Skip to main content

User Stories: Drop — Fintech Payment App

User Stories: Drop — Fintech Payment App

Project: Drop — Remittance + QR Payments Version: 1.0 Date: 2026-02-23 Author: John (AI Director) Status: Approved Reviewers: Alem Bašić (CEO)

Document History

Version Date Author Changes
0.1 2026-02-23 John Initial stories from user journeys in business-case-v2.md

1. Epic Overview

Epic ID Epic Name Business Goal Story Count Status Target Release
EP-01 User Onboarding & Authentication BO-02 — user acquisition 4 Done (Phase 0.5) Phase 1
EP-02 Remittance (Send Money) BO-01, BO-02 — revenue + users 5 Done (Phase 1) Phase 1
EP-03 QR Merchant Payments BO-01, BO-03 — revenue + merchants 5 Done (Phase 1) Phase 1
EP-04 Open Banking (AISP) BO-02 — user trust 2 Mock (Phase 2) Phase 2
EP-05 Transaction History & Notifications BO-02, BO-03 3 Done (Phase 1) Phase 1
EP-06 Merchant Analytics BO-03 — merchant retention 2 Done (Phase 1) Phase 1
EP-07 KYC & Compliance BO-05 — regulatory 2 Mock (Phase 2) Phase 2

2. Story Format Guide

Standard Story Format:

As a [persona/role],
I want [feature/action],
So that [benefit/outcome].

Acceptance Criteria Format (Given/When/Then):

Given [a precondition that must be true],
When [the user performs an action],
Then [the expected outcome occurs].

4. Story Backlog

Epic EP-01: User Onboarding & Authentication

US-001: Account Registration (3-step onboarding)

Attribute Value
Epic EP-01: Onboarding
Priority Must Have
Story Points 8
Sprint Sprint 1
Assigned To Builder agent
Status Done
FR Reference FR-001
BR Reference BR-001, BR-002

Story: As a Norwegian resident (18+), I want to register for Drop with my email and date of birth, So that I can access remittance and QR payments at lower fees than existing services.

Context: 3-step flow: (1) personal details + DOB validation, (2) OTP on Norwegian phone (+47), (3) PIN setup. BankID integration in Phase 2 replaces DOB validation with real SCA.

Acceptance Criteria:

  • Given valid email, password ≥8 chars, Norwegian phone (+47), DOB ≥18 years, when user submits registration, then 201 created; user proceeds to OTP step
  • Given DOB under 18 years, when user submits, then 422 "Du må være minst 18 år"
  • Given duplicate email, when submitted, then 409 "Email already in use"
  • Given OTP sent, when user enters correct 6 digits, then user proceeds to PIN setup
  • Given valid 4-digit PIN entered and confirmed, when submitted, then account activated; JWT cookie set

Technical Notes:

  • Age validation: (today - DOB) >= 18 years
  • OTP: 6-digit code; in MVP any code accepted (mock); real SMS in Phase 2
  • Password: bcrypt 12 rounds

UI/UX Notes:

  • Screen: mockups/figma-make-export/src/components/Onboarding.js
  • 3-step progress indicator shown

Dependencies: Blocked by: None | Blocks: US-002, US-003, US-010

US-002: User Login

Attribute Value
Epic EP-01
Priority Must Have
Story Points 3
Sprint Sprint 1
Status Done
FR Reference FR-002

Story: As a registered Drop user, I want to log in with my email and password, So that I can access my account and make payments.

Acceptance Criteria:

  • Given valid email + password, when login submitted, then JWT cookie set; redirected to dashboard
  • Given wrong password, when submitted, then 401 "Invalid email or password" (no enumeration)
  • Given 10 failed attempts from same IP, when next attempt, then 429 rate limit error

Dependencies: Blocked by: US-001

Attribute Value
Epic EP-01
Priority Must Have
Story Points 1
Sprint Sprint 1
Status Done
FR Reference FR-003

Story: As a logged-in Drop user, I want to log out of my account, So that my session is securely terminated on shared devices.

Acceptance Criteria:

  • Given authenticated user, when they POST /api/auth/logout, then JWT cookie cleared; session revoked in DB
  • Given logged-out user, when they access protected routes, then 401 redirect to login

Dependencies: Blocked by: US-002

US-004: BankID Verification (Phase 2)

Attribute Value
Epic EP-01
Priority Must Have
Story Points 8
Sprint Sprint 4 (Phase 2)
Status Backlog
FR Reference FR-001

Story: As a Norwegian resident, I want to verify my identity via Norwegian BankID, So that my account is secured with Strong Customer Authentication (SCA) as required by PSD2.

Acceptance Criteria:

  • Given user at onboarding step 1, when they complete BankID verification, then DOB, name, and national ID extracted from BankID response
  • Given BankID shows DOB < 18 years, when verification complete, then registration rejected with age error
  • Given successful BankID, when verification complete, then kyc_status set to approved

Dependencies: Blocked by: BaaS provider confirmed (DEP-01)

Epic EP-02: Remittance (Send Money)

US-010: Send Money to Recipient

Attribute Value
Epic EP-02: Remittance
Priority Must Have
Story Points 8
Sprint Sprint 1
Status Done
FR Reference FR-020
BR Reference BR-003, BR-005

Story: As a Drop user who wants to support family abroad, I want to send money to a recipient in Serbia/Pakistan/Bosnia/Poland/Turkey/EUR zone at 0.5% fee, So that my family receives money faster and 10x cheaper than Western Union.

Context: "Amir wants to send 2,000 NOK to his mother Jasmina in Sarajevo. He opens Drop, taps 'Pošalji novac', selects Bosnia, enters Jasmina's IBAN, enters 2,000 NOK. Drop shows: mama receives 4,660 BAM, fee 10 NOK. He confirms. Mama gets SMS notification."

Acceptance Criteria:

  • Given authenticated + KYC-approved user, when POST /api/transactions/remittance with amount 100-50,000 NOK and valid recipientId, then 201; transaction created; fee = amount × 0.005
  • Given user with insufficient balance, when submitting, then 402 "Insufficient balance"
  • Given amount < 100 NOK or > 50,000 NOK, when submitted, then 400 validation error
  • Given unauthenticated user, when submitting, then 401 Unauthorized
  • Given KYC-pending user, when submitting, then 403 "KYC verification required"

Technical Notes:

  • 6 corridors in MVP: NOK→RSD, NOK→BAM, NOK→PKR, NOK→TRY, NOK→PLN, NOK→EUR
  • In Phase 2: real PISP via BaaS
  • Exchange rates from exchange_rates table, updated daily

UI/UX Notes: Screen: mockups/figma-make-export/src/components/SendMoney.js

Dependencies: Blocked by: US-001, US-012, US-013

US-011: View Exchange Rates

Attribute Value
Epic EP-02
Priority Must Have
Story Points 2
Sprint Sprint 1
Status Done
FR Reference FR-021

Story: As a Drop user planning to send money, I want to see current exchange rates before confirming a transfer, So that I know exactly how much my recipient will receive.

Acceptance Criteria:

  • Given any user, when GET /api/rates, then all 6 NOK exchange rates returned (RSD, BAM, PKR, TRY, PLN, EUR)
  • Given GET /api/rates/RSD, when called, then specific NOK→RSD rate returned
  • Given GET /api/rates/XXX invalid, when called, then 404 Not Found

Dependencies: None

US-012: Add Recipient

Attribute Value
Epic EP-02
Priority Must Have
Story Points 3
Sprint Sprint 1
Status Done
FR Reference FR-022

Story: As a Drop user sending money regularly to the same person, I want to save recipient details (name, IBAN, country), So that I don't have to re-enter them every time I send money.

Acceptance Criteria:

  • Given authenticated user, when POST /api/recipients with valid name, IBAN, country, then recipient saved
  • Given authenticated user, when GET /api/recipients, then all user's recipients returned
  • Given invalid IBAN format, when submitted, then 422 validation error

Dependencies: Blocked by: US-002

Epic EP-03: QR Merchant Payments

US-020: Pay Merchant via QR Scan

Attribute Value
Epic EP-03: QR Payments
Priority Must Have
Story Points 8
Sprint Sprint 2
Status Done
FR Reference FR-030
BR Reference BR-004, BR-005

Story: As a Drop user at a local merchant, I want to scan the merchant's QR code and pay directly from my bank account, So that I pay 1% merchant fee instead of Vipps' 1.75-2.75%, without needing cash or card terminal.

Context: "Amir walks into Ahmet's kebab shop. On the counter is a Drop QR sticker. Amir opens Drop, taps 'Skeniraj', points camera at QR → 'Ahmetov Kebab' appears. He enters 129 NOK, taps 'Betal'. Ahmet's phone buzzes: 129 NOK received."

Acceptance Criteria:

  • Given authenticated + KYC-approved user, when POST /api/transactions/qr-payment with valid merchantId and amount ≥1 NOK, then 201; merchant_fee = amount × 0.01
  • Given invalid merchantId, when submitted, then 404 "Merchant not found"
  • Given amount < 1 NOK, when submitted, then 400 validation error
  • Given missing merchantId, when submitted, then 400 validation error

UI/UX Notes: Screen: mockups/figma-make-export/src/components/ScanQR.js

Dependencies: Blocked by: US-001, US-021

US-021: Merchant Business Registration

Attribute Value
Epic EP-03
Priority Must Have
Story Points 5
Sprint Sprint 2
Status Done
FR Reference FR-031

Story: As a local business owner, I want to register my business in Drop and receive a QR code, So that I can start accepting payments at 1% fee within 5 minutes.

Acceptance Criteria:

  • Given authenticated user, when POST /api/merchants with business_name, bank_account, address, then merchant created with unique QR code
  • Given merchant, when GET /api/merchants/me, then merchant details + QR code returned
  • Given QR code scanned by Drop consumer, when payment submitted, then merchant correctly identified

Dependencies: Blocked by: US-002

US-022: Merchant Dashboard

Attribute Value
Epic EP-03
Priority Should Have
Story Points 5
Sprint Sprint 2
Status Done
FR Reference FR-032

Story: As a merchant using Drop, I want to see my daily/weekly/monthly transaction volume and fees, So that I can understand my Drop revenue and reconcile with my bank statement.

Acceptance Criteria:

  • Given authenticated merchant, when GET /api/merchants/dashboard?period=week, then total_transactions, gross_volume, total_fees returned for that period
  • Given GET with period=today, period=month, when called, then correct period data returned

Dependencies: Blocked by: US-021

Epic EP-04: Open Banking (AISP)

US-030: View Bank Account Balance

Attribute Value
Epic EP-04: Open Banking
Priority Should Have
Story Points 5
Sprint Sprint 4 (Phase 2)
Status Mock (Phase 2)
FR Reference FR-040

Story: As a Drop user, I want to see my Norwegian bank account balance in the Drop app, So that I know if I have enough funds before sending money — without needing to open my banking app.

Acceptance Criteria:

  • Given authenticated user with linked bank account, when GET /api/bank-accounts, then masked account number + balance returned
  • Given no linked account, when viewing accounts screen, then prompt to link via BankID

Technical Notes: Real AISP requires BaaS partner (DEP-01) — currently mock data in demo

Dependencies: Blocked by: DEP-01 (BaaS partner)

Epic EP-05: Transaction History & Notifications

US-040: Transaction History

Attribute Value
Epic EP-05
Priority Should Have
Story Points 3
Sprint Sprint 1
Status Done
FR Reference FR-050

Story: As a Drop user, I want to see a history of all my transactions, So that I can track my spending and verify payments went through.

Acceptance Criteria:

  • Given authenticated user, when GET /api/transactions, then all user's transactions returned (most recent first)
  • Given ?type=remittance query, when called, then only remittance transactions returned

Dependencies: Blocked by: US-010 or US-020

US-041: Transaction Notifications

Attribute Value
Epic EP-05
Priority Should Have
Story Points 3
Sprint Sprint 2
Status Done
FR Reference FR-060

Story: As a Drop user or merchant, I want to receive notifications when transactions occur, So that I know immediately when money is sent or received.

Acceptance Criteria:

  • Given completed transaction, when GET /api/notifications, then new notification appears in list
  • Given user marks notification as read, when PATCH /api/notifications/[id], then status updated to read

Dependencies: Blocked by: US-010 or US-020

5. Story Estimation Guide

Points Complexity Examples
1 Trivial Fix a label, add config option
2 Simple Read-only data display, static endpoint
3 Moderate CRUD for one entity, simple filter
5 Complex Multi-step form, API integration
8 Very Complex New module with CRUD + logic + UI + tests
13+ Too Large Break into smaller stories

6. Definition of Ready Checklist

Before a story enters a sprint:

  • Story is in As a / I want / So that format
  • Story has at least 2 acceptance criteria (Given/When/Then)
  • Story has been estimated in story points
  • Dependencies are identified and not blocking
  • UI/UX design exists (Figma Make export for core screens)
  • Technical approach is understood
  • Priority assigned (MoSCoW)
  • Story size ≤ 8 points
  • FR reference documented

7. Story Map

USER JOURNEY:  [Register] → [Verify KYC] → [Send Money] → [Pay QR] → [View History]

Phase 1        US-001       US-007(mock)  US-010        US-020     US-040
(Demo)         US-002                     US-011        US-021     US-041
               US-003                     US-012        US-022

Phase 2        US-004       US-007(real)  [Real PISP]   [Real PISP] US-030
(Banking)      (BankID)     (Sumsub)

8. Backlog Summary

Epic Total Stories Estimated Points Done Remaining
EP-01: Onboarding 4 20 3 1 (US-004, Phase 2)
EP-02: Remittance 3 13 3 0
EP-03: QR Payments 3 18 3 0
EP-04: Open Banking 1 5 0 1 (Phase 2)
EP-05: History/Notifications 2 6 2 0
Total 13 62 11 2 (Phase 2)

Approval

Role Name Date Signature
Author John (AI Director) 2026-02-23 Approved (AI)
Product Owner John 2026-02-23 Approved
AI Director (John) John 2026-02-23 Approved

No comments to display

Back to top