ADVERTISEMENT

Subscribe

The blast-radius problem: how Paul Rugbere’s Digital Purse is redesigning the consumer card from the architecture up

Partner Page by
Digital Purse

This Partner Page has been reviewed for clarity and relevance to Techpoint Africa’s audience

What are Partner Pages?
Partner Pages are dedicated spaces where our partners share detailed information about their products, services, and solutions. Each page is reviewed to ensure it provides clear, useful insights for readers, while offering partners lasting visibility on Techpoint Africa.

Interested in Partner Pages? Connect with us at partnerpages@techpoint.africa

Published:

This Partner Page has been reviewed for clarity and relevance to Techpoint Africa’s audience. Read more…

What are Partner Pages?
Partner Pages are dedicated spaces where our partners share detailed information about their products, services, and solutions.

Each page is reviewed to ensure it provides clear, useful insights for readers, while offering partners lasting visibility on Techpoint Africa.

Interested in Partner Pages? Connect with us at partnerpages@techpoint.africa

Global card-fraud losses crossed $33 billion in 2023 and are projected to reach $43 billion by 2028. The Nigerian fintech industry has been trying to fix this with smarter detection. One Enugu-founded company — now serving 200,000 users in five countries — is trying to fix it by redesigning the card itself. The engineer behind that bet is Paul Rugbere.

There is a phrase from security engineering that has not yet quite migrated into Nigerian fintech discourse but probably should. The phrase is blast radius. When a credential leaks, a token is stolen, or an instrument is compromised, the blast radius is the set of assets the compromise can reach. In well-designed systems, the blast radius of any single failure is bounded and small. In badly-designed systems, one leaked credential exposes everything behind it.

The traditional consumer debit card — the one most Nigerians carry, the one most Nigerian fintechs build on top of — is, by these criteria, an extreme blast-radius problem. The sixteen digits on the front, paired with the three on the back, form a single key. They unlock the entire balance behind them. They can be used — in card-not-present form — from anywhere in the world. When they leak, the standard remedy is to cancel the card and reissue another, after which the user re-enters the replacement on every legitimate merchant they have ever paid. The blast radius of one leak is the user’s whole financial life.

The Nigerian fintech industry’s response over the past decade has been to layer defences on top of this fragile foundation. Tokenisation. 3-D Secure. Behavioural biometrics. Increasingly sophisticated fraud-detection models. Each of these is useful. None of them addresses the underlying architectural choice.

A different bet

One of the more interesting practitioners of an alternative approach is Paul Rugbere, founder and CEO of Digital Purse, a Nigerian-founded consumer fintech he registered in May 2023 and built out of Enugu before relocating to Manchester in 2024 to pursue a Master’s in Cybersecurity. Since founding, the platform has grown to over 200,000 registered users across the United States, the United Kingdom, Canada, Ghana, and Nigeria; processed more than $5 million in cumulative transaction volume; and operated profitably from its first full quarter — without external venture funding.

Rugbere’s design choice is to treat the card itself as the wrong unit of trust. “We are not in the business of defending cards,” he says. “We are in the business of making cards that don’t need defending. There’s an important difference.”

In Digital Purse’s architecture, each virtual card is independently pre-funded as a standalone payment unit. The user generates a card, funds it with a specific amount tied to the intended use (a subscription payment, a one-off online purchase, a recurring service fee), and uses it. If a fraudster captures that card’s digits months later, the maximum loss is bounded by the funds loaded onto that single card. The user’s broader wallet is never in the blast radius. Not by policy enforcement, behavioural rule or fraud-detection model. By architecture.

“We are not in the business of defending cards. We are in the business of making cards that don’t need defending.”

How this differs from existing disposables

Disposable and virtual-card products are not new. Revolut introduced its disposable card facility in 2019. Privacy.com has offered single-use card numbers in the US since 2014. Several Nigerian challengers — Eversend, ALAT, Kuda and others — offer some form of card-level spend control. Most of these products share an underlying design: the disposable card draws against a shared wallet or funding source, with rules and limits constraining how much it can pull at any given moment.

The distinction Rugbere has made — funding each card as a self-contained payment unit rather than as a window onto a shared balance — is, in his account, what separates a reduced blast radius from an eliminated one. “A limit on a disposable card is still a limit on a connection back to the main account,” he says. “Something sufficiently bad happens to your account-level credentials, the limits don’t save you. Funding the card as an isolated unit means there is no connection back to be exploited.”

Whether the distinction matters in practice depends on how often the broader account-level compromises that limits cannot defend against actually occur. Industry data suggests this happens more often than the issuer community publicly discusses, particularly across card-not-present surfaces with weak step-up authentication. Whether Digital Purse’s specific architectural choice will be adopted, replicated or otherwise pressure-tested by larger players over the next three years is the open question.

The execution layer

Architectural elegance is necessary but not sufficient for a consumer payments product. Below the conceptual model sits the operational reality: a Python-based backend handling card generation, transaction processing, wallet orchestration and cross-border payment routing; a multi-provider integration layer talking to Cryptomus for cryptocurrency rails and Flutterwave for fiat rails across multiple African currencies; JWT-based authentication; end-to-end encryption of sensitive transmissions; and a substantial body of original code that Rugbere has continued to write personally, at a cadence of more than a thousand commits across two recent months.

The user experience, in turn, has been deliberately collapsed into surfaces users already inhabit. Digital Purse launched on Telegram in 2023, with an AI-driven assistant handling card creation and management through natural-language conversation. The native iOS and Android apps came later, for users who preferred a dedicated interface. The largest single download market is the United States, with over 86,000 iOS downloads, followed by Ghana, Nigeria, the United Kingdom and Canada.

A second product, same engineering DNA

In mid-2025, while completing his Master’s, Rugbere co-founded Xara AI with Suleiman Adewale — a WhatsApp-based AI financial assistant that, as lead developer, he engineered as a context-aware conversation-to-transaction execution engine rather than as a scripted chatbot. Within six months of launch, Xara had processed over ₦5.8 billion across 451,856 transactions for 41,900 users. The same engineering instinct — making the financial primitive disappear into a surface the user already trusts, while keeping the security guarantees underneath — is visible in both products.

“Digital Purse decided that the card was the wrong unit of trust,” Rugbere says. “Xara is deciding that the banking app is the wrong unit of interface. They are two answers to the same question, which is: what does honest fintech engineering look like when the user has been let down by the conventions for a decade?”

What it implies for the industry

Two implications are worth flagging for Nigerian fintech strategy teams. The first is that the consumer card may be entering its own version of the journey that enterprise authentication went through over the past decade: a movement from long-lived, broadly-scoped credentials to short-lived, narrowly-scoped ones. “We stopped giving server engineers permanent root access years ago,” Rugbere observes. “We should probably stop giving consumers permanent unbounded cards.”

The second is that the natural distribution surface for security-first consumer fintech in 2026 may not be the bank-app form factor at all. Digital Purse’s early Telegram-based distribution — and Xara’s WhatsApp-native approach — suggests that the relevant question for an issuer thinking about disposable-card or conversational-finance products is less “should we build this?” and more “where does it live?” Messaging platforms, browser extensions, embedded-in-merchant flows, and AI assistants are all plausible answers.

“We stopped giving server engineers permanent root access years ago. We should probably stop giving consumers permanent unbounded cards.”

On current evidence, Digital Purse is one of the more credible practitioners of that approach in the African fintech space. Whether the broader industry follows is a question Rugbere is too disciplined to answer aloud. Whether it should is, on the basis of his architecture and his numbers, an increasingly easy one.

More Stories

CBN gives banks and fintechs 6 months to localise payment data

CBN governor, Yemi Cardoso holding a mic at what appears to be an event where he's addressing people

Canada’s Nuvei to acquire Payoneer in a $2.75B deal

funding

Storipod wants to make reading as addictive as scrolling social media

James Nelson - Founder, Storipod

Canal+, DStv owner, cuts over 300 jobs in South Africa

Canal+

Explore

Reach our audience

Our publications

© ,

Businessfront. All rights reserved