Payment Authentication Platform
In progressLeading the build of credit card payment authentication at Zego, aimed at heading off roughly $16M in chargeback liabilities.
Overview
I'm leading the build of credit card payment authentication at Zego, aimed squarely at fraud and chargebacks. The goal is to head off roughly $16 million in chargeback liabilities and make authentication a core part of the company's risk story.
The Problem
Chargebacks are a quiet but serious cost center. Fraudulent transactions slip past basic validation, payment disputes erode property managers' trust, and the existing system doesn't speak modern authentication standards.
What We're Building
We're taking a layered approach. 3D Secure 2.0 covers card-present and card-not-present flows and shifts liability to the card issuer on authenticated transactions. A real-time risk scoring engine weighs device fingerprinting, behavioral signals, historical transaction patterns, and velocity checks. And a configurable rules engine lets the risk team respond to new fraud patterns without waiting on a deploy.
The Tricky Parts
Friction is the enemy. Challenge every transaction and you tank conversion, so we're using adaptive authentication that only steps up when something looks risky. It also has to slot into the existing payment flows without disrupting anything live, and the risk scoring has to finish in under 100ms so checkout never feels slow.
What We're Targeting
These are the outcomes the project is built to hit, not results booked yet:
- ~$16M in chargeback liabilities avoided
- ~60% reduction in fraudulent transactions
- Stronger client retention as managers trust the platform more
- More sales downstream as that confidence grows
What I'm Taking From It
Fraud work is never really finished. The patterns keep moving, so the system has to keep watching and adapting. The clearest lesson so far is that data beats static rules every time: behavioral history catches things a hand-written rule never would. And it's worth saying early that the most secure flow is useless if people abandon it, so good UX has to be a security feature, not a tax on one.
This project is in active development.