I've worked on financial systems before. As others have stated, if you're dealing with real money, then you have a big bulls-eye painted on your forehead, and you need to make sure that your system is hardened.
I don't know if you're already doing these things, but I'll just throw them out there and let you ignore them if you do.
Make sure you understand attack vectors and protect against them. XSS, SQL Injection, man-in-the-middle, etc. Make sure your passwords are salted and hashed.
Auditing. Can't emphasize this enough. Things will go wrong, and when they do, you need to be able to tell when, where, and why. In our case, we had shadow tables in our database where we logged changes, and then consolidated and exported that data into an auditing system. We could confirm that a user made X change at Y time from Z IP address.
Also, a bit of a newbie mistake that I see from time-to-time. Don't use double or float with money.
You can choose which features you use. For instance, I've never used the single sign on/access token functionality. The reset password, account lockouts, etc. are awesome.
I don't know if you're already doing these things, but I'll just throw them out there and let you ignore them if you do.
Make sure you understand attack vectors and protect against them. XSS, SQL Injection, man-in-the-middle, etc. Make sure your passwords are salted and hashed.
Auditing. Can't emphasize this enough. Things will go wrong, and when they do, you need to be able to tell when, where, and why. In our case, we had shadow tables in our database where we logged changes, and then consolidated and exported that data into an auditing system. We could confirm that a user made X change at Y time from Z IP address.
Also, a bit of a newbie mistake that I see from time-to-time. Don't use double or float with money.