Client overview
- Industry focus
- FinTech
- Portfolio segment
- Finance
- Organization profile
- Series C payments infrastructure company, ~400 employees
Merchants demanded sub-150ms authorization with global routing; acquirers introduced SCA nuances that older routing trees mishandled. Finance needed same-day settlement visibility across 11 currencies, but batch ETL masked FX exposure until T+2. Investors pressed for SOC2 Type II evidence and cleaner fraud lift metrics before the next funding milestone.
Problem
p99 authorization latency breached SLAs during peak; fraud scoring and reconciliation were fragmented.
Hot path services written in interpreted runtimes exhibited GC pauses correlated with flash-sale traffic. Legacy token vault design required round-trips that doubled latency on retries. Routing rules duplicated across regions drifted silently when acquirers changed decline codes.
Fraud models ingested delayed features; manual rule updates required weekend deploys. Chargeback representment teams lacked linked evidence between auth logs and CRM notes.
Settlement files differed per acquirer; accounting posted journal entries after manual Excel mapping, increasing close risk.
Solution
Edge compute for auth with memory-safe capture path, consolidated feature pipeline for fraud, streaming settlement normalization, and immutable audit for chargeback packets.
We rewrote authorization decisioning in Rust microservices colocated at edge POPs with connection pooling to acquirers. Vault operations used HSM-backed envelopes with deterministic key rotation APIs exposed to PCI auditors.
Online inference wrapped ONNX models with GPU-less CPU paths for fallback; features streamed via Flink with watermark discipline. Rules engine shipped as WASM modules hot-swapped without restarts.
Settlement ingestion landed in a canonical ledger schema with idempotent upserts; FX marks sourced from approved vendor curves with immutable snapshots stored for auditors.
Implementation
- 1
Profiling & tail-latency elimination
Continuous profiling isolated GC stalls and lock contention; connection pools tuned per acquirer fingerprint. Synthetic merchants replayed historical peak shapes in shadow mode.
- 2
PCI-hardened token path
Tokenization APIs received HSM integration, penetration retest, and key ceremony documentation. Automated compliance evidence packets generated per release.
- 3
Finance truth layer
GL connectors posted from the canonical ledger with validation rules matching bank statements; alerting on variance thresholds cut manual investigation time.
Tools & platforms
- Rust
- Envoy
- Kafka
- Flink
- Datadog
- Vault HSM integrations
Engineering challenges addressed
- Maintaining deterministic retry semantics when acquirers returned ambiguous timeout codes.
- Coordinating model rollback when fraud analysts promoted a champion with unexpected edge-case lift.
Program artifacts & environments
Tech stack
- Rust
- Node.js
- Kafka
- Flink
- PostgreSQL
- Redis
- AWS
- Kubernetes
- gRPC
- Envoy
Results
- 52% reduction in p99 authorization latency during synthetic peak
- 18% fewer chargebacks in targeted high-risk MCC cohorts post model + rules refresh
- Settlement reporting available T+0 for 80% of volume
Quantified impact
52% p99 latency improvement
Measured vs. prior edge stack on identical traffic replay.
3.1M additional annualized revenue from recovered authorizations
Estimated from lift in approved volume without added fraud rate.
Key takeaways
- Payments scale-ups should treat acquirer connectivity as a supply chain — version, test, and observe every change.
- Fraud uplift work must ship with economist-style counterfactual measurement, not only model accuracy.
- Finance-aligned data models early prevent expensive ledger rework when IPO readiness appears on the horizon.