfillment
On a voucher marketplace, digital goods don't refund. Once a code goes out, it's gone, and a chargeback later does you no good. The fraud check had to happen before anything shipped.
Every order got a risk score off its payment metadata, and fulfillment held until that passed. Delivery fired only on the real payment confirmation from the provider webhook, not the moment a charge was attempted.
Velt
Velt is my own thing, still in progress. It started from how badly legacy rails handle settlement: three-to-five-day windows, fees you can't really see, a middleman at every hop. It settles through smart contracts on a permissioned EVM chain. Fees are fixed, money clears in seconds.
Most of the engineering goes into reconciliation. The ledger and the on-chain state have to agree no matter what, including when a transfer dies between steps. Get that wrong and you have money that exists on one side of the books and not the other.
In practice
Inherited it with no tests. Wrote characterization tests first, to capture what the code actually did, bugs and all, before touching anything.
Digital goods don't refund. Every order got a risk score off its payment metadata, and nothing shipped until the payment cleared the provider webhook.
My own project, still building it. Settlement runs on smart contracts over a permissioned EVM chain. Fixed fees, clears in seconds.
I'd rather spend three weeks on the failure paths than an afternoon on the happy one.