Modernization & boosting
efficiency of payment & fraud
management systems for a
leading retailer
3 years
4 experts
Retail, Online Retail, E-commerce
USA
Summary
Business challenge:
Our client needed to modernize its existing payment and fraud management systems and build new solutions from scratch to protect its customers, maintain its brand reputation, and reduce financial losses.
Zoolatech approach:
We analyzed the legacy systems and designed new next gen solutions based on microservices.
Value delivered:
The new systems helped to boost performance, scalability, efficiency, and security of the solutions.
Technologies:
Facing similar challenges? Contact our experts now.
About Our Client

Our client is a leading American retailer and a Fortune 500 FashionTech company.

Business Challenge

The client experienced significant business challenges, particularly in payment systems, fraud detection, and infrastructure modernization.

  • Payment system: The payment system frequently failed during critical sales seasons, causing substantial revenue losses. The issue stemmed from a poorly designed and complex graph database used for storing payment data.
  • Fraud detection: The fraud detection processes were disjointed, requiring a more streamlined approach. Communications with the fraud-check vendor, Forter, were scattered and needed to be consolidated under a dedicated Fraud team.
  • Infrastructure modernization: The process of parsing financial transaction files received from WorldPay was outdated and required a complete overhaul.
  • Additional fraud checks: There was a need to integrate a new machine learning-based fraud detection system to handle specific fraud types not supported by Forter.
  • API abuse prevention: To prevent API abuse and credit card testing, a rate-limiting mechanism was necessary to block malicious users from overusing specific endpoints.
media-fraud-pic1-0-66bb2866
Zoolatech Approach
New enterprise payment processing
Problem

Our client had a legacy payment system that failed during a peak sales season, resulting in millions of dollars in lost revenue. The system required a complete overhaul, both in terms of rewriting the code with best engineering practices and redesigning the infrastructure. The primary issue lay in the graph database (GDB) used to persist payment data. Additionally, the existing system contained a significant amount of complex and poorly written code that needed to be updated.

Solution

We designed and built a new solution from scratch. Our team developed a microservice responsible for handling API calls related to payments. We employed Infrastructure as Code (IaC) using AWS CloudFormation Templates (CFT) and custom pipelines in GitLab CI/CD. We also integrated the service with a third-party API (Discover) and created a library for interacting with the internal API responsible for managing gift cards.

Fraud detection and management
Problem

Our client partnered with a third-party vendor (Forter) for fraud checks. Although multiple teams had their integrations with Forter, the client decided that the Fraud team should oversee all communications with the vendor. Our task was to implement the most critical aspect of fraud checks—making decisions on customer orders.

Solution

We built a microservice to handle API calls with order information. The team used Infrastructure as Code (IaC) with AWS CloudFormation and custom pipelines in GitLab CI/CD. We also integrated the service with Forter’s API. Additionally, we developed a separate service that utilized SQS for asynchronous API calls, ensuring no data loss. As the project grew, we transitioned to Kafka events to handle the majority of the traffic. Eventually, the service was redesigned and decomposed from one SQS/Kafka microservice into seven distinct microservices, each managing a separate business flow.

Problem

Once a day, our client receives a file containing all financial transactions from a third-party vendor (WorldPay). The Fraud team was responsible for parsing this file, which initially involved three AWS Lambdas. However, the process used outdated infrastructure and was not fully aligned with modern engineering practices, necessitating a rewrite.

Solution

We redesigned the process to use two AWS Lambdas instead of three and later updated it to produce Kafka events with financial details. The solution was deployed using custom CI/CD pipelines and AWS CloudFormation. When the transaction volume became too high—particularly during anniversary sales—the AWS Lambda solution could no longer process the file within the 15-minute execution window. To address this, we completely redesigned the project, transitioning from AWS Lambda to AWS Batch.

Problem

One of our client’s APIs was being abused, with users attempting to test credit card information, particularly CVV numbers. As a result, the client needed a way to block certain customers from accessing this endpoint if they violated internal rules, effectively implementing rate-limiting logic.

Solution

We designed a service that acted as a proxy between the Checkout and Payments systems. This service was responsible for validating requests against all business rules and call rates. It either passed the request through to the Payments system or blocked the customer by calling another internal API.

Handling funds return requests from customers
Problem

Our client’s third-party vendor (Forter) did not support fraud checks for fund return requests. As a result, the client created a separate Machine Learning (ML) team to develop a solution. The Fraud team was chosen to act as a bridge between the ML team and the client’s other systems, treating ML as a secondary fraud vendor. Our task was to send data on Non-Payment Returns (NPRs) to the ML team, receive their decision, and respond to the requests. We also needed to build a user interface for fraud agents to manually review requests that could not be decided by the ML team.

Solution

We designed a service that read NPR requests from Kafka, aggregated them based on specific fields, and sent them to the ML team for decision-making via Kafka. Later, we replaced the ML communication with SQS and AWS Lambda, which wrote data directly to the database. Additionally, we built a separate API service for manual NPR reviews by agents, along with a UI that integrated with Okta/ServiceNow for user authorization.

media-fraud-pic2-0-66bb286b
Value Delivered

Our partnership focused on protecting customers, safeguarding brand reputation, and minimizing financial loss through the development of advanced solutions.

Enterprise payment processing
  • System overhaul: We completely rebuilt the payment system using advanced engineering principles and a redesigned infrastructure. This resolved the critical failures during peak sales seasons and prevented further revenue losses.
  • High availability: The new payment processing service now handles high loads with zero downtime, eliminating financial losses and ensuring continuous operation during critical periods.
  • Future-ready: The redesigned infrastructure serves as a strong foundation for future updates, including new features and integrations with technologies like Kafka.
  • Performance optimization: Memory and CPU utilization are optimized, with all Service Level Agreements (SLAs) being consistently met, ensuring a reliable and efficient system.
Fraud detection and prevention
  • Streamlined operations: We streamlined the fraud detection processes by consolidating all communications with the fraud-check vendor, Forter, under a dedicated Fraud team. This team took on critical decision-making responsibilities, ensuring more efficient and accurate fraud detection.
  • Legacy modernization: The modernization of legacy systems enhanced identity protection, payment optimization, and fraud prevention. This led to a significant reduction in the average transaction processing time, from 12 minutes to just 5 minutes.
  • Scalability and flexibility: The updated solution is highly scalable and flexible, with no limits on the number of transactions or runtime. This boosts cost efficiency and ensures the system can adapt to future demands.
  • Stability and security: The stability of the updated services is exceptional. The solution effectively reduced Card-Free Shopping fraud by targeting identified fraudulent accounts and preventing the addition of new cards to the wallet. Existing fraudulent cards were also purged. Metrics confirmed a reduction in chargeback dollar losses, the number of chargebacks, and good customer insult rates.
Handling funds return requests
  • Enhanced stability: The service stability for handling funds return requests has been greatly improved, ensuring reliable and efficient processing for customers.
Contact us
Let's build great
products together!